My week could be easily resumed in one term, the recently term used by Bruce Schneier called Security Theater. What's the meaning of the Security Theater term :
security theater: security primarily designed to make you feel more secure.
I'm not always following Bruce Schneier (especially about the so-called security awareness, for a good summary about it, the Marcus Ranum point/counterpoint ) but I tend to follow his point of view regarding the security theater. Too often, impression of securiy is more important to people than a basic real security. It's not a matter of cost… as impression is sometimes more expensive to build than a simple security mechanism. It's just a question of sensibility, you may feel save just because there is a nice label on a box with "Military Encryption" or you have the "enabled firewall" icon on your computer desktop. Marketing is playing in that field too, just giving the impression. What's the most important? the theater or the backstage ? Theater is magical… but when you are going in the backstage you start to understand how it works. But how many people are going in the backstage to see how it works after all ? Not too many. of course, the offstage part is a critical part of the theater. This week, I was deeply in the backstage… to help the magical security theater to continue his work but trying to keep the security beyond magic.