A few years ago I was headed into a meeting with the president of a critical infrastructure provider when I saw and photographed a picture of a yellow Post-it note with the user name a password written on it.

As with most people reading this blog I was angered that this could happen in 2007 after all the efforts and training that had occurred to increase the level of user security awareness. Here we are some 5 years later and I am sorry to say we have not made that much progress. Keep reading →