I know this seems like a pretty weak byline, but bear with me. In studying for the GCIH exam I have been finding myself pondering some of the wisdom I have been given by John Strand, the VoD’s recorded instructor. In the course-ware, he stresses the need for an organization to truly understand their environment and patch efficiently, and that the best way to facilitate that might be to standardize on as few platforms as possible.The homogeneity of the environment will both simplify the  patching and vulnerability management AND make the environment easier to understand and thus protect.  This gets back to a fundamental concept in securing anything: you can’t protect what you aren’t aware of. Continue reading