Security news is inherently negative. Other than industry news which is more press release-like than real news, our security news is negative and depressing. I never hear stories like…”Yesterday, the security team hardened a weak Windows server found on the network!” Or, “Good job last week security team, no successful intrusions!”
Yeah, that’s part of the utility nature of security, where no one gives a rip until it breaks. But we do need some positive news now and then, if nothing else at least for our budget-makers.
Of course, both the constant negative news and the need to point out when things are fine only serve to make us sound like we’re FUDding around… “What do you mean we were secure last week with no intrusions, are you threatening me?!”