The Coke and Chips Problem
An overweight man comes into the doctor's office. He says to the doctor, "hey, I'm looking to get in shape, lose weight, and get healthy. But I don't know what to do. What is your advice on what I should do?"
The doctor replies, "that a great ideal. well we can certainly do a checkup and make sure there are no biological or genetic issues that will hinder your goals. But for starters, my advice is to get more exercise and eat right. So, what are you eating right now?"
The patient replies, "Coke and Chips."
The doctor, not missing a beat, "okay, so there's the first improvement you can make. Start eating healthy food."
The patient responds, "sure… but is there a way to make the healthy food taste like coke and chips?"
The moral of the story is that with any change, especially in the InfoSec space, people will often come to you knowing that something is wrong and need your help to fix it. However, they don't actually want to change the things they are doing that got themselves into that state.
They want change without changing.