We want to be secure. We don't like security. We want system administrators, but yet we are irritated when they need to fix something or to implement security. Complicated isn't it?

For those of you who have awesome tools at your disposal for patch management, such as a unified endpoint management (UEM) suite like SCCM, you can skip ahead to the technical articles and ignore my observations on this somewhat touchy subject. You have achieved System Administration Nirvana. Congratulations. The rest of us have to deal with Patch Tuesdays, hardware updates, firmware updates, this obscure patch, and that rare update on what seems like a daily basis. It's no fun is it? But who ever said system administration was fun? Well no one told me it was fun, but no one ever said it wasn't either. I resigned myself, long ago in fact, to the reality that system administration is neither fun nor life enriching. Then again, I'm not sure it's supposed to be; the plain fact is that the job of system administration is complicated, at best.

Open a fresh can of your favorite beverage and follow along. Trust me, the next 500-ish words will change your life forever (slight exaggeration).

I think that we can all agree that patch management is directly linked to security. Patches and security are just a thing – a thing that drives me crazy. Believe me, after 20 plus years of system administration, that drive gets shorter and shorter with each passing month. What irritates me more than that one guy who always mentions security in a meeting that's about to end is those people who want to circumvent security because it's inconvenient. Yes, inconvenient. Well, I know this sounds crazy, but dealing with security is inconvenient for everyone, not just you.

I don't know anyone who loves rebooting after downloading and installing patches. I don't know anyone who loves working through that second factor when logging in to a server. And I certainly don't know anyone who loves typing in their first pet's name to verify their identities to a credit card site. The people who believe, for whatever reason, that I somehow love to shove security policies down their throats and force the installation of patches each and every week of the year are just not dealing with reality. The fact is that I hate it. I hate messing with security. I hate two-factor authentication. And I really hate scheduling and installing patches. It's boring, it's painful, and it's the worst possible use of my time. But you know what? We all have to do things we don't want to do or don't like to do.

I get paid to enforce security. I get paid to patch things. I get paid to ensure that the computing environment that I'm entrusted to protect is protected. They hired me to do that. They hired you to do that. So, why, I ask you, do certain people resist, complain, and distort reality to make it seem like we enjoy these things? I truly wish we lived in a world where everyone could be trusted. I wish that we didn't have to have passwords. I wish that we didn't have to have firewalls, iptables, WSUS servers, zero day announcements, Patch Tuesdays, security conferences, and … I think you get the idea. I also wish I didn't have to have locks on my doors, but it's not that kind of world. I'm sorry that it's inconvenient and I'm sorry that it interrupts your workflow. I'm super-duper sorry that updating requires a reboot, but I didn't design it. I only support it. You hired me to do that, and yet now you're complaining about me doing the very job that you hired me to do. I understand. I really do. But unless you want to get crypto-locked, ransomed, or ripped-off in some other way, I need for you to step aside and let me do that job.

Security is a requirement. Patch management fulfills part of that requirement. There is no option. It's a love-hate relationship. We love to be secure but we hate what it takes to enjoy that security. I know. Like any relationship, it's complicated. Wait, I am still writing about security and patch management, aren't I? See? Complicated.

Ken Hess * Senior Editor