On my day off I decided to watch Columbiana and heard a very astute line about painting that really made me think. The line was:

“You never finish a painting… You just stop working on it.”

Which itself was paraphrased from a Leonardo da Vinci quote:

“Art is never finished, only abandoned.”

The same can be said about security:

“You never finish security, you just stop working on it.”

The unfortunate reality is that many organizations see security as having a finish line, but that’s just not the case. The only way to ‘finish’ security is to stop working on it.