So, in honor of George Carlin, here is a list of 7 things that you can’t say if you are a security consultant:

7. Anti-virus has not and never will work.

6. Your vendor’s security product (X) will NEVER make you more secure.

5. Compromise is inevitable and there is nothing you can do to stop it.

4. Security professionals are completely unqualified for what they are doing.

3. Code will never be secure.

2. Defense in depth doesn’t work.

1. Security is an illusion and won’t ever be perfect. It hasn’t worked the physical world, and certainly won’t work in virtual worlds. Ever.

A little tongue-in-cheek, but let me know what you think.

Feel free to add to this in the comments.