I couldn't care less about trends on /. -- I have been giving conference speeches about this for half a decade now, pointing out what exactly we can do better when it comes to integrating users into infosec instead of considering them the enemy.
Slowly, personal security is becoming important. I'm not talking awareness campaigns, I think that's a snake-oil business. I'm talking screening, training, proper procedures and also not treating your employees like shit. In my fathers time, you didn't need rallys - people were actively interested in what is good for the company, because the company was actively interested in what is good for the employees. Bring back that give-and-take relationship and you have done wonders for infosec.
You completely misready my post. Nowhere did I put all the responsibilities on IT and nowhere did I claim that users and their capabilities and intentions could be ignored. You need to figure these things into your security. That's the point. You can't just take the cheap way out, say "ah, users are idiots" and put all the blame on them. If users are idiots, it is your job to make the system idiot-safe. That's why airplane doors don't open in-flight, because a drunk passenger might mistake it for the toilet. Right now, too many computer systems will happily open that door and then we go around shouting that users are idiots.