This article highlights a lot of problems that exist in the infosec field today. There is a great quote in there:

Most IT Security organizations are busy checking some boxes on an audit list, and effectively missing the forest for the trees when it comes to actual security.”

I would sign under every word. That’s also the jist of the argument of people who are¬†vehemently¬†against PCI, though I wouldn’t necessarily include myself in that camp.