An Ant in a World of Grasshoppers

Why do products still enter the market with easily-found security issues? Why are people still falling for phishing emails? Why do we still have trouble convincing people to patch their systems? Why do companies and governments keep leaking out important PII? We security experts sometimes think that pointing out the obvious flaws will prevent these issues, but somehow that isn’t always the case. Clearly, we have a disconnect somewhere. This talk will examine why implementing good security and security practices is so hard, and the tradeoffs that cause people to invest less than we think they should. We will cover how we can close the gap between discovery and action, including real world examples of people adopting useful solutions. We will go through specific methods of how to engage people on security in a way that leads to action. Finally, we will look at the changing threat landscape and the critical areas in need of intervention, and how you can increase security adoption in those around you.