Counterproductive Security Behaviors That Must End

Chris Eng

You’ve heard it all before: “The security industry has failed.” “Developers just don’t care.” “They deserved to be breached.”  These and many other overused themes are promulgated by security practitioners at conferences, in social media, and worst of all, in their day jobs. Security practitioners, particularly those new to the industry, regurgitate the same counterproductive ideas and behaviors to the extent they have become clichés. This ultimately damages our collective credibility and creates unnecessary barriers to what we are trying to accomplish. We often lack empathy and pragmatism, reverting to stereotypical one-dimensional attitudes rather than focusing on the positive outcomes we are trying to achieve. We are, at times, caricatures of ourselves. In this presentation, we will take a light-hearted look at many of these problematic themes and discuss how we as security professionals can do better.