The biggest problem in corporate information security is the people performing the work. I have found that there are people outside the security field, and even many people inside the field, who think they know what they need to know about security but clearly don’t.
Additionally, some people know a great deal about one aspect of security, but are woefully weak in other aspects and don’t know it (or want to know it). Because of this phenomenon, most organizations have a very false sense of security. Using entertaining analogies from martial arts and psychology, this presentation discusses this critical security failing. Attendees will learn how to tell if they are dealing with people who are properly skilled, and how to plan their security programs accordingly.