Sorting the Mess presented at saintcon 2016

by Chris Czub,

Summary : Security has become a mess in the eyes of many. Expensive solutions have been around and popular for decades, but more and more breaches are in the news. How can smaller businesses expect to be safe if companies with massive existing security spends are getting hacked?
If we look at real world hacks and breaches, we can see that people are failing across the board at simple security hygiene. Their expensive solutions don't save them because of misconfigurations or inefficacy. Hope is not lost: we can and need to build things to be more secure by default. We can have mitigating controls that are both effective and transparent. We can do better, and we can do it without spending tons of money on security solutions, and without burdening our employees.
There can be a much more secure future ahead of us, but it requires sorting out the mess that is our collected knowledge of "security".