Everything You Know is Wrong! presented at ISSA 2015

by David M. Perry,

Summary : Most people agree that the weakest point in network and data security is the end user. This is the standard axiom of our trade. But if you were to face end users and end users and their needs every day you would know that the problem is not end user ignorance. They aren’t as ignorant as we think.
(Everyone gets to be wrong in this matter) But there is a huge problem regarding the knowledge that they do have. It’s inaccurate; frequently it is driven by a near mythical representation in the media and even in the press briefings for which we ourselves must take ultimate responsibility. It’s obsolete, because our world changes every second. It is paradigm bound to assumptions that include a gross misunderstanding of the nature of computing and internetworking. It is reinforced by groupthink and badly taken reporting.
The public, in brief, needs to learn some very hard lessons. Lesson one might be titled Forget Everything you ever knew about malware. I believe that I might be just the guy to teach this lesson. With decades in technical support (from the phones to a director level position), leading to product management, corporate evangelism and education all over the world for more decades, I believe that I am the man for the job. Join me as I recount the dangers of educating end users and the obstacles that can be overcome, if only one takes the time to achieve it.