## Table of Contents

1 We're Not Speaking the Same Language 1

Problem #1 We Don't Have a Common Language 4

Solution #1 Agree on Our Common Language 6

Problem #2 We Lack a Common Understanding with Normal People 14

Solution #2 Find Our Common Ground 19

Problem #3 Foolish Conversations Occur between Organizations 32

Solution #3 Translate Security between Organizations 35

2 Bad Foundations 51

Problem #1 Building without Blueprints 52

Solution #1 Starting with Blueprints 53

Problem #2 Building without Permits 59

Solution #2 Building with Permits 59

Problem #3 Weak or Absent Foundations 61

Solution #3 Establishing a Solid Foundation 67

Problem #4 Overengineered Foundations 76

Solution #4 Simplification 77

3 Lipstick on a Pig 79

Problem #1 Lipstick Makes Us Appear More Attractive Than We Really Are 80

Solution #1 We Need to Get Real 84

Problem #2 Lipstick Makes Us Feel Better about Ourselves 86

Solution #2 We Need to Be Honest with Ourselves and One Another 91

Problem #3 Technology Is the Most Common Lipstick 96

Solution #3 We Should Use Technology Only When and Where It's Needed 98

Problem #4 Layering on Lipstick Makes Things Worse 99

Solution #4 We Need to Simplify 100

4 Pipe Dreams 101

Problem #1 Ignorance Is No Excuse for Poor Information Security 103

Solution #1 Understand What We Should Know and Learn It 106

Problem #2 Panic and Anxiety Stem from Our Lack of Understanding 109

Solution #2 Plan for the Worst and Hope for the Best, a Sense of Calm 110

Problem #3 Fantasies Make for Bad Decision Making 112

Solution #3 Expect Reality Using Logic and Facts 117

5 The Blame Game 127

Problem #1 There's No Shortage of People or Things to Blame for Our Shortcomings 129

Solution #1 Define Roles and Responsibilities 131

Problem #2 We All Live in Glass Houses 137

Solution #2 Accept That We All Have Our Problems 138

Problem #3 We Fear Blame and Reprimand 139

Solution #3 Cultivate Transparency and Incentives 141

Problem #4 We're Not Good at or Ready for Attribution 142

Solution #4 Plan for Attribution 142

Problem #5 There's No Recourse for Faulty Products and Services 143

Solution #5 Hold People Accountable 145

6 The Herd Mentality 147

Problem #1 There's a False Sense of Safety in the Herd 149

Solution #1 Use the Herd to Your Advantage 154

Problem #2 Herd Mentality Leads to Poor Choices 157

Solution #2 Take the Time to Research 162

Problem #3 Even If the Herd Is Right, Its Still Won't Fit Us 164

Solution #3 Focus on You and What You Can Control 165

7 Because I Said So 168

Problem #1 We Have so Many Laws, but So Little Direction 171

Solution #1 The Intent of the Law Is Key 175

Problem #2 We Have No Choice, but to Comply 177

Solution #2 How We Comply Is Where We Find Our Choices 179

Problem #3 Compliance Makes a Crappy Foundation 180

Solution #3 Focus on the Foundation 182

8 Empty Promises 183

Problem #1 Troubles with Commitments 184

Solution #1 Making Commitments Carefully 191

Problem #2 Money as a Demonstration of Commitment 198

Solution #2 Putting Out Money Where Our Mouth Is 201

Problem #3 Thinking Obscurity Makes Us Secure 202

Solution #3 Taking Our Head Out of the Sand 204

9 The Money Grab 205

Problem #1 There's Plenty of Snake Oil for Sale 207

Solution #1 Do Your Homework 213

Problem #2 Fear and Sex Sell Lots of Stuff 217

Solution #2 Fight FUD and Be a Little Less Sexy 221

Problem #3 Money Spent Poorly Is Bad Money 223

Solution #3 Buy What You Need 228

10 Too Many Few Experts 232

Problem #1 We Need More Good People, but We Don't Know Who 233

Solution #1 Define What Makes a Good Security Person 236

Problem #2 The Severe Talent Shortage Is Painful and Getting Worse 240

Solution #2 Commit to the Cause 256

Acknowledgments 263

About the Author 266