“Implement the principle of least privilege—don’t allow end users to be admins on their local boxes.”

Twitter: @samilaiho • Website: win-fu.com

Sami Laiho is one of the world’s leading professionals in Windows OS and security. He has worked with and taught OS troubleshooting, management, and security for more than 15 years. Sami’s session was evaluated as the best session in TechEd North America, Europe, and Australia in 2014, and by the Nordic Infrastructure Conference in 2016 and 2017. At Ignite 2017, the world’s biggest Microsoft event, Sami was noted as the Best External Speaker. He is also an author at PluralSight and the newly appointed conference chair at the TechMentor conference.

If there is one myth that you could debunk in cybersecurity, what would it be?

That security cannot be increased without lowering usability. I do believe that security is a compromise between usability, security, and price—you can get two, but you can never get all three.

What is one of the biggest bang-for-the-buck actions that an organization can take to improve its cybersecurity posture?

Implement the principle of least privilege—don’t allow end users to be admins on their local boxes.

How is it that cybersecurity spending is increasing but breaches are still happening?

Most customers I meet are spending the bucks on solutions and features, although they should be spending ...