“The reason breaches keep happening is because “we” believe that if we spend enough on security technology, we will fix the problem of being insecure.”

Twitter: @MrJeffMan • Website: securityweekly.com/hosts

Jeffrey Man is a respected information security expert, advisor, evangelist, and co-host of the security podcast Security Weekly. He has more than 35 years of experience in all aspects of computer, network, and information security. Jeffrey has held various information security roles within the DoD as well as private-sector enterprises, is a former PCI QSA, and was part of the first penetration testing “red team” at the NSA.

If there is one myth that you could debunk in cybersecurity, what would it be?

If I may be philosophical for a moment, I would suggest that the biggest myth in cybersecurity is the notion of security in and of itself—that it is a state that can be achieved or to which one can be elevated. As a more practical matter but probably equally as daunting, I would say the biggest myth in cybersecurity is the notion that cybersecurity begins and ends with technology. I was doing information security (InfoSec) for years before computers—and networks—came along.

While technology is here to stay and is certainly an integral part of cybersecurity, I believe there are fundamentals to understanding this thing we call “cybersecurity” that are too ...