“As an industry, we know how to build secure infrastructure, applications, and processes. What is hard is changing our behaviors and habits that are decidedly insecure.”

Twitter: @BrandonPrry • Website: www.volatileminds.net

Brandon Perry is an engineer and consultant focusing on helping organizations secure their applications and network infrastructure. In his free time, he enjoys writing Metasploit modules and playing guitar.

If there is one myth that you could debunk in cybersecurity, what would it be?

The myth that security is hard. Maintaining secure networks, building secure applications, and running secure organizations aren’t hard things. Securely encrypting and decrypting data is easy. People do these things every day. As an industry, we know how to build secure infrastructure, applications, and processes. What is hard is changing our behaviors and habits that are decidedly insecure. Security isn’t hard. It’s people that are hard, and they aren’t going anywhere anytime soon.

“Security isn’t hard. It’s people that are hard, and they aren’t going anywhere anytime soon.”

What is one of the biggest bang-for-the-buck actions that an organization can take to improve its cybersecurity posture?

Start making implementation and process decisions assuming there is a breach instead of assuming there isn’t one. Installing patches shouldn’t be determined by ...