Fire, Brimstone, and Bad Security Decisions

This talk explores the systemic failures in organizational security decision-making, focusing on how legacy security practices like password rotation and antivirus create long-term technical debt. It highlights the disconnect between security controls and the practical realities of user behavior, particularly in high-stress or resource-constrained environments. The speaker advocates for a shift toward agile, risk-based security strategies that prioritize usability and resilience over rigid, compliance-driven policies.