Are you sure you are a security guy? A friend and colleague working in anti-fraud has asked me a number of times on a recent project. The answer is no I am not. Not your typical one anyway. I think sometimes I am more of a business guy trapped in the body of a work prevention officer. I care about viability, the bottom line and time to market. I spam people with the latest developments in the industry. I am also a tech geek trapped in the body of InfoSec guy. I think web sockets, noSQL, node.js, coffee script is cool; not worry immediately about security hazards they bring. I believe most things that benefit the business can be done securely enough to mitigate the risks to a level the business would accept. For these reasons, I have become increasingly frustrated with the InfoSec industry and security in large companies in general. If we stopped crying wolf at the small stuff, there is a better chance we could have some real influence on the big issues.