Myths and Lies in InfoSec

Explore common misconceptions and falsehoods in the information security industry through this 25-minute conference talk from USENIX Enigma 2023. Delve into the importance of critical thinking and source verification as Adrian Sanabria of Tenchi Security challenges widely accepted InfoSec beliefs, statistics, and best practices. Discover how myths like "60% of small businesses close within 6 months of being hacked" and "attackers only need to get it right once" can mislead security teams and impact industry credibility. Learn techniques to question vendor claims, scrutinize industry statistics, and test theories without requiring extensive data science expertise. Gain insights into the origins of these myths, their impact on security professionals' morale, and the significance of evidence-based practices in the ever-evolving field of information security.

Intro
Why are myths and lies even a thing?
Bad stats hurt the industry's credibility
Why challenge InfoSec myths and lies?
There's ONE company behind most of the fake stats in InfoSe
The infamous "60% of small businesses..." stat
Demotivational myths and maxims