Dan Geer (Verdasys) was the closing speaker of the 8th CERIAS Security Symposium. I really enjoyed his talk and the loud applause at the end confirmed that the majority did as well. It was truly amazing how he had synthesized his thoughts through a series of graphs. He's a real quant(itative guy) !
The crust of his talk was that we need to protect data not the infrastructure where the data is transmitted. Those who are in possession of data will rule the world!
Based on the NCMS data, he beautifully talked about the connection between the degree of collaboration and anticipation/mitigation costs.
And another fact...phishing is a profession!