If you ask amateurs to act as front-line security personnel, you shouldn't be surprised when you get amateur security.

Think of your existing power as the exponent in an equation that determines the value of information. The more power you have, the more additional power you derive from the new data.

Security is a process, not a product.

People often represent the weakest link in the security chain and are chronically responsible for the failure of security systems.

Technical problems can be remediated. A dishonest corporate culture is much harder to fix.

It's certainly easier to implement bad security and make it illegal for anyone to notice than it is to implement good security.

If someone steals your password, you can change it. But if someone steals your thumbprint, you can't get a new thumb. The failure modes are very different.