Unless your organization is big enough (i.e. with enough budget to pay for and resource 2-3 full-time security professionals) you probably can’t afford proper security. Sure, there are exceptions--like every person in this room whose five-person company does security. That aside, can small organizations achieve effective security? Should they bother trying? What happens to them when they don’t? The talk opens in a brightly lit auditorium, and then the zombies show up in hacker shirts and jeans. But seriously, this talk is all about the astronomical costs of security, the costs vs benefits of implementing security and what happens when you realize that security costs more than you can afford. Bio - Pete Caro Pete has been performing operational IA for the last ten years, often on other continents; often while toting a rucksack and a rifle. He currently works on a variety of network and security projects for a consulting firm in the DC area. Bio - Joel Wilbanks Joel has had a passion for Information Technology for the past 11 years and has worked in almost every major industry. For the past 6 years, his efforts have been focused on Information Security. He currently serves as a security analyst in the DC area. Joel attends and presents at security conferences where people wear hacker shirts and terrify hotel security.