Information Security faces a crisis. As a discipline, as a profession or as a passion, the challenges we face have been overwhelming. The economic situation is straining budgets, and security is suffering while cybercriminals are making vast sums of money. Executives don't want to invest, and practitioners are exhausted and dejected. What's causing the crisis, and how can we break free?