If my computer crashes, it's not the end of the world - it just seems that way sometimes, when I lose 3+ hours of work. But computers are appearing everywhere - in our phones, cars, airplanes, medical devices and urban infrastructure in more ways that we imagine, and they are networked in more ways than we know. Our telephone network is becoming more and more IP based. Generators and power systems are on the internet for "maintenance and diagnostic purposes", but they are also the targets of hackers (with catastrophic consequences). The new Boeing 787 will have in-flight internet access at each seat, but the same network will be connected to the avionics. Pacemakers can be hacked wirelessly. Suddenly a computer crash threatens more than 3 hours of work, it threatens my life! And while man-rated systems are rigorously tested for proper functioning, it is much harder to prove the negative that "you can't break in". This talk will look at some fundamental assumptions about security that cannot be addressed with the "patch it in the next release" mentality - we have to get it right the first time. What I hope to convey is that Security (and paranoia) has to be a lifestyle choice and not just your job. And as security professionals, we need to convince everyone that there are no shortcuts - because the shortest path from 35,000 feet is straight down.