The intent of this talk is to take a macro level look at the state of the information security industry today based on my 30+ years’ experience in the business - including 20 years as a consultant to hundreds of commercial enterprises. I began my career at the National Security Agency and was a pioneer in penetration testing and vulnerability assessment methodologies for both DoD and Civil agencies. I begin with a review of where we stand today and discuss they key reasons why we as an industry are failing. I then offer the solution to what companies need to do if they truly want to be secure and how our industry can be part of the solution.