Based on one decade of impactful security research and several years as a risk manager, Karsten Nohl reflects upon what he would have done differently in pushing a data security agenda.

Our community is convinced that stellar IT security is paramount for companies large and small: We need security for system availability, for brand reputation, to prevent fraud, and to keep data private. But is more security always better?

Poorly chosen protection measures can have large externalities on the …