I will be presenting a talk at DEFCON next week, and I would appreciate any assistance I can get in the way of examples of wasted security dollars.
The title and abstract of the talk are:
The Information Security Industry: $3 Billion of Snake Oil
A raging fear of The Computer Evildoers has driven enterprises to the safety of the herd, buying whatever elixirs the big vendors peddle. Security consumers waste bilions of dollars on ineffective (but well integrated!) solutions. However, as technology users grow more sophisticated about security threats (often learning the hard way), opportunities will surface for innovative startups to deliver effective IT survival mechanisms. This talk will review the industry's blunders, and sources of opportunity.
So, please post or email examples of wasted security dollars, or opportunities you see for startups in data security today.