October 30–31, 2016: Training
October 31–November 2, 2016: Tutorials & Conference
New York, NY

The economics of cybersecurity

Fernando Montenegro (Independent)
3:50pm–4:30pm Wednesday, 11/02/2016
The human element
Location: Rendezvous Trianon Level: Beginner
Average rating: ***..
(3.50, 2 ratings)

Prerequisite knowledge

  • A broad understanding of security functional areas and processes

What you'll learn

  • Understand that many of the issues that security teams work with are based not necessarily on the technical details around security but on the underlying economic transaction


The increasing prevalence of security issues across many aspects of modern IT has led to greater scrutiny, increased complexity and interdependence, and a constant stream of news. Yet when we take a look at the core of many of the issues facing security teams, we see not just technical security issues but recognizable topics from economics, be they externalities, principal-agent problems, or information asymmetry. If we’re able to understand and handle these topics from an economic standpoint, we’ll have a better grasp on how to best handle many of the security issues surrounding us.

Fernando Montenegro offers an overview of economics concepts and their application to cybersecurity, tackling a few key security issues, including issues related to software development practices, how human cognitive biases impact security awareness and other areas, the impact of incentives and externalities on security management practices, and information asymmetry in security hiring and education.

For each of these topics, Fernando discusses the underlying principle from microeconomics (or behavioral economics), then looks at proposed approaches to handle it, helping you to rethink issues you may be currently facing and look for potentially better alternatives to handling them.

Photo of Fernando Montenegro

Fernando Montenegro


Fernando Montenegro is a security professional with a strong background in network and cloud security. He is currently an independent consultant working on multi-cloud security. His experience includes pre- and post-sales technical roles with vendors in areas such as microsegmentation, fraud detection, high performance network architecture, and enterprise computing. His work across enterprise customers in Canada, Latin America, and the US has provided insights into the underlying economic dynamics of common security scenarios. His areas of interest include security economics – particularly behaviour economics – data science, and cybercrime. He holds a bachelor’s degree in Computer Science and industry certifications.