Comment by michaelcampbell

A couple years ago I heard a podcast that referenced a study that polled 2 groups of people; those that (admittedly, SELF) identified as "security professionals" and those that did not.

The data point was "what is the biggest thing your group does that the other does not?"

The professionals came in as "multi-factor auth" The non-professionals came in as "anti-virus"