The first take-away is that there is almost never consensus. So, add your own perspective to whatever security advice you hear. There will usually be someone smart who disagrees and you'll need to find your own middle ground based on your individual needs.
The other really interesting thing I took away is on the topic of Outsourcing Security. Other than one, all of the experts seem to acknowledge the potential for better security in outsourcing. I often hear the argument that outsourcing has benefits in spite of security concerns. But, this panel had good reasons why outsourcing may create better security. Here are a few of the responses:
People are risky, whether they get a paycheck signed by you or one signed by the outsourcer... Often, an outsourcer has more security measures in place than you do.As I said above, think about your own needs and make your own analysis, but hopefully we can agree to stop assuming that outsourced security is less secure.
- Bruce Schneier
If you need 24/7 coverage, choose a solid managed security service provider, and choose the right services to outsource.
- John Pescatore
Outsourcers can hire better people and because they see more real bad things, they are better at reacting.
- Richard Stiennon