There's been a baby boom in security startups, and a lot of people I know are involved in young security companies now. Over the next few years, we can expect this startup cohort to generate a bunch of exits; so there are interesting Design for Exit questions to think about here.
As noted in the title, the assertion of this post is that the most valuable security technologies - many of them, anyway - aren't used to make their users more secure. In fact, a Fortune-50 Chief Information Security Officer (CISO) told me flat out: "my job is not to make my company more secure." He proceeded to explain that in fact, his job was to make his company more productive, within a given security posture. And, I claim, that's the same job many companies are "hiring" security technologies to do.
