You are right that in real, pragmatic terms we have to protect the straw houses we have built, but the next curve does not have to be replacing everything with brick, it can be finding a way of making the straw house fire proof in Chicago, and wolf proof elsewhere.

But then there’s that boring stuff.

Now what if you could inject a metal vault inside that straw house that makes things like access control intuitive and manageable to protect everything inside of it ?

So is the biggest challenge in Information Security is to find smart people willing to work with boring stuff?

Since Guy Kawasaki said “those on the first curve are unable to comprehend, let alone embrace the second curve”, perhaps when someone comes along with real innovation, it is even a bigger challenge to convince Infosec of that fact.