"An insider who's gone bad can do more damage to your network than almost any hacker can do from the outside," says Dr Paul Nielsen, director and chief executive officer of the Software Engineering Institute (SEI).
The insider threat is just one of the fundamentals of security that we hear about on Patch Monday this week, as Nielsen takes us on a tour of information security.
Back in 1988, the Morris Worm was the first self-replicating malware to strike the internet. The US Government Accountability Office estimated that it took somewhere between US$10 million and $US100 million to clean up the mess.
That incident led directly to the formation of the first Computer Emergency Response Team (CERT), part of the SEI at Carnegie Mellon University in Pittsburg.
Nielsen is now director and chief executive officer of the SEI. Before that, his 32-year career in the US military included commanding the Air Force Research Laboratory at Wright-Patterson Air Force Base, where he managed an annual research and development budget of more than US$3 billion, and reached the rank of Major General.
His interview for Patch Monday touches upon complexity in software systems, choosing strong passwords, the problems that local police face when prosecuting online crime, why Apple has so far had a better security experience than Android and dealing with security issues when the internet is populated with so many different kinds of devices.
We also discuss the case of Albert Gonzales, who between 2005 and 2007 managed to steal and re-sell more than 170 million credit card numbers, the biggest such fraud in history. And to round it off, the future of information security in a world with organisations like Wikileaks, LulzSec and, indeed, the group's opponents at News of the World.
Patch Monday also includes my usual look at some of last week's news headlines.
To leave an audio comment on the program, Skype to stilgherrian, or phone Sydney 02 8011 3733.
Running time: 38 minutes, 02 seconds