Some folks in our industry do use exploitative sales tactics, but that is not fair blanket statement. Services like preventing phishing, for example, are a big deal and I don't think I have to convince anyone it is a real threat. Most of us just use honesty about actual risks, not FUD. Just making people aware of security as a concern, from HR to developers can have a big impact and mitigate real risks.
I suggest that you don't buy the hype and the bullshit. All this China/Russia stuff... It's nothing new, and it's not like the US doesn't do the same, and worse.
And yet here we are, talking about the russians "hacking elections" and the chinese stealing "economic secrets", the first topic, pushed by infosec companies that also have political-economic interests, is being presented without any proof whatsoever, and the second topic clearly showing the level of paranoia in which US people live (IIRC, some espionage cases involving chinese citizens were proven in court to be false).
Perhaps US people and their govt should care more about their own people being extremely greedy and true psychopaths before judging foreign govts and nations...
