Looking at the Internet through Westphalian-tinted glasses is not going to make us safer or more secure.
You have to attack the problem at the root, and that means blood, sweat, and tears.
The best advice is holistic in nature, not a pitch that plays to your professional strengths.
We can go round and round about what’s going to drive improvements in computer security writ large, but when you boil it down it’s really only about one of and/or two things: money and bodies.
Are we really making a difference in security if we’re only solving problems that smart, rich customers can afford?
If you cannot effectively communicate how what you’re proposing makes your client a better business, your advice is going to be ignored