I think I know part of the answer on antivirus. To the non-expert, antivirus is often inaccurately seen as that single biggest component of computer safety. In their defense, it was 10-15 years ago. Today, however, it is just one piece of a very complex security portfolio. The security expert is going to be aware of all the other pieces that need to be in place.