When you hear the man whose name is synonymous with antivirus software say, “The AV paradigm is no longer functional,” that should tip you off that John McAfee was in Denver on Wednesday not to promote security software.

He sold his namesake antivirus firm years ago, but his keynote during The Rocky Mountain Information Security Conference wasn’t about spilled milk. He was there to encourage security professionals to make some noise and shock their companies into investing in training and security and not just making a profit.

“Is there anyone not writing software that’s trying to (mess) with us? It’s astonishing,” he said.

It’s hard not to agree with McAfee, who has become better known in recent years for his escapades in Central America and campaigning to be the Libertarian Party’s pick for U.S. president. He runs a series of security ventures under the umbrella Future Tense Central, including BlackCert, which started in Denver.

But the barrage of phished e-mail, mobile apps that request unnecessary permissions and other cyberrisks has made some people complacent.

His suggestion to get company higher-ups to do something about it? Tell them, he said, “if we don’t do this, here’s the risk: In 12 months, our competitors are going to have our data and I’m going to be looking for a new job. Scare people. Shock people.”

McAfee made an impromptu visit before his keynote, joining a security panel to talk about trends in the industry. The theme of getting people and businesses to implement security before something bad happened also prevailed.

Jayson E. Street, who is with Pwnie Express, shared a story about a bike-shop owner who didn’t add enough security to his computer because he didn’t think anyone would target a bicycle shop. Police raided the store months later because it unknowingly was hosting malware that spread to other machines connected to the internet.

“We have this realization that I can trust my neighbors and leave the door unlocked. But on the internet, you’re a number,” Street said. “Your neighbor is in Paraguay and China. They’re going through a list of numbers. You’ve got bandwidth, hard-drive space and processing power. That’s what they want.”

Companies are willing to let security slide until they are on the wrong end of a breach, like the adultery site Ashley Madison, which faced a backlash last year after hackers stole customer data and exposed users online.

“They were lax,” McAfee said. “I promise you every one of their competitors have changed their security.”

Companies don’t change until after something happens, said Eddie Mize, The Pinnacle Group’s chief security officer and a close friend of McAfee’s who got the security celebrity to show up.

“My message hasn’t changed,” Mize said. “Until we get every single person in the organization to understand they’re part of the information security team, we’re going to fail. That includes janitors, people on the assembly line.”

McAfee went back to the big problem with security today: humans.

“Over half of hacking and malware is (helped by) human engineering. There’s no technology there,” McAfee said, with the others piping in about how easy it is to get around anti-malware software.

“All you have to say is ‘Your account has changed,’ and 90 percent of people will click on it. We have become lazy,” he said. “Our devices are doing the thinking. We don’t even know our friends’ phone numbers anymore. Part of me thinks this is just an evolutionary purge. People who don’t think before acting, they’ll eventually disappear.”

Tamara Chuang: tchuang@denverpost.com or visit dpo.st/tamara