Information security has long been equated with cryptography, whose historical connections with military applications and mathematical depth limited its exposure to the general public. As a result, most people have had, until very recently, a scant knowledge and awareness of the ins and outs of information security. Today's reality, is, however, markedly different. Anybody involved in a transaction as simple as connecting a computer to the Internet has to respond to a myriad of security risks, often with a minimal understanding of the threats faced and of the defenses available. Consequently, security engineering has evolved from a purely technical discipline to a field located at the interesection of technology, human factors, and policy. In this article, we outline practical instances of the evolution of security engineering, through a brief overview of recent research in the domains of usable security, peer-to-peer network security, and security in home appliances. We show, in particular, how the necessity of including non-technical factors, such as human behavior, in secure system design oftentimes lead to stringent constraints on the technical solutions retained.