Informed decision-making requires that individuals understand the risks and tradeoffs in making decisions on the potential threats that they encounter. However, it comes as a surprise that individuals who should know better may put themselves, others and their institutions at risk. The protection motivation theory states that an individual may protect themselves based on four factors. That is the perceived severity of a threatening event, the perceived probability of the occurrence, or vulnerability, the efficacy of the recommended preventive behavior, and the perceived self-efficacy. This research in progress seeks to understand why I.T professions may be susceptible to security threats. We develop a conceptual model aimed at exploring how overconfidence plays an important role in the experiences of IT Professionals. We contribute to extant literature by integrating confidence and PMT in behavioral information security.