Few users have a single, authoritative, source from whom they can request digital-security advice. Rather, digital security skills are often learned haphazardly, as users filter through an overwhelming quantity of security advice. Indeed, if we implemented all the security advice we received, we would never leave our houses or use the Internet. Instead, users selectively choose some advice to accept and some (most) to reject; wrong choices can lead to severe security consequences. In this thesis, I will investigate users’ advice choices and decision-making strategies for digital security, the relationship between advice and security outcomes, develop new methods, systems, and tools for improving security advice, and evaluate the efficacy of these approaches through novel measurement strategies. Thus far, my collaborators and I have conducted one interview study and two survey studies to understand where and why users take security advice, how beliefs, knowledge, and demographics relate to these advice sources and decisions, and the relationship between advice sources and security incidents. Based on the results of these three studies I have formulated three new approaches to improving end-user security. First, I propose using entertainment education (e.g., edutainment), a well-studied method in public health for security. To this end, my coauthors and I conducted a design study to develop the first of our new approaches to security advice: entertainment education via video and text. Second, I propose creating a standardized, measurable advice-comprehensibility, accuracy, and actionability metric and a system that uses this metric to provide feedback to advice authors. To do so, I will use linguistic and NLP approaches in combination with expert and user studies. Finally, I propose that end-users are entitled to personalized recommendations for cost-optimized, effort-fair security behaviors, rather than one-size-fits-all recommendations to “always do security.” To this end, I propose the development of a behavioral-economics based, personalized, security system that evaluate the impact of personalizing security nudges and resources to users optimize market security, minimize market and user costs, and ensure maximal equity between users.