When it comes to our careers in information security, the ultimate question is:

“Was I able to leave my organization with a better state of information security than I found it?” ”

Most of the time, the answer will be ‘yes’, but the next question should be: “how much better?” 

In view of the ever-evolving threatscape, hundreds of millions of dollars are extorted from Ransomware attacks, identity theft, and credit card fraud every year.

In light of this, how can we, as an industry, prevent the emergence of new black hat millionaires, their successors, look-alikes and clones?

The answer may be right under our noses. The fact is that most attacks can be prevented with proper security hygiene and more agile security validation-remediation cycles. Let’s stop assuming, and start validating.