Security. It’s a hard business. I’m not just talking about the endless patching, monitoring, and training. The constant sprint to remediate when a new CVE (Common Vulnerability and Exposures) notification drops, or the lingering fears that you’ll be called back to the office on your downtime to deal with a crisis. No, it’s hard because it’s not a purely technical endeavour. Your success hinges on your ability to advise, communicate, and mentor. From a security perspective, the most effective organisations are those where everyone buys in, and not just those with a bunch of SANS certifications. Your human capital is your business’ first and most important line of defence. But here’s the thing: Even the most well-intentioned people make mistakes. It just takes one wrong click or reused password to undermine your security measures. Training helps reduce the risk of this happening, but it only goes so far. Security teams.