“Know your stuff inside and out. There’s a serious dearth of expertise in the basics—and in knowing the simple, easy-to-answer questions about simple topics like the OSI model—which is the bare minimum for both getting started and expanding your career.”

Twitter: @hexadecim8 • Website: www.hexadecim8.com

Emily Crose is a network security professional and researcher whose career spans nine years. She has worked in both offensive and defensive security roles, including time spent with both the NSA and the CIA. Currently, she works for IronNet Cybersecurity. When she’s not caring for her wife and children, she directs the NEMESIS project and finds threats to the openness and safety of the internet for fun in addition to profit.

What is one of the biggest bang-for-the-buck actions that an organization can take to improve its cybersecurity posture?

Cybersecurity doesn’t have to be a cash-for-play business. Developing a threat model for your organization and planning out what you’ll do if realistic scenarios play out is a cheap and easy way to prepare for issues that could appear later. Maybe you don’t know all there is to know about cybersecurity threats. The good news is that learning the basics of cyber defense has never been achievable at a lower cost-to-entry!

How is it that cybersecurity spending is increasing but breaches are still happening?

They say, “Money ...