“Truly knowing how to operate something lets you define how it should be secured in terms your colleagues will easily understand. Read, test, test in real life, and iterate.”

Twitter: @gepeto42 • Website: caffeinesecurity.com

Guillaume Ross is an experienced information security professional, providing services to an array of organizations as the lead consultant and founder of Caffeine Security, Inc. Having worked in multiple verticals, from Fortune 50 to startups, Guillaume’s specialty is providing the right security program and architecture for each specific environment and company.

If there is one myth that you could debunk in cybersecurity, what would it be?

That attacks are advanced. They’re never more advanced than they need to be, and that means they are frequently very basic, as companies have a hard time doing the so-called “basics” well. Managing hundreds, thousands, or often many more systems well is hard work, and it’s not something any product can do on its own. Unfortunately, when people get breached, they rarely claim they were successfully attacked by a very simple technique targeting default passwords, SQL injection, and unpatched, exposed systems. The more sensationalist headlines are often the most popular.

What is one of the biggest bang-for-the-buck actions that an organization can take to improve its cybersecurity posture?

Deploying ...