As someone who has worked in the Managed Network Services space for over a decade, there are certain behaviors I notice when it comes to security planning. Every so often, a major security incident occurs that makes headlines, and the media cycle begins. Decision makers at organizations, who are typically business experts and not technology experts, often react with questions about what they are doing to fight this specific threat. Are they doing the right thing? What else could they be doing? How exposed are they?