We can think of developing cyber intelligence, the Capability Maturity Model, and the manual of Active Defense as a belt system that is used in martial arts. At each belt level, there are techniques and skills that are studied, practiced, and maintained by the student. As students continue to progress, they improve their skills and master the fundamentals so that when an actual self-defense situation occurs, the multiple hours of martial arts theory then become applied practice through muscle memory.

Just as students must anticipate putting theory into practice, we have to test our IT Ops and security controls against real-life scenarios. Some examples include:

• Tabletop exercise gauging the interaction between the incident response team and IT operations in a data breach
• A chartered penetration test and the security operations center in its ability to effectively identify anomalous traffic

By practicing and improving these activities between different teams and personnel, we improve our ability to be proactive in the event of an incident.