Entering the security field after having built my career in technical operations, I’ve most often been on the “receiving end” of security policies. It’s frustrating to think that I’ve completed a project, only to have security issues kick it back into the queue. It’s equally frustrating for a security professional to be asked to approve a completed project, only to find that security policy wasn’t followed. Our own government’s Office of Personnel Management was breached in 2015, and the FBI reported as many as 18 million records were compromised in attacks going back to June 2014. LifeLock, a company providing identity theft protection, was found by the FTC to have failed to uphold minimum security standards handling their clients’ personal data.