Work in the attacker modeled pentest and enterprise risk assessment realms focuses on looking at a company as a whole. The premise is that, this is what an attacker would do. They won't just try to attack your quarterly code reviewed main web site, or consumer mobile app. They won't directly attack your PCI relevant systems to get to customer credit card data. They won't limit their attacks to those purely against your IT infrastructure. Instead - they'll look at your entire company, and they will play dirty. In this session, I'll focus on the things that plague us all (well most of us), and I'll offer some simple advice for how to try and tackle each of these areas: