Offense versus defense. Proactive versus reactive. In many parts of an enterprise, teams need to make choices between preparing for upcoming events, or waiting until they occur – and nowhere so much as on the security team. Do you wait until the attackers make themselves known in your networks before you remediate the impact? Or is it better to strategize how and where attacks may take place, so that you can avoid attackers making inroads at all?