The information security threat landscape is changing rapidly, and many security organizations are struggling to keep up with the changing nature, complexity, and scale of attacks. Not only is it important for security managers to keep up with this changing landscape and develop capabilities to handle this new paradigm, but it is also essential to learn from past mistakes. Security managers must devise new ways to maximize the impact of their security controls, minimize risk, and efficiently deploy technology investments.