Your legacy will not being stopping the APTs or bringing an end to ransomware, it will be to leave the nation a little bit smarter and a little more capable than it was before you got there.
How long before partners and primes stop doing business with you because you leak like a sieve?
You have to attack the problem at the root, and that means blood, sweat, and tears.
The best advice is holistic in nature, not a pitch that plays to your professional strengths.
We can go round and round about what’s going to drive improvements in computer security writ large, but when you boil it down it’s really only about one of and/or two things: money and bodies.
Are we really making a difference in security if we’re only solving problems that smart, rich customers can afford?