Maturing your cyber defense programs can be accomplished by forking, improving and contributing back to proven external frameworks. I will show you how to take advantage of your existing teams skillsets and turn those into a repeatable and successful process. We will talk about the importance of training your defenders to be attackers, implement code review practices and really define the scope of the very enterprise you are working to protect. When was the last time you improved your capabilities and applied what you learned to historical incidents? Adversary motivations may not always be clear until additional context is realized.