In IT, there is an exception to every rule; even the most basic rule of IT, which states that the answer to every question is “it depends.” Security is no different, and because it touches on all aspects of IT from the physical out to the cloud, anything to do with security is going to be rife with exceptions, including this book. There is a lesson in the middle of this confusion, however, which is that all good IT security implementations have to start somewhere. Even if you stop reading this book after this paragraph, I hope that you take away from my efforts the idea that IT security starts with doing something—anything—to address the massive technical and business process debt that threatens to overwhelm us all. It doesn’t matter if you’re a one-man band or Amazon itself, every one of us has flaws in our IT somewhere, and we cannot allow this reality to overwhelm us.