ISSUE 10 | Your security program is built on things you stopped verifying