Security is Hard: Where Do I Start?

This post is not supposed to be a complete list of steps a company should take when securing a network, system, or company – but more of a handy reference for when companies ask me: “Where do we even start?” Which happens about once a week…