In this Secured bonus soundbite, Dahvid Schloss, CEO of Emulated Criminals, offers a practical, no-nonsense guide for organizations that want to become more proactive about cybersecurity—but may not yet have the budget for a full-time red team or continuous offensive testing.

Schloss reframes preparedness around a simple but often overlooked mindset shift: thinking like a criminal. Rather than chasing exotic vulnerabilities or headline-grabbing exploits, he urges security teams to focus on what attackers actually want—easy access to valuable data, weak permissions, misconfigured systems, and overlooked assets like open file shares or privileged user accounts. In his experience as an emulated criminal, these basic issues are far more likely to be exploited than the flashy threats organizations tend to obsess over.

The soundbite also highlights the importance of tuning alerts to reflect real-world behavior inside each organization. Schloss explains that security tools rarely work effectively out of the box; alerts must be customized to distinguish normal user activity from suspicious behavior. Knowing who should have access to sensitive systems—and who definitely shouldn’t—can dramatically reduce noise and speed up response times when something goes wrong.

Grounded in real-world experience and framed with a memorable analogy, Schloss reminds listeners that breaches don’t announce themselves politely. Preparation, rehearsal, and realistic training are what determine whether a team freezes or responds effectively when the “punch” finally comes.