I come from a physical security space, mainly man-guarding and asset protection. I recently took the challenge to venture into information and cyber security. So far I can say the mentality for both is the same; they differ in technique but the outcomes are the same, in that both are primarily focused on asset or data privacy and protection. Offensive cybersecurity often happens between nation states, but that does not mean corporate entities or individuals do not indulge. They do so cautiously, because breaking into unauthorised networks and domains is a crime. More often than not, countries get away with it, but corporations and individuals face the sharp end of the sword. Offensive information and cyber security experts act under strict regulations and laws to safeguard the data and sovereignty of corporations and nations. This is to lay emphasis on the sameness of the core principles of both physical and information and cyber security, in that they are focused on protection rather than exploiting.

The difference: they differ in technique in the sense that the tools they need to successfully manoeuvre a problem are different, but the goals are the same. Private security, like health care, only becomes top of mind when things go wrong. Research shows that businesses and people see security as critical to their business and to their brand, but fewer people actually reach for their wallet.[1, 2] The price we pay for the lack of security outstrips the immediate cost of buying one. This is why I am a security man. When I talk to my clients I always make the same point: security is a mindset shift. You can buy security, but you can never buy safety. Selling you security does not mean I can promise you will never be breached, because security by its very nature is not absolute. The systems you call safe is the same systems someone else walks through with ease. For example, when Anthropic launched Mythos[3, 4, 5], it uncovered tens of thousands of vulnerabilities[6, 7] in systems long assumed to be safe — including a twenty-seven-year-old flaw in OpenBSD, one of the most hardened operating systems in the world.[3, 7] Safe, until it was not. So I do not sell certainty. I am honest about my methods and honest about the