A number of large open-source projects are being surgically tied together to bring the Network Functions Virtualization stack to the carrier environment. The sheer scale of software components and the interplay of APIs will bring the inevitable - a frightening number of attack surfaces embedded in critical infrastructure. A security architect's mileage may vary when trying to secure such large stacks without compromising on core functionality. We must accept that security will fail at some point and provide robust ways for detecting such failures. This talk describes a proactive approach to systematically manage the complexity from the ground up in spite of many different attack vectors. In particular, we introduce two ongoing research projects based on Trusted computing technology to dynamically monitor and attest the underlying configurations of virtual network and compute nodes.