One of the main advantages that cyber defenders have over attackers is inside knowledge of their environment. Well, at least they're supposed to. It turns out that many organizations don't have that inside knowledge; the full picture of their IT environment. Without it, cyber defenders are hard pressed to hold onto the high ground; the battlefield is levelled. If an attacker gains access to the network (and is detected), a race condition is started to see who can discover vulnerabilities first and exploit or mitigate them. There is a lot of talk about "just doing the basics" to prevent such attacks and bolster your cybersecurity posture. Unfortunately, "the basics" aren't always easy. During this talk, we'll take a look at three basic – but not necessarily easy – steps to greatly improve your security posture: illuminate your environment, validate your vulnerabilities, and internalize external threats. Getting a handle on these processes and associated tools (demos included!) can help cyber defenders maintain – or regain – the high ground.