Distilling over 25 years working in the fields of cybersecurity and cyberconflict across a multitude of domains including government, corporate, think tank, and academic this article serves as a foundational distillation of observations that can be applied in any organization. In Part Two of the series, we will look at lessons learned and actions that can be executed by management teams to help manage cyber risk.