We in infosec are often trained to imagine the ideal "adverse actor" who could do the most possible damage to our systems to test their vulnerability.
It's a good model for identifying and closing gaps (especially if one is not, oneself, prone to think like a criminal), but like all other human population groups, half of all criminals are below average.
It's a good model for identifying and closing gaps (especially if one is not, oneself, prone to think like a criminal), but like all other human population groups, half of all criminals are below average.