There are two crucial steps in achieving adequate cyber security. The first is moving from ignorance to awareness. The second is moving from awareness to action. Many would agree that getting the visibility we lack is critical, making the first step achievable through awareness activities, education, and readily-available tools. Unfortunately, achieving the second step can seem impossible when, despite having all the information before us, we fail to act, rendering the achievement of awareness moot. Knowing where you are does not guarantee knowing how to get where you need to be, but we must begin somewhere to eventually arrive there.