Security practitioners love to hear about cool new technologies, best practices, and things that work. But we often learn much more from failure than from success. With that in mind, this talk will cover my ten favorite “learning moments” from over 21 years of defending enterprise networks. I’ll cover epic fails in my time as a SOC analyst defending Pentagon networks, a project manager building 24/7 operations at the White House and healthcare.gov, a security startup executive from its early days through an acquisition and beyond, and a founder working with security teams at Fortune 500 companies. And I’ll share the important lessons in cyber defense and security leadership that inform my work in operations, consulting, management, and teaching. Whether you are looking for advice on navigating your own career in security, hoping to avoid major pitfalls of operations and security management, or simply want to feel validated by hearing about things I’ve gotten wrong, this talk will include practical insights for newer practitioners and seasoned veterans alike.