As the Chief Information Security Officer (CISO) of a publicly traded organization, I consider resilience to be the most important part of availability. I would implement high availability with redundant systems, networks, and data repositories built into every tier of technology—allowing the organization to do business regardless of the failure of any one of these systems. The organization would have comprehensive disaster recovery and business continuity plans, with comprehensive backup systems and real-time replication of key data and workloads to recovery sites—allowing the organization to recover its systems after a disruption (disaster) within a matter of minutes. To defend against criminal attacks, such as Distributed Denial-of-Service, I would deploy cloud-based attack mitigation and enforce a strict patching procedure/protocol to remove vulnerabilities before they are exploited. The organization would have segmentation of the network and strict least privilege access control, coupled with 24/7 monitoring via a Security Operations Center to effectively detect and contain any attack once it occurs. These defenses combined will provide the organization with consistent resilience, limit downtime, protect shareholder value, and support customer trust in the technology environment during both technical failures and malicious attacks.