Empiricism can advance cybersecurity to the extent that it requires a commitment to using observable, measurable data on which to base its decisions. By continuously collecting and analyzing empirical data, security professionals should accomplish cyber threat intelligence related to new malware or attack vectors before actual damage occurs. Empirical analysis can reveal whether the current security controls are effective and will also expose any finite weaknesses in the organization’s defenses, such as firewalls, intrusion detection systems, or authentication measures. Empirical evidence can also support the evidence-based development of new strategies like adaptive security controls and predictive threat modelling. By relying on verifiable data instead of assumptions and generalizations, empiricism gives you more concern about what is being managed, improves the accuracy/reaction/and construct to better protect an information system against an ever-changing and evolving cyber threat.