Empiricism is the principle that a researcher can only study that which they can perceive, and not base their theories on what they believe to be true, but what they experience to be true and can test to be true. In the world of cybersecurity, this means basing studies and hypotheses on collected data and findings. By using this principle, cybersecurity experts can see what works and what does not work when it comes to protecting important systems, and see what threats there are out there by collecting and studying data from previous attacks. Then they can see what vulnerabilities were taken advantage of and how to reinforce these areas in the systems to prevent an attack from happening again.