How can we keep infosec pros a step ahead of the bad guys?