Most of us have heard or read about the 80/20 rule in some shape or form. And this rule equally applies to cyber security. Generally speaking, you can divide cyber security into two main groups. Offensive and defensive. But how can you prove you understand them both? — For almost all cyber security functions, the 80/20 rule makes sense. For example, if you are an ethical hacker or penetration tester, you need to know which defensive controls a company can implement, how you can recognize them, and how you potentially can bypass and/or disable them.