At a high level, “we don’t have data” is no longer an excuse in information security. Today we have a plethora of information provided by public and private sources. We will discuss the security intelligence available, how it is useful in security and risk management, (as well as how it is NOT useful) and what security professionals should take away from the data at hand.