cyber security series: active, reactive or proactive?