There are many ways to find vulnerabilities in your institutions computer systems. The evildoer only needs to locate a single vulnerable piece of hardware, software, (or person) The best of these soldiers start with the simplest: training, documentation and user awareness. Train your employees, ensure that they know what the risks are, and provide them with clear instructions on what to do. Their support is perhaps the best armament for the institution and the best guarantee that the security manager will not be found wanting.”]
Source: https://www.cuinfosecurity.com/your-first-last-line-defense-a-554