A biotech discovered 23 domain admins in a 60-person company. Here's how they cleaned up access sprawl before it became an incident.

After two near-miss phishing attempts targeting vendor payments, a biotech formalized email security and payment verification controls.

How a 50-person biotech with no security team built a formal security program over six months, before investors or partners required it.