Tackling the Visibility Gap in Information Security