How do we allow security research to be performed on our production networks without affecting real users? And how to we secure networks from the weakest of all links - the wetware using them?