Over the past seven years, I've had the privilege of building and leading a security research team in Australia, with a focus on web security research, particularly in the context of enterprise software. In recent times, we’ve seen significant developments that've made the economics of zero-day exploits in enterprise software much more valuable. Still, at the same time, defenders have been distraught about what vulnerabilities are significant. In this keynote, I discuss my journey in security research, including how we built and managed a highly performing security research team at Assetnote. I also explore how we understand the impact and cut through the noise when assessing emerging threats, the economics of zero-day vulnerabilities in enterprise software, and the nuances of assessing risk in modern environments.