Secure Boot is a standard that allows for the firmware of the system to check the signature of the boot software. In doing so, a white-list of approved boot software can be created. In the context of the Micronesia Kit, Secure Boot would be relevant if the end-goal was the development of only a preventative system. In environments where preventative policies are “good enough”, secure boot should be enabled and left to cater to those policies. The converse of that is that when performing in defensive posture, there can be cases where it is necessary to disable secure boot in order to entice an insider deeper into a controlled environment. Without secure boot, an insider now faces less restrictions in environments that can be booted into, what this means for the defense is that introspection can then occur which would not have been allowed otherwise.. However, there are environments where there is a need for active intelligence gathering on an insider threat and that would mean relinquishing full preventative capabilities and employing reactive policies in the form of the OS-level kit (Stampede Agent).