What it Really Takes to Build a Resilient Cyber Program