“Our systems are very strong. We cannot have been hacked. You are just alarmists. On your bullet number five: that you were able to capture all our passwords, including of the super administrator? That is not possible.” Such is the typical conversation in Uganda during the end of cyber security testing exit meeting with the client. It does not matter that we usually demonstrate the weaknesses found to the IT team. During the exit meeting presentation, IT staff will always deny even the smoking gun or plain view evidence. Many a time, we pull out the laptop and re-demonstrate the…