Say you've previously been interested in information security and know the basics, but your reporting job hasn't necessarily required it. Threat models were relatively modest and sources required little protection. Now you're moving to a job where protecting sources is paramount and you're up against law enforcement and possibly nation states.
What's the best strategy? Some attempt to scrub? Compartmentalization? You're doomed? What do folks here think?