If you were tasked with reducing the attack surface of an application at Raymond James Financial, what strategies would you employ?