A cybersecurity system for an information and technology system is presented. The cybersecurity system includes: a risk engine that detects past events in the information and technology system, the risk engine including an electronically stored set of rules characterizing events; a prevention engine that models events in the information and technology system, the prevention engine including a model builder, the prevention engine communicatively coupled to the risk engine; and a user interface communicatively coupled to the risk engine and to the prevention engine; where the model builder is configured to build at least one attack tree based on a past event detected by the risk engine and a potential event modeled by the prevention engine, and where the cybersecurity system is configured to report the at least one attack tree through the user interface, such that a future event depicted in the at least one attack tree can be remediated.