The metaverse is the latest technology that most companies are at least considering exploiting as a major business driver. Theoretically, it will enable commerce and communications, and will be a major way to engage with consumers, professionals, and the world as a whole. Of course, this brings a new risk landscape that is the equivalent of scope of the early Internet. The reality is that the metaverse is not new. There have been metaverses in different forms for decades. Second Life was the first major platform to create an artificial universe, and it revealed a variety of lessons. Massively multiplayer role player games have also revealed critical lessons. Even Zoom is arguably a form of metaverse. The experiences showed many vulnerabilities, both technical and operational. The metaverses have been host to sexual abuse, terrorist communications, scams, money laundering, financial thefts, etc. Additionally, there are technical vulnerabilities that are much more difficult to deal with than the traditional vulnerabilities an organization has to deal with given the fact that a great deal of functionality is enabled on client systems that the organization has no control over. This presentation walks through the history of the metaverses, past incidents, the obvious and non-obvious vulnerabilities, and guidance for being proactive in dealing with the vulnerabilities.