It just means any whistleblower or hackers themselves can report the findings into public. Companies are pretty much forced to hand in any reports of breaches; they can't keep quiet about it because otherwise the penalties will be even more severe after the day's over.
This is a good move. It'll finally keep people/companies on their toes instead of try to hide their flaws.
There's nothing you have to do during work hours, except keeping your workspace ergonomically sound. Standard desk, posture, good chair.
Then after work or before work, you spend an hour at the gym doing proper strength training and some cardio. I won't repeat other sites as there are many, but mainly dead lifts, squats, bench press, run-as-fast-as-you-can-a-mile. Just remember to keep improving yourself, log what you're doing, and always do a little more than before.
And that's it. If you get used to it it won't even be an hour, and you do it on alternate days too so it's not like it's every single day. That should not just make you fit, but probably one of strongest people around.
Never test for an error condition you don't know how to handle. -- Steinbach