Despite all the Next-Gen tools, latest products, compliance requirements, etc., breaches still happen daily. Why is this, and what can we do about it? This session uses data gathered from penetration tests, audits, and incident responses to focus on the current state of cyber defense. Solutions are emphasized to address common issues such as how most organizations focus on the wrong items, how egos get in the way, how compliance doesn’t really help, how risk is rarely assessed, and how cloud migrations can actually make security worse. This session includes group exercises.