The rising scale and complexity of IT is creating ever more opportunities for abuse and attack. Many for years have warned we face a losing race if we rely on patch and mend. Others for years have advocated using a threat-based priority system. Is there room to consider a middle path or can we prove with science the existence of a third wave? This data-intensive presentation highlights real-world examples of failure in both camps and then runs for the hills. No, actually, it stays around and gives detail on specific approaches that have worked in reducing overall risk for different-sized organizations. You won't fear Data Whales or fall for Troll Tears when you learn how easy it is to beat the odds in InfoSec.