The Information Security profession has become unfocused and untethered from foundational concepts. While companies are trying to digitally transform themselves, they are dazzled by vendors hawking machine‐learning’ and ‘artificial intelligence.’ We trust our most sensitive data and infrastructure to third parties without fully understanding the ‘Shared Responsibility model’ that underpins such a relationship. Meanwhile our networks, applications, servers, and endpoints are compromised because a port was left open. Access controls were not properly maintained and audited. ‘Shadow IT’ has become an even larger issue with the forced remote work of COVID‐19 transitioning into a wider acceptance of remote work in general. Ransomware, social‐engineering, Solar winds, and on and on.