Information technology professionals are compelled to rely on vendors who provide what many so-called experts consider to be best-practices for cyber security. The difficulty is that there has been a significant failure on the part of solutions providers to recognize that a “keeping the bad guys out” approach reveals a failure to correctly identify the problem. Once the checkpoints in these solutions are bypassed, they provide virtually no security. This is known as an outside-in and top-down approach and is a fundamentally flawed strategy. As a result, these solutions only address the symptoms of a much more fundamental design problem.