In your environment, do you really know Who is doing What, from Where? How confident are you in your authentication controls? Does your behavior monitoring solution have the right input to give you relevant actionable findings? Are you overly burdening your users in the name of security, while still leaving them unprotected? This talk will not cover application code reviews, or new advanced exploitation techniques. For this talk, I assume that you already have a mature SSDLC and Vulnerability Management practice. This talk will instead shine a light on very common identity, authentication, and link-analysis practices that inhibit you from properly detecting threats, and ultimately, containing them.