Although the threat landscape has changed radically, many firms continue to use the same approaches to cyber defense they did 10 to 15 years ago. Those did not work very well then; they do not work at all today. Moreover, while new approaches and “security mantras” have been developed, we must wonder if they protect us or simply lull us into a false sense of security. In this paper, we will look at these new approaches in Identity and Access Management and Privileged Identity Management and explain how they better protect us against today’s threats.