"Traditional IT thinking, when applied to security, is an endless treadmill consuming time and resources." . . . .