The desire to be secure has been replaced by the desire to be blameless. Return to the original purpose of security; protecting people. Then explore the convergence of compliance and technical security capabilities as they relate to business, data, people, and processes. What is our ultimate goal? How do we reshape the governance landscape to support those information security best practices, rather than creating more administrative work and hoops to jump through? Let’s go beyond the ability to claim compliance and make our organizations more secure and ultimately reduce risk.