Sick of ludicrous security theater? Banish it in your organization!
Security is frequently done in an ad-hoc manner, either entirely without a formal threat model, or with one, but without any attempt to connect mitigations to the threat model. Even in those organizations which have a threat model, it's created in secret and updated in secret, if at all.
I'll present the down sides of the current approaches, and present a new way to approach modeling threats.