At every security conference there’s always a group of people asking which is more secure, Windows or Mac, Apache or IIS, IE, Chrome or Firefox. Viewing security solely as a question of vulnerabilities is liking judging a bread solely on how many slashes the baker put on top of it. It just doesn’t matter. It’s not about which has more patches or which has more vulnerabilities. The questions is actaully which one will cost you the least amount of time and money to consistently manage well. InfoSec is a cost center and security incidents cost money. If we’re going to cut costs and make infosec more efficient we need to actually focus on where the money is being spent and not on where it’s sexiest to look. We’re so focused on the “cool” that we’re overlooking the need to do. This pragmatic talk will give you what you need to do your job better and at a lower cost. It will also get you homemade bread.