In the cat-and-mouse game between attackers and defenders, security culture often overvalues “offensive mindset” and street cred. Both red and blue teams blindly adopt tricks like querying for adminCount=1 without really understanding what those signals mean. That shallow attacker model drives bad prioritization, hero worship, and cargo-cult defenses that miss deeper structural and identity weaknesses. In this talk, Nick and Jake will show how defenders shoot themselves in the foot by misunderstanding the impact presented by specific offensive artifacts: Kerberoasting is treated as a cool party trick instead of a symptom of weak service account design and crypto choices while password spraying, LSASS dumping, and constrained/unconstrained delegation checks become checklist items rather than prompts to interrogate why those techniques are so consistently effective in the first place. The techniques work, but when we don’t understand why, we design narrow one-off mitigations and leave entire classes of attacks cheap and reliable. The answer isn’t to abandon offense, but to redefine it: treat “offensive minded” as the ability to model realistic attackers, map their paths through your environment, and tie that to concrete controls and monitoring, in turn de-emphasizing street cred in favor of measurable outcomes. You’ll walk away with practical ideas for reshaping your security culture so attackers stop being treated like wizards and their tactics start being treated like the engineering signals they are.