When you think about security and usability, IT is probably not the first thing to pop in your head. Yet the IT systems and security that underpin every organization are critical to secure the data of companies, their employees, and the consumers they serve. At the same time, the security industry has created a complex market that requires a encyclopedic glossary to navigate, solutions that require superhuman powers to operationalize, and a user experience where "the users didn't hate it" is a glowing endorsement. While the sales pitch of "we suck less" is more effective that you might imagine, empowered employees in modern organizations demand more of their IT organizations and expect the same streamlined user experience with technology at work as they do at home. The bar is low for IT security, but we can do better. In this talk, we'll share some of our philosophies on the intersection of simplicity, usability, and security applied to IT security controls, gleaned from our learnings at Duo protecting over 8,000 organizations of all shapes and sizes with diverse security cultures and user populations. We believe the impact that simplicity can have on security and usability for organizations, IT admins, and end users is undervalued, and advocate for further research.