This document describes a Lean project to reduce security incidents reported by an SSIM (security information management) tool. The goals were to identify and reduce incidents, monitor all categories of incidents, and improve tool performance. Initially about 20,000 incidents were reported monthly but only 2 resources could analyze them, leaving many unreported. Through mistake proofing and eliminating waste (muda), redundant rules and incidents were removed and authorized devices were whitelisted. This reduced reported incidents from 550 daily to about 30, allowing full monitoring and RCA. It saved over 970 hours of analysis time per month, avoiding over 5 full-time employees and $290k in costs annually while improving compliance and productivity.