I’m in charge of cybersecurity and risk management for a $2B division of a large networking company and failures rarely have anything to do with technology.

It’s people who focus too much on the technology and completely forget about everything else:
- What human beings are doing (workflow)
- Seeing the system design, infrastructure, etc
- Understand who is responsible for a metric or task and holding them accountable
- The list goes on.

The level of incompetence, sloppiness and stupidity is staggering. How does this happen? They’re blinded by the technology and hide behind it avoiding accountability…they love, confusing people. Here’s a simple example, and believe it or not this happens all the time:

I’ve had this same conversation multiple times with really smart engineers. “You understand Schrödinger’s equation, you have a PhD in physics, you understand the Heisenberg uncertainty principle….I find it hard to believe that you can’t understand a simple concept like it’s not OK to have hardcoded passwords which are the same for everybody. It’s that you just don’t care and you don’t think you’re accountable.”

For this job, I have more in common with a lawyer, FBI agent, financial analyst, then I do an engineer.