There’s this belief among a lot of security professionals that we are special, in that we are the defenders of our companies. We like to think we hold ourselves to a higher standard of care than our coworkers. If not for us, the thinking goes, our companies would crash and burn in horrible ways. Breaches would run rampant. Data would be stolen left and right. Cloud environments would be filled with adversaries. Enterprise systems would be locked up by ransomware. Without our heroic efforts, those things would be happening all the time! We are the defenders!
Except we aren’t the defenders. We might be defenders, but we aren’t the only ones. Our DevOps teams defend reliability all the time. Our lawyers protect us from liability. Our product managers and sales teams protect our paychecks (maybe they’re the real heroes). In setting ourselves apart in our own minds, we set ourselves apart in practice. While we like the heroic feeling it gives us to be the defenders, it has a lot of downsides.