"If you're able to do your job, InfoSec isn't doing theirs."
I've worked with some great sec orgs that get this and I'm sure everyone reading this in that role is one of those, but understand there are some that are not.
There are some who, for example, are not given ANY agency whatsoever and have to accept every alert from tool-du-jour as some malicious moustache-twirling evilness from the developer. (And they AI should be taking over _development_ jobs...)
I've worked with some great sec orgs that get this and I'm sure everyone reading this in that role is one of those, but understand there are some that are not.
There are some who, for example, are not given ANY agency whatsoever and have to accept every alert from tool-du-jour as some malicious moustache-twirling evilness from the developer. (And they AI should be taking over _development_ jobs...)