If you, tech geek, learn enough to speak well to The Business, you have another challenge: the market is at a place where incentives matter. You can articulate, in the right language, the need for cleaning up the company security posture, but you can't articulate an incentive. User can't sue because the ToS says 'mediation;' There's no regulatory agency that will really threaten our profits - we can afford a $10MM fine when they get around to levying such after three years of investigation ... what's the incentive to spend half a million dollars this year on additional employees and licenses when that's money destined for high-level bonuses this year, and by the time that fine arrives, this executive team will have moved on?
>In my opinion organizations still don't rely enough on "defense in depth" techniques...
This flies in the face of 'easy money.' 'Easy' meaning we, The Business, comprehend the purpose of a particular budget line item. Spending money is bad. But spending money in some places is a necessary evil, and only acceptable when it is in a place that is directly reflected in the price to the customer. Acquiring, manufacturing, assembling parts in the final product? Fine. Marketing to acquire a customer? Sure. Attaining regulatory approvals? Bah, ok. After we've articulated the costs and padded an acceptable margin, the only thing left is the self-congratulatory bonuses for executives!
Meanwhile, engineers possessing all of the above traits as well as hard skills are told to develop their other soft skills (i.e. positive attitude, courtesy, and professionalism) to make themselves more palatable to the inept.
In a vicious cycle, the feeling that everything is focused around appeasing those that contribute the least is enough to erode many engineers' soft skills.
Enter the dead sea.