I work at one vendor currently and have worked at a few prior. The difference is astounding - my previous gigs, including one of the biggest vendors ever was exactly as you said. My current gig is exactly the opposite - strong focus on real security insights and value, none of the box-ticking bs, and a great roadmap. It is rare, but when everyone at the org, and especially the product side really know how attacks play out - you can make a real impact on the world.
Okay, but how much would it cost to hire a hacker or red team to breach your systems? Is it more or less than $10M? If I had one competent hacker and a year do you think you could stop me? How about three people and a year?
