I totally agree. I used to work in Info-sec back in D.C. before I moved out to San Francisco and I would always joke with my D.C. buddies that San Francisco cares about product first, security later. Most people in SF are so wrapped up around which framework is the coolest hottest thing and have no idea about anything related to security until it's too late.
I would always complain about being 2-5 years behind in terms of technology stacks when I lived in D.C., but we were always a lot more careful about deployment decisions and extremely serious about data security. That mentality is ingrained in me until today so I always think about security. Unfortunately; it's not in the minds of a lot of people.
I don't think these breaches are going to stop until something really serious happens or until there are some serious negative legal consequences for data breaches. Sadly, it's up to consumers to try and sort out which companies have the best practices and that's not always apparent.
I would always complain about being 2-5 years behind in terms of technology stacks when I lived in D.C., but we were always a lot more careful about deployment decisions and extremely serious about data security. That mentality is ingrained in me until today so I always think about security. Unfortunately; it's not in the minds of a lot of people.
I don't think these breaches are going to stop until something really serious happens or until there are some serious negative legal consequences for data breaches. Sadly, it's up to consumers to try and sort out which companies have the best practices and that's not always apparent.