Because if you do your job it’s “what do we pay you for‽” and if you don’t, it’s “what do we pay your for‽”
Exactly. I’ve worked in the security field for a long long time and have come to realize it’s viewed by most companies as a utility like power and water and trash pick up. If it’s not working, people notice and get quite angry, and if it is working, they get mad at how much it costs.
Sounds tricky indeed. Is management unaware or uninterested in reliability figures that IT and Security teams help reach? Near misses and outage avoided by good practices and quick reaction?
For [Blue|Purple] Teams in Cyber Defence - covering discovery, detection, response, threat intelligence, malware, offensive tradecraft and tooling, deception, reverse engineering etc.