Security is empty, meaningless theater — or, at least, that’s the lesson taught to most employees of most large companies. Security is your password expiring every few months, your inability to access crucial services if you’re new or a contractor, a salty message from a team you’ve never met explaining that your new initiative is not permitted, a transparently convenient excuse when someone doesn’t want to admit their real reason. Security is bullshit.
I can cite more examples from my own career as a consultancy CTO than I care to think about. The household-name company whose security team explained that cloud services were inherently insecure, until the day they decided to switch to AWS and began to explain how local servers were inherently insecure. The