[outworlder]

Not sure.

Let's say we have fortifications. People are needed to man them. This is understood by everyone. Entry points are checked, etc.

Compare with 'cyber' systems. How many people are adding features, working on bugs and the like, versus how many are even looking into security vulnerabilities?

Translating to the physical domain, it would be as if we were building a fort, then moving almost everyone to build extensions or new forts, with a handful responsible for the security of all fortresses - and the paths in between them! In the dark.

The fact that most systems are not immediately "owned" speaks volumes on how difficult this is to accomplish. Barring zero days, the main way one gets compromised is by making mistakes (not patching, leaving systems unsecured, etc). That is, there's a door that's open and unguarded...