[anonsec123]

Just being a security engineer doesn't instill you with a defensive or paranoid mindset. I work with security analysts who use TAILS to browse random websites and security engineers who torrent cracked software and install whatever they find directly on their baremetal PC/laptop.

[shkkmo]

I would hope that a security engineer would keep up enough with news about security issues to be aware how easy it is to spoof numbers for calls and texts.

[BeefWellington]

There are people in all manner of jobs that are just working a job and don't have a significant interest in learning all they can about their area of employment. IME security has a lot of people who see it as a hot new thing but don't actually invest their time and attention into maintaining an appropriate level of awareness.

[shkkmo]

Phone calls are one of the primary means of communication. If you aren't aware of how it can be compromised, you are not capable of adequately assessing security.

It is not like the spoofibility of phone numbers is some security industry specific news. It gets talked about all the time outside of tech given the prevalence of spam calls.