[overstay8930]

Most companies are way too incompetent to even know how to secure their own data because it is just too expensive to actually hire someone that knows what they're doing - so most of the "cybersecurity" industry is just grifters talking about buzzwords and building dashboards to show how good they are at patching CVEs.

I have had to tell multiple cybersecurity vendors that brag about working with huge companies and governments that we cannot work with them because of how poor their own cybersecurity practices are (i.e. not using secure compute/hardware crypto when dealing with our private keys).

These are companies that should know better, I have had to stop ADP professional services more than once from disabling certificate validation on critical pipelines pertaining to confidential employee and customer information. I do not want to imagine what happens at 99% of companies with cybersecurity teams that don't even know what certificate validation is.