In Episode 4 of the DevSecOops podcast, hosts Tom Walker and Scott Fletcher discussed what’s really dragging security down in modern organisations. And spoiler, it’s not the hackers.
If you’re someone in tech, security, or just trying to make sense of how to run a safer, smarter organisation, this one is for you.
No Longer A Departmental Concern
Scott kicked things off by challenging the old school idea that cybersecurity is solely the IT department’s problem. While this mindset might have worked decades ago, this is dangerously outdated.
Drawing from his experience as a penetration tester, he informed us that security is a culture. It is something that everyone in the organisation needs to own, whether you’re in HR, finance, or marketing departments. Gone are the days that cybersecurity was a concern for just one department. Because if it remains siloed, then it’s just bound to fail.
The Illusion of Innovation
Tom pointed to another pitfall; organisations’ obsession with the newest and sleekest technology. Microservices, Kubernetes, you name it… Companies leap toward the latest frameworks and architectures without first mastering the basics.
It’s not that new technology is bad. But when you can’t reliably patch systems or when your configuration management is a mess, then all these advanced tools are for nothing and it won’t solve foundational problems.
The Double-Edged Sword of Change Management
Change management is another area behind cybersecurity failures. The Hosts have seen both the good and the bad of changing the management. When it’s executed correctly, change in management supports safe experimentation and creates audit trails that help organisations learn from their mistakes. However, when it’s misused, it creates friction and unsafe workarounds.
The bottomline is that change management isn’t the enemy, the poor implementation process is.
Gap in Leadership
Everyone also talks about the talent shortage in cybersecurity. Not enough engineers. Not enough analysts. Not enough hands on deck. But no one talks about the leadership shortage.
The pair pointed out that there are a lot of smart executives out there but many simply don’t have the literacy to make informed decisions about cyber risk. This lack of understanding can create more gaps, exposing the organisation to further vulnerabilities. Until the people at the top understand what’s really at stake, then security will remain an uphill battle.
Final Thoughts
The hard truth? Most cybersecurity failures aren’t the result of a brilliant attacker. They’re the result of misalignment, underinvestment, poor communication, and tired teams forced to make hard choices with limited support.
And as this episode reminds us, the real threats aren’t always external. Sometimes, they’re right in front of us. Ingrained in how we work, how we lead, and what we choose to ignore.
