The Disconnect Between Cybersecurity Priorities and Practice: A Personal Reflection

In today’s digital landscape, the importance of cybersecurity cannot be overstated. However, after spending over ten years in the IT field, particularly within smaller companies outside of the Fortune 500 sphere, I often find myself questioning the sincerity of many organizations’ commitment to security.

Throughout my career, I have observed several instances that suggest a troubling trend: while businesses claim to prioritize cybersecurity, their actions frequently tell a different story. In my current role, I’ve noticed that my position seems to exist primarily for compliance purposes, almost like a box to be checked for insurance requirements rather than a genuine investment in cybersecurity improvements.

My direct supervisor, who leads the IT department, lacks traditional security expertise, yet he has the final say in all related decisions. This situation creates a disconnect between what I understand to be best practices and the directions we pursue. Despite working in a relaxed environment—where my workload is minimal, my compensation is quite generous, and the flexibility of working from home allows me to juggle personal chores—there is a nagging feeling that more could be done for our organization’s security.

I find myself striving to proactively enhance our cybersecurity posture by proposing additional responsibilities and initiatives. However, my suggestions have largely gone unacknowledged, leading to a sense of frustration. Instead of relishing an easy job, I often wonder about the potential risks and vulnerabilities that remain unaddressed.

I’m curious to know if others have experienced similar disillusionment in their roles related to cybersecurity. How do you perceive your company’s commitment to security? Are there ways you’ve found to drive change in an environment that seems resistant? I invite you to share your thoughts and experiences on this matter, as I believe many in our field could benefit from a collective discussion on the true state of cybersecurity practices in various organizations.