Having worked in IT for nearly two and a half decades, I’ve certainly seen my share of blame and abuse thrown the way of IT. Whether the network is down or the application is unavailable, people immediately assume that whatever IT did broke it, even if IT was totally disconnected from the situation.
What many people outside of IT don’t understand is that many issues are beyond IT’s control. Be it external factors such as cloud providers not living up to their SLAs or internal factors such as management not providing even budget for that needed upgrade, there’s more to IT than just some propeller-head techie being careless.
That said when it comes to people “getting” IT and, specifically web security, one thing is certain: IT professionals are just as much to blame as anyone. Sure, management doesn’t get you. But have you ever stopped to think about the way you’re approaching web security may be the reason why? It’s like yelling at a child telling them not to do something. They might listen in the moment but they don’t really “hear” what you’re trying to say and they’ll keep repeating the same behavior. Your approach has everything to do with it.