Security is a trade off. Everyone knows that the most secure computer is one that you never turn on; the job of your security team is to strike a balance that is better than that.
> the job of your security team is to strike a balance that is better than that.
There are two ways to strike a balance. A cooperative way, and a competitive way. A cooperative way is when all sides get together and hammer out an optimal solution, and then implement it in agreement. A competitive way is when everyone pushes to maximize their interest, and through the fighting, an equilibrium establishes itself[0].
I think GP is complaining about security teams that approach their job in a competitive manner, instead of a cooperative one.
--
[0] - You'll note that this is how competitive markets work; this both makes them a robust decision-making mechanism, and an incredibly wasteful one.
Firms in competitive markets don't fight, fighting would be if one firm's products somehow un-manufactured another firm's products. So, the defense industry, and nothing else. They hurt each other's bottom lines, but help society as a whole by collaborating to produce more of whatever it is they're selling.
> fighting would be if one firm's products somehow un-manufactured another firm's products
They absolutely do, and would do it much more if most ways of doing that weren't strictly illegal. A particularly notorious, legal way of unmanufacturing your competitor's product is when both yours and theirs rely on a common component - so you can buy out the entire supply of that component to prevent your competitor from releasing a similar product after you. Off the top of my head, Apple did that with these mini hard drives for iPods.
A more common example of fighting is advertising, which becomes a zero-sum game when the market for a product category saturates.
> Everyone knows that the most secure computer is one that you never turn on
An attacker might gain physical access to your turned-off computer and wreck all sorts of mayhem (install a hardware keylogger, rip the hard drive out and recover stuff from it, etc). The most secure computer is the one that doesn't exist.
An attacker with physical access could install an LTE-controlled power outlet and then remotely turn it on and use it to mine cryptocurrency whenever you aren't around, stealing your electricity. Ok, maybe that's a stretch...
