I believe this is the case. Engineers level up primarily based on experience, learning from their team, etc. Because security is:
a) Often not prioritized
b) Handled in the shadows by some other team
the engineers don't get exposed to it. Security hasn't gone through an 'operations' evolution where it melds with engineering so these problems aren't getting better.
a) Often not prioritized
b) Handled in the shadows by some other team
the engineers don't get exposed to it. Security hasn't gone through an 'operations' evolution where it melds with engineering so these problems aren't getting better.
Context: Am security professional