Having worked at a competitor, I’ll simply say I know nothing specifically of Okta’s hiring practices, but it’s bold of you to assume they’re hiring any security engineers whatsoever. Still, this was twelve years ago when I was at the competitor in question so all the companies involved were was much smaller than they are today. But quite literally zero people at the particular competitor knew or even particularly cared about security.

Or the companies have figured out it's more expensive to hire a full time professional cryptographer to vet the process, than to deal with the PR for now more or less normalized data breaches.