Definitely agree. In my experience, the financial industry tends to lean heavily on checklists and bureaucracy to enforce security. This requires additional headcount and prevents automation.
Technology companies lean the other way and enforce security through comprehensive automation of the controls they must follow.
Yes, agreed. The choking bureaucracy has the unintended consequence of lowering risk - if its very time consuming to build thing, you build less things that break over time, and rely on old things that have worked for a long time.
Technology companies lean the other way and enforce security through comprehensive automation of the controls they must follow.