I've been working for a long time (over 20 years) in an array of industries (big four accounting, healthcare, small retail) and through consulting roles I've easily had exposure to over a hundred companies. And I'm having feelings about the industry I don't know how to address.

I recently noted this situation[0], and whilst I noted people were (rightfully) outraged, I was confused by the surprise. All I would think was "well that's every CTO ever, what's the shock here?".

I recently did a phone interview for a security role. When I mentioned to their "technical manager" that I had several CVEs I had found, he said "noone in real security cares about that" and went on to describe their penetration testing methodology, which meant basically reading out this disaster[1] word for word. My eyes glazed at that point and even after telling them I'm not interested, they've continued to pursue me. Likewise, a tech startup many of you may recognise approached me for a devops role. When I found out their production servers were whitebox desktops running Windows XP (and they strictly did not intend on changing that) I bailed.

These things are simply examples of the things I've been seeing for years, and I've gotten so jaded about how the average company carries themselves I just can't consider any role seriously any more. I find it incredibly difficult to talk to a hiring manager and not sit and scoff because I feel like I know what's coming. It's also a huge contrast to the world about online.

[0] https://www.reddit.com/r/cscareerquestions/comments/6ez8ag/accidentally_destroyed_production_database_on/

[1] https://serverfault.com/questions/293217/our-security-auditor-is-an-idiot-how-do-i-give-him-the-information-he-wants