what’s typically an adversarial relationship between security teams and the people building and operating the network
While this is definitely a factor I’d place the issue one more level up. Businesses typically do not prioritize security at all. This then causes an adversarial relationship. Ops team has kpi/goals to get shit done and none for doing it well or securely so understandably they don’t want to “waste” time with the security team’s requests. This of course assuming there is a security team at all or that the ops team isn’t outsourced and gives even less of a shit what the quality/security is
While this is definitely a factor I’d place the issue one more level up. Businesses typically do not prioritize security at all. This then causes an adversarial relationship. Ops team has kpi/goals to get shit done and none for doing it well or securely so understandably they don’t want to “waste” time with the security team’s requests. This of course assuming there is a security team at all or that the ops team isn’t outsourced and gives even less of a shit what the quality/security is