Apologies for the tone, but the content of my point 100% stands. For what its worth, I have dear friends at multiple FAANGS who I'd die for -- who nonetheless strongly appear to have a wildly overinflated sense of their own cybersec, in a big picture "missing the Black Swans" sort of way -- if the past is any indicator.
Maybe it's not, maybe you guys have drastically improved things. What makes me strongly doubt it is that we still haven't seen substantial liability or other consequences for bad or negligent actors in this space.
> maybe you guys have drastically improved things.
FAANG security is just like everywhere else: mixed. There are mixed levels of knowledge & experience, and mixed views: i.e. even though there's a lot of consensus on high-level tenets and frameworks, like e.g. Google's Beyondcorp stuff (along with some certain security 101 stuff that's been discussed for the past 138 years), you'll always get engineers who don't like X or Y. Just like anywhere else.
Please, let's continue this back-and-forth of condescension. It's really productive. /s