Like any other department, when security is too isolated from others, it creates a culture of perverse incentives and competition rather than collaboration to a shared goal.
For example, try building a new website for a company, only to have the security team insist that you fix "defects" such as not tying sessions to IP addresses. Yeah, fuck all the people on mobile phones hopping between networks. It would make sense for accessing internal data, but not for what amounted to a marketing site for public consumption.
Like I said at the open, this can happen with any department or team- security, I think, might tend to happen a little more frequently, if only because it is logical that they do need a certain amount of autonomy to do their jobs well.
For example, try building a new website for a company, only to have the security team insist that you fix "defects" such as not tying sessions to IP addresses. Yeah, fuck all the people on mobile phones hopping between networks. It would make sense for accessing internal data, but not for what amounted to a marketing site for public consumption.
Like I said at the open, this can happen with any department or team- security, I think, might tend to happen a little more frequently, if only because it is logical that they do need a certain amount of autonomy to do their jobs well.