I’ve been doing InfoSec stuff for ~20 years now, & every 3-5 years I discover a better understanding of the subject. Just when I think I’ve got it figured out, I get a little closer still.
This is for your edification to stick with it 1/
Didn’t take long to shatter that misconception.
Coincidentally, that’s when I saw how valuable dev skills are in InfoSec.
No org can eliminate all vulns. It’s impossible. But you can reduce the value of them to basically zero.
What’s old will be new again.