Humans are simultaneously the biggest source of strength and the perennial weak point in any security program. The leadership of security includes things like awareness campaigns, advising and training in the wake of incidents, and doing user experience reviews on things like phishing tools to reduce the threat to the company.
For all of that, sometimes the tools and processes that we surround our teams and our organization with can be difficult to operate. The same security engineers and architects who often drive fantastic threat reduction may struggle to effectively adopt the end-user perspective as the products and technical flows or integrations are realized. Often, it is not until something triggers a security review in the business that these fracturing points surface.