When someone in the “echo chamber” of security says something about getting the defenders to think more offensively, and then gets a response similar to, “Rather than complaining, maybe you should give us real ideas on how to do that,” it really irritates the crap out of me. That sort of response is antagonistic and even insulting, plus it’s always going to result in a defensive or even offensive response. There are better ways to make the same point without the passive aggression. Especially when you’re not actually disagreeing with the point!
Besides, even when talking in the echo chamber, making these clear statements isn’t a *bad* thing, and it may even need to be heard by one or two audience members.
It really comes down to education, teaching, awareness, and experience if we want to make security more inherent in IT (coding, infrastructure, networking, systems…).
If you want a stable high-availability network, you need someone who can actually do it in the way you want, otherwise your admins will end up learning the mistakes and correct answers on the fly. And it might take years to build that experience. Therefore, you ask experts and get other ideas.
As a systems/network admin on a team of systems/network admins, we do this every single month where we may look at new things but not inherently know the pros and cons and gotchas of the solutions without experience or assistance.
We frustratingly bitch a lot in security, but we need to support each other during our bitch modes, not lash back and kick each other when we’re down. That’s really my point.