Re: And this...
The challenge of any security role is that a single mistake can make you vulnerable. In Infosec that mistake (e.g. buffer overflow) could have been made by someone else and worse could have been added deliberately via an attack on a software developer who wrote a library that is used by a piece of software.
Security has to balance the risk of a breach with enabling people to do their jobs. The more security you add, the harder it is for people to do their work.
For example I'm writing some code to be deployed in the cloud. Previously I could connect to a jump host, copy the text onto the server and test. Now I need to save the file, transfer, wait for it to be scanned and copied to a cloud server, transfer the file to where I require it and test. If I make a change on the cloud server I need to reverse the process.
Do I understand why? Yes it is primarily to make it easier to trace transfer of confidential data.