The IT security field is full of people who barely understand what they are doing and don’t care. They blindly follow ISO checklists. Often they break things for no reason and leave the rest of the company to work around it. Sometimes they bring in sketchy software like CrowdStrike that makes the company *more* vulnerable, not less. If you don’t care about doing things properly it’s an easy job. It’s perfect for pajeets. It’s usually the first department in every company to be hollowed out and filled with them. It makes perfect sense that the scam companies that help other companies get check a box for their certification would also be filled with pajeets, or whoever the hell they can hire to update the software that White men wrote years ago. Almost no one in that industry cares about quality.