At my nameless three letter organization, here's how security works.
"Oh, you didn't name your database server according to our specifications required by our lame monitoring tool that can't handle nonstandard system names? Rename your server. Oh, and if it breaks the database, that's your problem."
"We just patched all the servers for greater security. Too bad you can't use your software to control or monitor them anymore, but that's your problem."
"Due to a breach, everyone must change their password. Too bad it happened while you were off for a few days and needed to log in for an emergency, but that's your problem."
Security's motto: We break stuff, put ALL the burden on the users, walk away AND we get paid for it!
I don't know any other job where you can receive money for making stuff *not* work.