Productivity is a hard sell for a company that is tech focused. Since a client basically can't measure the impact there is little external difference between a true solution and a fake solution. As a result even if you convince someone of the value a company that focuses on marketing to those paying the bills will win out against one that focused on building a better product.
Security has fairly proscriptive compliance requirements (ie: SOC, etc.) which provide a benchmark against which to measure impact. Not impact on security but impact on meeting the compliance requirements.
I think, in simpler terms. There's always a Chief Information Security Officer (CISO). But, there's rarely a Chief Productivity Officer. It's usually the CTO et al fighting for dev productivity if any, else nobody just cares and you get impenetrable tarball software
Productivity is a hard sell for a company that is tech focused. Since a client basically can't measure the impact there is little external difference between a true solution and a fake solution. As a result even if you convince someone of the value a company that focuses on marketing to those paying the bills will win out against one that focused on building a better product.
Security has fairly proscriptive compliance requirements (ie: SOC, etc.) which provide a benchmark against which to measure impact. Not impact on security but impact on meeting the compliance requirements.