What I’ve learned over the last few years:

• Only academics, commentators and researchers truly care about collective security, where the whole world gains because certain technology and is commonly agreed to be off-the-table
• Everyone else (that is, corporations including government and private enterprise) only cares about zero-sum security - your insecurity is my security gain - but they pretend in their messaging to care about collective security. It explains why nation states continue to demand purpose-built backdoors into hardware and encryption implementations, and why employers are content to treat your mobile phone like their own property, demanding apps, RATs, etc. be installed
• Most cybersecurity is thinly-veiled compliance, and amounts to certified bureaucrats implementing products from that small bunch of vendors with the means to influence policymaking
• The public messaging around security always uses the noun in the abstract, which to me is telling. Security for whom? Security against what? Security for what? See also social media and the term “safety”.