The Silent Tradeoff Security Teams Don’t Want to Admit

Coming from a background of building products in the cybersecurity space, there’s something everyone knows but doesn’t like to say out loud:

Security hurts.

Not because the tools are bad or because teams don’t care, but because the moment you tighten security controls, you almost always introduce friction for the people who need to get work done. Internal teams feel it, customers feel it, and whether we talk about it publicly or not, every security leader knows the feeling of bracing for impact the minute a new control goes live.

And the truth is: if there’s one thing security professionals fear almost as much as getting breached, it’s getting buried under tickets from angry users.

The Industry’s Quiet Compromise

This is why so many security tools end up under-used or quietly dialed back. Teams want to protect the business, but the usability hit is often too big. Over the years, that reality nudged the industry toward a softer posture:

Alert instead of block. Warn instead of enforce.

And yet, every year vendors still promise “seamless security,” “zero friction,” or “no false positives” – claims that never survive real-world workflows.

It keeps employees moving, but it pushes the burden onto security teams who now have to decide, hundreds of times a day, which alerts matter and which don’t.

Millions of Alerts and No Clear Signal

Every year, organizations add more tools, more integrations, more employees, more contractors, more endpoints; and every one of those variables increases event volume. Today, the average enterprise produces millions of events per day.

Millions.

Naturally, an entire ecosystem emerged to manage the overload: log collectors, SIEMs, UEBA tools, orchestration platforms, correlation engines, analyst workbenches… the list goes on.

And now AI is stepping in, helping correlate, cluster, and cut through noise in ways humans never could.

AI is progress, better analytics are progress, but they don’t change the underlying tension we keep running into: When security hurts productivity, security loses.

The Real Problem to Solve

The cycle is familiar:

• Tighter controls → frustrated users
• Frustrated users → loosened controls
• Loosened controls → more alerts and more risk

No one wants this cycle, but most teams end up living in it.

Why I’m Optimistic

The exciting part is that we’re finally starting to see tools and philosophies aimed at breaking this tradeoff instead of accepting it.

AI is helping reduce noise, yes, but we’re also seeing new approaches that isolate data instead of devices, secure workflows instead of entire machines, and protect organizations without slowing people down.

The goal isn’t “security without friction” – that’s unrealistic.

The goal is security that people can live with, even on personal devices, in remote environments, and in fast-moving distributed teams.

It’s a challenge worth solving, and the next wave of security innovation is finally starting to point us in the right direction.