The point was more that layoffs can take out big slugs of staff without considering the individual, in a few different ways: initiatives we can just cancel completely (self driving cars); people we will likely need later but less in the shorter term (recruiting); or places where we consciously take on added risk (losing security).

I do think that for the company that sacked their security team, the executives may very well have had a full understanding of the risks it created — but couldn’t easily say so publicly (“we chose to 10x our risk of a security incident, so we keep 1 more product initiative staffed which might save us”). Just speculation. Not a situation I think many of us would be comfortable in.

What was it Steve Yegge said in that legendary platforms rant?

"But I'll argue that Accessibility is actually more important than Security because dialing Accessibility to zero means you have no product at all, whereas dialing Security to zero can still get you a reasonably successful product such as the Playstation Network."

Even if you get bit by a huge data leak, it's just not going to matter that much (from a business perspective) if you already managed to become a big, significant part of the world (like PSN or Equifax - they're still around today, largely unimpacted by their screwups).

If you don't manage to become a big, significant part of the world, security successes or failures just won't matter that much. You don't have a lot of value, because you don't have a huge treasure trove of data, so you're not a primary target for most attackers. You'll sit there being irrelevant, and if there is a breach someday, probably neither you nor any of your handful of customers will actually notice."

Am I content that the world functions this way? No.

But I think it's important to recognize that it does.