When Did Security Engineering Shift to Mostly Managing Noise?

The author observes that daily work in security engineering is increasingly focused on managing noise: false positives, alerts, dashboards, tickets, rule adjustments, and exceptions. Much of the time is spent on reactive tasks, such as closing alerts or justifying their benign nature, rather than proactive activities like failure mode modeling or risk analysis. The post highlights that while tools are necessary at scale, they appear to have refocused the discipline on filtering signals rather than understanding systems. The author questions this evolution and invites other professionals, particularly in detection engineering, SOC, or security architecture, to share their experiences.