A lot of security problems
are generated by Marketing.
A lot of security problems will be found in the marketing mindset, and in commercial outfits generated by decisions from the Marketing department.
Development or Admin tends to take the hit, but often it is not their fault at origin, it is a Marketing directive that generally creates a security problem.
If you want to penetrate an organisation, the best route in is via marketing and sales, not development or admin. And companies that place marketing above operations are ripe for the taking. That's the real dirty secret of the Internet.