Software developers and network engineers are supposed to build security into their products by default, so the phony security expert can skate by on their work. Just look at the Equifax leak, their chief of security was a music Major who networked or bullshitted her way into the profession. I think before Equifax she was overseeing operations at a call center
Of course the upper management/"idea man" in any field can be utterly incompetant, but a rank and file engineer has to build something that actually performs a task. If someone hires you to build a website for them, they can see with their own eyes whether you've met product specifications.