You mean companies have been buying garbage visualization products...if IT spent money on things that actually move the needle on security (training and career paths for engineers, skilled managers, rewarding quality over velocity, long term thinking execs, investing in open source ... to name a few) then vendors wouldn’t be able to sell garbage. Instead IT depts settle for glitzy UIs that plaster over the real (deep and pervasive) culture, HR, and organizational issues.