Skip to content
BLOG

IT vs. InfoSec: War stories and ways to work better together

Meredith Kreisa headshot
Meredith Kreisa|September 9, 2025
Dog drooling while reading content on laptop
Dog drooling while reading content on laptop
Sections

If you work in IT or InfoSec long enough, you’ll collect a treasure trove of “you can’t make this up” moments. The problem? Most of them involve your colleagues on the other side of the house. Security blames IT for slow patching. IT blames security for breaking production. Somewhere in between, your users are wondering why they can’t access email. 

Stop the turf war

Register for our IT vs. InfoSec webinar and see how PDQ Connect can help both sides play on the same team. 

Let’s look at some familiar scenarios — and see what we can learn from them. 

The patch that broke everything 

IT: “We tested it in staging, and it looked fine.” 

InfoSec: “But the CVE score was critical, we had to push it.” 

Outcome: Half your org can’t log into their laptops. 

We’ve all seen it. A patch drops, security rings the alarm, and IT has to scramble to deploy under pressure. Sometimes that patch introduces a new bug. Now IT gets blamed for downtime, while InfoSec grumbles that the patch wasn’t fast enough. Nobody wins. 

Lesson learned: Build a joint patching process. Testing and risk assessment need to be shared responsibilities, not a tug-of-war. 

The phantom vulnerability scan 

InfoSec: “This report says you have 400 endpoints vulnerable to XYZ.” 

IT: "That’s funny, our inventory only has 320 devices total.” 

Outcome: A week of arguing about data sources. 

When IT and InfoSec rely on different tools, they end up in parallel universes. One team’s “urgent threat” is another team’s “false positive.” 

Lesson learned: Standardize visibility. Agree on one source of truth so the conversation is about fixing problems, not debating whose tool is right. 

ConnectIcon CTA

Centralize your Windows device management

With PDQ Connect, gain real-time visibility, deploy software, remediate vulnerabilities, schedule reports, automate maintenance tasks, and access remote devices from one easy-to-use platform.

Start a free trial

The privilege escalation debate 

IT: “Users need admin rights or they can’t do their jobs.” 

InfoSec: "Users should never have admin rights or we’ll get compromised.” 

Outcome: A compromise that leaves both sides irritated. 

The least fun kind of tug-of-war is access management. IT has to keep users productive. InfoSec has to reduce attack surfaces. Both are valid — but without guidelines, every ticket turns into an argument. 

Lesson learned: Define policies together. Decide which roles actually need elevated rights and document exceptions. That way, you’re not relitigating the same fight every time. 

The mystery outage 

IT: “Production just went down, who touched what?” 

InfoSec: “Not us, but we did roll out a new endpoint agent earlier …” 

Outcome: Downtime, finger-pointing, and an emergency call with leadership. 

Surprise changes are every sysadmin’s nightmare. Whether it’s a security agent deployment or an IT update, uncoordinated rollouts can take down mission-critical systems. 

Lesson learned: Change management exists for a reason. Shared calendars and joint approvals prevent “oops” moments. 

Why we keep telling these stories 

Sysadmins aren’t masochists (well, not most of us). We share these stories because they’re cathartic — and because they highlight real patterns. IT and InfoSec don’t clash because anyone is incompetent. They clash because their incentives are different, their tools are siloed, and their communication is shaky. 

The jokes make it easier to cope, but they also point toward fixes. 

Turning war stories into peace treaties 

So how do you turn a common battle into actual progress? A few simple moves can go a long way: 

  • Cross-train: Have IT shadow InfoSec for a day and vice versa. Nothing builds empathy faster than seeing the other team’s daily fires. 

  • Run joint incident reviews: Instead of pointing fingers, review what happened and how both teams can prevent it next time. 

  • Celebrate together: Knocked out a patch cycle without downtime? Blocked a phishing attempt? Raise a toast together instead of separately. 

The IT vs. InfoSec tension isn’t going away overnight. But with shared processes, better visibility, and maybe the occasional drink together, the relationship can shift from adversarial to (at least) cooperative. At the end of the day, both teams want the same thing — systems that are secure and systems that work. And hey, if you can laugh about the chaos along the way, you’re already halfway there. 

Meredith Kreisa headshot
Meredith Kreisa

Meredith gets her kicks diving into the depths of IT lore and checking her internet speed incessantly. When she's not spending quality time behind a computer screen, she's probably curled up under a blanket, silently contemplating the efficacy of napping.

Related articles

Orange themed Patch Tuesday banner image

Patch Tuesday September 2025

SECURITY

Illustration of mail with letter with check marks

PDQ acquires ISL Online for seamless remote desktop

NEWS

Illustration of computer desk and monitor with PDQ logo

The invisible line between IT and InfoSec (and why it keeps getting crossed)

GENERAL IT