Just wanted to point back to a post from Bejtlich, specifically talking about a recent Tweet of his:
Real IT/security talent will work where they make a difference, not where they reduce costs, “align w/business,” or serve other lame ends.
That doesn’t mean security shouldn’t align with business and all that jazz, but those items are not really the goal of anyone with half a good mind in security. They want to do cool things and make a difference. They’re passionate, enthusiastic about security, hacking, and defense. Who gets enthusiastic about aligning with business or reducing costs? Yes, some people do, but I think there is little intersection between those people and badass security geeks.