What's the most important thing any security professional or software engineer needs to understand?
Context.
Security folks often treat discovered issues as binary: Vulnerable || Secure. Many find what may in a stand-alone state would be severe issues, but deeper understanding and context may find the risk has been reduced or threats/attacks mitigated.
Software engineers may miss classes of security issues/attack surface as they may be considering their final product and the as-designed use cases, rather than failure states, lack of "negative testing", and edge cases.
We need to understand the context in which any given event, vulnerability, engineering project, or risk may exist, in order to reduce toil, and provide the security and resiliency we all want to see in the world.
This will cover related real world examples of:
Missed vulnerabilities/Unidentified threats False positives/negatives Media hype Situational awareness Incident handling Attack surface targeting