Cybersecurity is not a roller coaster ride

A day at Liseberg is really a day of waiting. Queues that curl around corners, virtual queues in the app, even lines for snacks. We all accept it because the reward is the ride itself.

When my turn came for a roller coaster, I strapped in without hesitation. No risk assessment, no checklist, no thought about steel inspections or worn bolts. I trusted that others had done the work: engineers, inspectors, the park itself. My only role was to let go and enjoy.

Work is the opposite. To work with cybersecurity and as a Azure architect, nothing moves without verification. Every cluster, every identity flow, every network path is a potential failure point. If I miss a bolt, the impact isn’t just mine. It cascades across businesses, customers, sometimes even society.

Walking through Liseberg, I started noticing what I’d ignored before. Emergency stops on every ride. Height restrictions posted clearly. Staff checking harnesses twice. Cameras monitoring queue behavior. Exit procedures marked in bright colors. The park’s safety wasn’t accidental or invisible. It was designed, tested, and actively maintained by people who understood that fun depends on trust, and trust depends on systems working exactly as intended.

But safety also required something from me. Keep arms and legs inside. Don’t stand during the ride. Wait for the all-clear before exiting. Follow the posted guidelines. The system worked because everyone played their part: the engineers who designed it, the operators who ran it, and the riders who followed the rules.

Not every ride opened, though. Me and my kids really wanted to ride Kållerado and since it closed after a few minutes we started to check the app again and again, only to see it still closed. Their excitement turned to frustration, then to quiet disappointment. It was a reminder that when safety fails, trust disappears fast and no amount of waiting makes up for it.

That scene plays out in tech every day. Developers are like eager riders: creative, impatient, ready to ship features and move forward. Infrastructure is like the ride operators, making sure the mechanics are safe before anyone boards. Security is the silent inspector in the background, the one who decides if the ride can ever open at all.

If we don’t work together, the outcome is obvious: at best, delay and disappointment; at worst, a catastrophic failure. Developers build, infra runs, security checks. But if we treat those roles as separate queues, nothing aligns. The ride stays closed. Or worse, it opens when it shouldn’t.

So if you build apps, build them secure. Don’t ship hardcoded secrets. Don’t ignore vulnerable libraries because the build passes. Write logs that someone can actually use. If you run infra, don’t just chase uptime. Segment your networks, enforce least privilege, and bake observability into the design. If you own security, don’t be a permanent closed sign. Be the safety margin that lets others ride without fear. And if you use systems, follow the guidelines. Use strong passwords. Don’t click suspicious links. Report what seems wrong.

Some of us are employed to carry concern. Others to create joy. Both matter. But in the end, it’s the same roller coaster. If the bolts aren’t tight, if the design is flawed, if the teams aren’t aligned, or if riders ignore the rules, nobody rides safely. Not the kids, not the thrill-seekers, not the builders, not the watchers.

Cybersecurity is not the ride. It is the work that makes the ride possible.