Security work has made me more suspicious of assumptions.
Not in a dramatic way. More in a practical way.
People often say things like, that account is not used anymore, that storage is private, that alert goes to the right team, that backup is fine, that permission is temporary.
Sometimes those things are true.
Sometimes they were true six months ago.
That difference matters.
Cloud environments change quickly. People join, leave and move roles. Projects pause. Test systems become production. Temporary access becomes normal. A setting changed during troubleshooting stays changed because nobody wrote down why it happened.
This is why I like evidence.
Not because I distrust people. Because memory is not a control.
If something is private, show the setting. If access is temporary, show the expiry. If a backup is working, show the restore test. If logs are useful, show the query and the response process.
Evidence makes the conversation calmer.
It stops the work becoming personal. The question is no longer whether someone remembers correctly. The question is what the environment is telling us now.
That is a healthier way to work.
I also think assumptions grow when teams are under pressure. Nobody has time to check everything, so people carry mental shortcuts. Most of the time, those shortcuts help the day move forward. But in security, old shortcuts can become risk.
The answer is not to be paranoid about everything.
The answer is to build small checking habits.
Review access. Check exposure. Test recovery. Read the logs. Confirm ownership. Keep notes.
Simple work. Repeated work.
That is where a lot of security maturity actually comes from.