Any MBA or Product Manager telling a security expert what's important and what's not is absolutely doing it wrong. What they teach in an MBA is simply the larger picture of a business, it's complex systems, it's architecture. Anyone that writes code should be fairly good at it because it's essentially the same thing one does as an engineer: Determine the interfaces and contracts between the teams, understand the 'organs of the body' and the processes therein, understand the inputs and the outputs and governing systems such as cash flow and income. What often happens is prioritization and risk assessment ... the needs of the customers are many and there is only so much room in the backlog. What the security expert needs to do is to make the risks clear to the manager in business terms that they can understand, which to be honest, often comes down to probable loss of money, or customers, or brand.
Honestly there’s useful and interesting stuff in an MBA course, but it has very little to do with practical management of a business at any level. Pretty useful if your job is doing financial projections of projects with relatively predictable costs and payoffs.
Imagine if we put in charge of a tech firm the dude with the best understanding of category theory.
I’m not sure what’s better, though.