Is Information security a business or technical issue? Or both?

Context:
I had an interview this morning where the interviewer grilled me pretty hard on this question. My answer was that information security is required to work both sides. My point was that you need to know the technical processes/work in order to then translate that to the business side and give an informed decision on any issue. That seemed logical to me in the moment and from my experience.

However, he/she hit me with a resounding "NO" and explained …

business context cybersecurity hard information information security interview issue order point processes question security technical translate work