Comment by apexalpha

>Many large corporations in Europe, especially in sectors of prior consistent growth and profit, are chock full of too many managers.

As an engineer who 'jumped' to middle management: yes. 100% yes.

It's kinda disheartening and also a little bit insane to sit in a room with 12 people who learned CISSP and ISO27001 by heart but could not explain what SSH is or what a container does.

Everything has to first be abstracted away from tech into 'risks' and then 'controls' and then these controls have to be re-translated into actual changes in IT systems.

However, at every layer and every abstraction so much detail is lost that they're essentially steering blind.

Last week one of them suggested that we should whitelist the entire IPv4 range of AWS to allow some SaaS (Jira?) to connect to our internal Git.

The policy said to do whitelisting and so they all approved it until I challenged it.

Crazy to watch and honestly so disheartening that I might go do something else. Trying to affect change feels like leaning against a wall.