Installs antivirus on servers that wrecks application performance
installs content filtering proxy that prevents developers from reading “hacking materials” like OWASP documentation
won’t let developers install anything on their own machines without filing a ticket and waiting 6 weeks
pushes unannounced antivirus updates that pop up OS security dialogs like “Netscan Antivirus would like to monitor all network traffic. Enter your password to approve”, and is surprised when users don’t enter their passwords.
They usually don’t have a choice. They know this stuff is bad, but they need it to demonstrate compliance with XYZ framework so they can fill out the marketing copy so sales can land a contract with some big customer that wants to know why $competitor has better security than you.
Your corporate IT guy
We might work at the same company lmao. My laptop is borderline unusable due to all the monitoring garbage despite having really fast hardware
Sigh. Their hearts are in the right places…
They usually don’t have a choice. They know this stuff is bad, but they need it to demonstrate compliance with XYZ framework so they can fill out the marketing copy so sales can land a contract with some big customer that wants to know why $competitor has better security than you.