> Your goal here is to make the best YOUTUBE videos possible. That’s the number one goal of this production company. It’s not to make the best produced videos. Not to make the funniest videos. Not to make the best looking videos. Not the highest quality videos.. It’s to make the best YOUTUBE videos possible.
Replace "youtube videos" with whatever the company is trying to achieve. I see it all the time in large organizations, where different teams forget what the goal of the company is and instead get hyperfocused on their teams KPI's to the detriment of the company as a whole.
Lawyers finding problems and trying to stop things from happening instead of finding solutions. Security blocking things and not suggesting alternatives. IT blocking this or that instead of trying solve problems, etc.
Sounds like they're doing their jobs, which is to protect your future selves from your current selves. Sure, finding solutions is great, but faulting them from finding problems and slowing things down until solutions are found is odd.
Yes, security or IT does sometime have to act as a reality check in an organization that has over-hired over-zealous but under-experienced go-getters who want to "move fast and break things". They are a vital counterweight that makes ambition productive, instead of allowing it to wreck the organization's reputation.
Sure, but the production DB has an incredible amount of PII and we are audited out the wazoo, but even if that weren't the case and it was totally fine, all it takes is you being careless with your credentials one time and the company's hosed or we have a massive breach, or some rogue employee encrypts the data with ransomware. So, yes, it would make you faster, and no, you can't have it. It's insane how often I have this type of conversation and insane how often I am the bad guy in it.
This is a solution oriented approach instead of a lazy ass covering approach which I think the GP was referring to. The job should be finding risks and then figuring out how to work around those risks. Very rarely are there no solutions, most of the time it is due to general laziness or in aptitude where someone can find risks but they do not find solutions.
In this particular example, often this isn't remotely feasible, either from a business logic standpoint (I can think of plenty of fintech examples), lack of qualified DBA/sysadmins, network admins, cloud cost constraints, methods and controls to ensure to auditors that devs cannot access production data - none of this is trivial, and often to the dev it seems "silly" they may need to wait a few hours for something they could technically access in a few minutes, but acting like these solutions have no tradeoffs or are always worth doing suggests a lack of knowledge as to how these things actually work in a business and on a development team. It certainly isn't always laziness, and I'd even say it's not laziness that often at all.