We had the dubious fortune of coming in in a crisis situation, which let us insist on our way of doing things. (Bringing own computers, AWS, modern stack, quick hiring, etc)
Even then, though, launching our first product (App 2.0) to production was really uphill as we fought to earn the trust of CMS and the other contractors, who didn't really believe we could deliver.
But after we shipped, and people saw that we could deliver working software, things got way easier. Now we are consulted on major software architecture decisions and are a key part of the design process.
It goes the other way round though as well -- we have learned you have to respect your partners and champions on the inside, and conform a bit as well. When you are dealing with really sensitive personal info you can't play as fast and loose as you could in a brand new startup.
we are at a point now where we can often look at the underlying need and suggest alternate ways of approach. For instance after a big breach a few months ago security wanted us to use some VPN for all our prod systems- we managed to compromise on amazons MFA which is quite solid but gets us the enhanced security they were going for
Long term we want to help reform contracting so that requirements are not framed in this lots-of-boxes-to-check-none-having-to-do-with-serving-users mindset
Even then, though, launching our first product (App 2.0) to production was really uphill as we fought to earn the trust of CMS and the other contractors, who didn't really believe we could deliver.
But after we shipped, and people saw that we could deliver working software, things got way easier. Now we are consulted on major software architecture decisions and are a key part of the design process.
It goes the other way round though as well -- we have learned you have to respect your partners and champions on the inside, and conform a bit as well. When you are dealing with really sensitive personal info you can't play as fast and loose as you could in a brand new startup.
we are at a point now where we can often look at the underlying need and suggest alternate ways of approach. For instance after a big breach a few months ago security wanted us to use some VPN for all our prod systems- we managed to compromise on amazons MFA which is quite solid but gets us the enhanced security they were going for
Long term we want to help reform contracting so that requirements are not framed in this lots-of-boxes-to-check-none-having-to-do-with-serving-users mindset