I started this as a bit of a rant, but I’m sure many are in a similar position — stuck in large organizations where security feels more like a blocker than an enabler.
Security is meant to protect companies, but too often, it slows everything down, kills innovation, and forces engineers into endless approvals, meaningless compliance checklists, and fixing “critical” issues that don’t actually matter. The real problem isn’t security itself—it’s how organizations structure and apply it.
Curious to hear from others: Has security been a major friction point for you? Have you seen it done right anywhere?
Security is meant to protect companies, but too often, it slows everything down, kills innovation, and forces engineers into endless approvals, meaningless compliance checklists, and fixing “critical” issues that don’t actually matter. The real problem isn’t security itself—it’s how organizations structure and apply it.
Curious to hear from others: Has security been a major friction point for you? Have you seen it done right anywhere?