People can work around a horrifying amount of mess for a dizzying amount of time before it all comes crumbling down due the wrong thing occurring at the right time.

---

All of these examples are from finance companies, mostly banks. Not all my stories, these include stuff from friends in the field.

I know a place that had no documentation on access revocation for >30 third party systems.

Another with no Identity and Access Management policy until the pandemic. Service accounts with god level access? Go ahead and set an 8 character password with no expiration date, and never change it after 20+ employees who know it leave.

One place with software that sits installed on computers within reach of the public where every client copy includes a password decryption function in a file that you can copy out of the client install and then just call it from whatever program you write. Yeah, you still need read access to the user database’s password field, but this was software that employees used to interact with bank accounts. With trivially reversible decryption.

That last software was slated to retire over a decade ago, and last I heard was being kept alive by the finance company paying for source code access and maintaining their own edited version themselves. The last time my friend talked about it a year or two ago, the software was just shedding its reliance on Internet Explorer and shifting to Edge.

Some federal processes and laws still require fax communications for various financial shit behind the scenes.

---

Do what you can to steer out and away, keep your hands off it/don’t perpetuate it, have a threshold for “fuck it, not my problem to fix”, have another threshold for “fuck it, let it burn or they won’t learn”, have a third for “fuck it, I’m running before this eats me”, and always always always cover your ass. In writing, hard copy somewhere you control and work doesn’t.

Ultimately, remember that companies don’t reward heroics. Unless you can quantify your improvements in manager-speak, it won’t even register to them. They don’t give awards out for burning yourself alive to keep the engines running for another day. They give out penalties when your changes result in temporary setbacks during adjustments to the new normal.

There are many, many, many people in management and elsewhere that do not learn until they’ve been bit in the ass (if they are capable of learning at all). If you eliminate the friction before they feel it, they won’t know you’ve done anything at all. You want to look good, that’s how you move up. Let some things fall. Let some things break, especially when you know the fix is relatively easy and no one wants to take responsibility to ok it before SHTF.

---

A ton of this job is managing people, at least as much as it is managing complex systems. Not to be sociopathic, never forget the people are people, but start looking at corporate interactions and politics like you might look at a complicated system with no or little documentation.