The short version of this question is: How does your company apply company-wide security monitoring and enforcement to Developer and DevOps machines? What exceptions are made, if any, to the workstations used by your technical power-users such as development leads and devops engineers? Does your CISO office enforce the same babysitting software -- endpoint monitoring, aggressively active threat scanning of all accessed files, etc. -- on these workstation as on the rank-and-file business employees, or are there common-sense exceptions made to accommodate the different, more i/o and CPU intensive workloads run by the technical staff?

For some background, my company has recently undertaken a growth initiative, and in the process our director of infrastructure has started applying all sorts of "best-practices" to corporate security policy indiscriminately to all machines on the domain. This has followed short on the heels of requiring our very small team of developers (five when I started, now even less) to stop using MacBooks for our development and to move to Microsoft Surface Laptops because "infrastructure can't manage multiple types of machines", despite the fact that we develop for cloud systems that run on Linux.

Needless to say, the indiscriminate application of mounds of third-party security services on top of moving us to an already less-powerful machine is impacting productivity in random and unpredictable ways. The director in question is not overly technical, and was last in the trenches around the time Windows NT was coming out, so the arguments my team are making for exceptions to some of these (in our perspective) arbitrary rules are falling on deaf ears.

I've been in the game for over 25 years, and this is the first time I've run across a director so completely brainwashed by cybersecurity marketing that he doesn't realize there's a difference between putting up baby gates for the toddlers and telling the adults they're not allowed to walk down a set of stairs by themselves, so I'm looking for some perspective on current industry practices as the HN crowd has seen it.