Having to sign an agreement requiring to be in the office three days per week was weird. Back to the office post COVID, I get that, but c'mon man treat staff like adults not children!
Innovation was not happening in IT. Not only were there many legacy apps, what was worse was the legacy ways of thinking and managing projects. IT suffered from a lack of resources in addition to no discernable project management methodology. The management group did not appear to be on the same page when managing projects.
The attitude of Cyber-Security is a serious problem, having one person be a single point of failure and funnel all decisions through this one person is not appropriate. If this person says no, then you will not be moving forward, and you cannot challenge these assumptions even if there is a better way of doing things or an alternative. A large multinational software vendor once had recommendations and process improvement suggestions and Cyber-Sec states, "We are not that type of company."