You don't actually know any women in IT or programming, do you?

Your contract should also include termination clauses - penalties paid if terminated early.

No client in their right mind would ever sign a contract with that in it. At least not in the USA. The whole point of hiring contractors is that they are engaged to work on a specific project. When the project is finished, the contractor is fired. If the contract specifies a length beyond the project completion date (to allow for deadline slippage), then the client would have to pay the contractor for time he/she didn't do any work for them. As most USA clients would rather rip their own toes off than pay someone for time they haven't worked, it's a non-starter. Hell, they bitch about having to pay their own employees for time they haven't worked (vacation, sick leave, holidays, etc.) Even though the law allows them to not allow any paid time off at all, for some reason this is the one place where market pressures have benefited the employee; companies have to offer competitive time off to hire people. If they had their way, we'd all be working 14 hours a day, seven days a week, 52 weeks a year, with no overtime pay, of course. Sad thing is, it's legal to do that to exempt employees. No, you can't physically drag them in to the office and make them work, but you sure as hell can fire someone for "not being a team player" (which is doublespeak for "won't allow us to abuse them as much as we want to").

Sadly your "winnings" is usually that you are now a "employee" and the "employer" just fires you.

This is the most relevant sentence in your post. Sure, you can report lawbreaking clients to the IRS and DOL, but don't plan on having a job three seconds after they get notified of your complaint.

In America the federal government is composed of the crookedest corporations.

FTFY.

No, they can't force you to work overtime, but they can definitely fire you for not doing it.

You can't complete a degree sitting in your dorm room; eventually you have to interact with faculty and your peers. Most programmers also work as part of a team.

You can't just write off aspects of social interaction as unnecessary. Everyone has to work with SOMEONE, even if it's a client. Your response sounds like oversimplification and bias.

Just a guess, but I bet you don't work in the USA. I have never seen any sort of "contract" for jobs I've had. At best, we get an employee handbook that we need to sign for. If there were a contract (implying binding conditions) or a binding job description, you would have recourse if your employer suddenly changed the circumstances of your job on you beyond what they contract allows. No, here we just tell the worker that we own their asses and if they don't like it they can fuck off.

Usually that can be avoided by good interviewing and identifying those companies. I've had one job that had that mentality, and it lasted about six months (when the next job was lined up.)

Story time: A while back I was interviewing for a new gig. The second question they asked me was how I felt about mandatory overtime.

Yeah, NOPEd out of there pretty quick. At least they were up front about it.

Last I checked they still had open positions. I bet they don't understand why they can't fill them.

New ideas only get implemented in a half-assed way if the person who promoted the idea is already two jobs further in his career.

Or, the person implementing the idea is completely disengaged due to management incompetence and lousy treatment. At most places, the difference between busting your ass 90 hours a week and warming a chair for 7.5 hours a day is an "attaboy" and nothing else. There's no incentive to do a good job beyond personal integrity, and you can't pay the rent with that.

Two things motivate me: 1) Being able to write good code, and 2) Money. If anyone tells you differently, they are not being completely honest with you, probably because they're telling you that in a job interview setting and if it looks like your motivation is anything other than "I enjoy working myself to death making more money for people who are already rich", you're sunk.

You don't need to be turned away to be discouraged from entering the program. A department filled with hormonal 20-year-old brogrammers is not my idea of a nurturing setting for a young woman. Add that with the condescension from the faculty, the peer pressure, and limited job prospects after graduation (after all girls can't possibly be any good at programming) and you have a proportional shortage of women in the field.

Oh, grind your ax somewhere else.

Nothing makes you look like a reactionary idiot faster than stuffing "Lol librls r dumb" into a conversation where it's completely irrelevant.

Also... I can't think of any organization that actually needs several hundred services piped to each workstation... I'm trying really hard to think of what those would all even be...

Your lack of imagination does not negate the possibility.

Okay... lets say the company has 10 databases because they're too lazy to integrate them.

Why would they integrate them? What's the business advantage of doing so? Do you really think the suits are going to allow you to spend the time doing this when there's virtually no benefit, and it's much more important to fix the shade of red on the landing page?

Then lets say they need email? In my experience they tend to actually need a way of passing information around the organization rather than accepting and sending information out of it.

This is pure bullshit. Companies need to communicate just as much with the outside world as they need to with each other. Have you ever actually worked in a corporate network environment? Your 99% number is invented from whole cloth.

Then what else... a web browser with access to a finite and specific number of domains.

Who's going to manage that? What's keeping the end users from using another browser?

Anyway, I don't know why you'd need users to be able to access that many sites. At least not in a high security environment.

You're delusional. The suits are never going to stand for having to ask permission every time they need to go to a site not on the whitelist. You're better off using one of the filtering services that's out there (blacklist).

I'm pathological about controlling EVERYTHING. And I do.

And when someone with "Chief" at the start of their job title tells you that they control something, not you, what are you going to do? You can quit or be fired. No, you make the exception. I've worked at multiple Fortune 500 companies that allowed the C levels to do pretty much whatever the fuck they wanted.. and one of them let the users do whatever the fuck they wanted, including porn. You can try to control everything, and you might succeed, but sooner or later someone with hire/fire over you will make you make an exception.

The likelihood of something people don't have any experience with falling to hackers is "less"...

Have you ever heard of a zero-day vulnerability?

it seems like most of your premise is that low security is the only way to go in unskilled environments where even the IT department doesn't understand their jobs. I suppose but if your security department doesn't understand security then you don't have a security department. :D

IT incompetence is a thing to be sure. But, it's more likely that IT is only about 50% staffed for the workload they have, and also that they will not be allowed to implement security measures if the suits don't like it. Very often their hands are tied. Without executive buy-in, they're bullied into doing whatever the fuck the users want, security be damned.

I'd like to live in your world where you never run into idiots that have power over your policies and basically make it impossible to do your job sanely. "Do it or you're fired" is a thing.

You're also assuming the attack comes from outside the organization. Any infosec worker worth their copy of Wireshark knows that the biggest threat comes from inside, not from outside.

Pays off for your corporate masters, you mean. You still need to get back to work before they fire you.

Meaning employees must be taught which activities are correct, which are wrong, and then be refreshed on a yearly basis.

You can do all that, but if there are no consequences for breaching security policy (the "wrong" activities) then your average mundane has no incentive to do their part to improve security.

If one in every twenty employees that was caught breaking security policy were given an all-expense-paid trip to the curb with all their shit in a box, the rest would start taking it seriously and not just bitch about having to change their password every 90 days.