True, most of my experience is with companies 10k, but you're just being arrogant calling that "really small". Almost all of those companies are part of a larger corporation, and you don't manage IT operating activities in multinational corporations on the corporate level. The corporate level decides if you go with SAP or Oracle, but not which patch level of Apache is used on the website of one of 20 subsidiaries.
At least that's the way it was in my last two companies (one a subsidiary of a 65k employee corporation, one part of a 30k employee corporation). If you know of any multinational corporations where the CTO of the top-level holding has to sign off on patch deployment, let me know.
We're talking operative emergency response here, not rollout of new corporate IT infrastructures. I hope you see the difference.