* input validation at ingestion time vs processing time
* access control via a proper IAM system with defined roles as opposed to granting access to individual users
* various multi-tenancy, multi-region, and multi-regulatory-regime concerns
* relying on standard frameworks/platforms which provide rollouts, monitoring, test harnesses, etc. as opposed to rolling your own
Some of the things were simply "we know this is important, but we have to hit this deadline so we're going to cut corners", resulting in rework later to do things properly in production
I like this kind of "meta-problem" and would be interested in known how to get people more interested in ideas that I intuitively know are useful.