It's easy to describe this as self-inflicted when you don't understand how large orgs work and have never had to consider how a security team deals with a large org, each piece wanting their own version (or multiple versions) of this solution.
Qualification isn't the issue because we (the US, US tech, SF/NY, etc.) have a lot of qualified talent, both in eng and elsewhere. The issue you describe with competence IS an issue but not for this. Your final sentence is correct but not right.
Basically, you're right and you're wrong and I should probably write something longer form but won't get to it for months. I'll give you an upvote in lieu of that for making me think deeper about the topic.
And after re-reading my first sentence, I apologize for suggesting you don't understand how large orgs work. That wasn't fair and I don't know your background. I'm gonna leave the post unedited for honesty's sake.
Qualification isn't the issue because we (the US, US tech, SF/NY, etc.) have a lot of qualified talent, both in eng and elsewhere. The issue you describe with competence IS an issue but not for this. Your final sentence is correct but not right.
Basically, you're right and you're wrong and I should probably write something longer form but won't get to it for months. I'll give you an upvote in lieu of that for making me think deeper about the topic.