Why worry about the blowback? That's the corpse talking, if I hear, "This disrupts our workflow," I'm even more confident that I should rip the band-aid.
Offices that don't follow security practices uncovered because they never called for help, another chance for drifters on autopilot to walk away from the job because it just got too hectic, stop paying licenses for a bunch of tools you didn't realize you were paying for and don't need, find replacements for all the tools that are not actively maintained, or don't have cooperative maintainers.
It's a healthy shake-up and our society at large should be less scared of making decisions like these
You’re assuming that everyone shares the IT security department’s priorities. If you tell someone senior that they can’t use a tool they need, you might learn that they have political clout as well – and the context here makes that especially plausible.
Offices that don't follow security practices uncovered because they never called for help, another chance for drifters on autopilot to walk away from the job because it just got too hectic, stop paying licenses for a bunch of tools you didn't realize you were paying for and don't need, find replacements for all the tools that are not actively maintained, or don't have cooperative maintainers.
It's a healthy shake-up and our society at large should be less scared of making decisions like these