Air gap firewall.
As a veteran of many years of band starting from elementary school to community band, may I just say that your post touched the "band nerd" deep in my heart.
Damn you for making me google that! I wasn't a band nerd and am musically illiterate.
You are now an honorable member of the Band Nerds Society of Earth. Congratulations, but don't blame me if the right tackle from the football team (6'5", 280lbs) starts picking on you.
(And it's @jlv's fault, not mine.) 
Crowdstrike. Fukn Crowdstrike.
I was so glad I was unemployed when that happened - running the Log4j security incident was bad enough, but at least our systems still worked.
Once the fix was out, we plowed through helping clients... Wasn't too bad for us..
In July I was in a hotel preparing for a next day migration with Texas A&M when my laptop blue screened. Ugly.
Monday my VM stopped talking to the network. Took quite some time to figure out and our IT security team apparently decided it was OK to container my VM in the middle of the day while I was actively on-site working a project for a big healthcare client. No warning, no advance notice or email. I'm still fkn furious.
They essentially force us to go rogue. I know several of my teammates that just run their own laptops or rogue VM's. Stupid inflexible security posture just makes them less secure.
Can you tell I'm mad as hell?
The only solace I have is I retire April 1 and will just use my own gear then. They can shove this other sh*t where the sun don't shine.
The Major Incident Manager prior to me worked for 3 days straight on getting the Biz back up and running - I would have passed out after about 24 hours.
I've been demanding a MacBook Pro as my work PC for the past ~4 years - it's saved my but so many times it's not funny! One of the main benefits has been me being able to install whatever software I like on them, when colleagues with Windows laptops are locked down tighter than a nuns nasty! 
Being able to run for ~20 hours off battery has been the other life saver.
I'm so married to vmware VM's and my trusty old W540 it's painful. I work on lots of old stuff, connect to serial consoles, etc. and I just can't use apple products well (android user). Some of the client software I have to use doesn't have Mac equivalents.
I really should just run a rogue VM but like to be able to do all the official office stuff, my 20 different VPN's for clients, certs, etc. etc. who also often require a protected corp asset in use, etc.
Even though I'm an IBM Power and Storage guy, I'm pretty self sufficient on the desktop/laptop and it's just corp security crap, GPO, and AV crap that keeps biting me in the ■■■. In 40 years, none of my personal stuff has ever been compromised.
FWIW, didn't Crowdstrike brick a bunch of macs earlier in 24?
Not that I’ve heard of, but it’s possible. That said, macOS doesn’t allow security software to run in the kernel space, so it would be quite impressive if they still managed it.
Guess what happened early 2024 to mac's..... Same thing.... Wasn't as wide spread...
