Honeastly though, I get it. If you have headcount for two people, do you want one of those people to be a DBA and another to be a platform architect? Whos going to actually make the app.
I genuinely think the problem is that frameworks don't do this for you. Why should you need a DBA and platform architect to make a multi tenant CRUD app, pretty much every one does the same thing..
Security minded generalists exist. They might move slower than you expect of a MFBS (move fast break shit) engineer, but you might also end up with fewer issues later.
> Security minded generalist
there’s always some senior-ish person in the interview pool who is interested in security. hire them, let them figure things out and then give them permission to call bullshit on what you’ve done so far.
avoid hiring the “fanatics” tho. you don’t need E2EE everywhere.