I’m sorry but I really really really want some citations here - a network that has VPNs, LANs at multiple locations is as vulnerable as a single location that uses air-gapped computers passing say usb sticks around to share say git repos.
I am not sure I would enjoy working at the second place but I would really hope we weren’t an easy target
It's been shown many times that people will pick up random USB devices from anywhere and plug them into any computer without thinking. Airgapping just stops the automated scans and stuff that was already being stopped. Defence is reactive, so the momentum and advantage is always on the attacker side, and stopping the lazy ones doesn't do anything to stop the real threats.
The costs of seatbelts are already built in to the car. The cost of airgapping is not. The sheer inconvenience and limiting of the potential employee pool would put it far out of budget for anyone but governments or very large corporations doing very sensitive work, and even in those cases it would be on a site-by-site basis, not org-wide.
I am not sure I would enjoy working at the second place but I would really hope we weren’t an easy target