how f****d am I?

I've just started as a security engineer at a large organization.

After 2 weeks I've realised that they:

* Outsource 80% of IT.
* Have NTLMv1 enabled on all Windows devices
* Have SMBv1 enabled on unpatched domain controllers.
* Have many Windows 2000/XP/2003/2008 devices on a flat network.
* Use symantec for AV.
* Lots of vulnerabilities like spectre, eternal blue, log4j, proxyshell.

Am I f\*\*\*\*d?

controllers cybersecurity devices domain engineer large network organization security security engineer smbv1 symantec unpatched windows