Note I shared internally after the Twitter hack

If you live on earth and are in tech, you know that Twitter was hacked via social engineering and access to internal systems. There is more unknown than known in this case.

Following that, I shared a note in our internal Slack.

 Twitter was hacked. Multiple verified account were tweeting about crypto. Twitter blames social engineering and access to internal system. This is your almost daily reminder why we scrutinize access to APIs and internal systems so much. Limiting the blast radius of an internal access is crucial to doing business in our environment.

Since day 0, we had an almost **extreme** view on security and access. When I started at the company as a senior DevOps engineer, I did not get any access. I was very surprised by it. I could not access APIs, could not access AWS, nothing.

The way to deal with this is to limit the blast radius via compartmentalization.