Code Room
On-callMedium
Question
At 09:14 a security researcher emails support: a long-lived AWS access key for your production data-pipeline IAM user is sitting in a public GitHub repo your company open-sourced last week. The CloudTrail dashboard shows the key was used 11 minutes ago from an IP geolocated to a region you don't operate in, calling s3:ListBuckets and s3:GetObject. The commit that introduced the key is 6 days old; the repo has 40 stars and 3 forks. You're the on-call engineer. Walk through how you triage and contain this, and what the durable fix and postmortem look like.
What a strong answer looks like
Stop the bleeding first (mitigate), then form hypotheses from real signals. Separate root cause from symptom, communicate status as you go, and close with what prevents a repeat.
Learn the concepts
Loading whiteboard…
Run or narrate your approach, then ask the coach.