But then you are competing with other countries, these countries may be compartmentalising less and be more efficient due to that and then you will get beaten by these countries.

If you compartmentalise extremely few will have good idea of the full picture, and from my experience I know that it's really hard to work without knowing full picture or why exactly you are doing something.

Snowden was a network admin with access to backups or something IIRC so compartmentalization does little. He stole the parent container.

At some level, you have to trust people. Mandatory job rotation goes a long way. You don't want people becoming familiar enough with any system to learn how to exploit it. Move them around to change the rules of their environment faster than they can find loopholes, and occasionally change the tech stack to nullify retained knowledge.

And the access log? Lol. Best way to figure out who's onto you is to take a peek at the list of who's asking about you and what their interest is. You've just compromised the investigative team in implementing this.

The most irritating resume-updating event going on at my own job right now is an arbitrary shift to using retarded APT-style codenames for individual humans under investigation.

It used to be bad enough if the subject was trans and changed names halfway through the investigation, but now all identities are obfuscated by some FozzyBear or WakaWaka bullshit. It makes presenting a coherent timeline impossible.

Ideally there'd be a CMS that implements EAV row-level access controls for case management so we can selectively disclose case intel to other teams but I haven't found a good one we can afford.