Definitely. Twitter seems to have not been doing a lot of standard best practices for a company of their size.
My intent was pointing out that engineers with high level access to their dev machines is pretty common in tech. Not that other controls like policy enforcement are also often absent in tech (esp in larger companies). Hard to know how common that is -- seems unusual at least in big tech.
If you had an out-of-date version of the OS you’d be cut off from the VPN. Pretty standard stuff.