Olivia
Online
Tim Olshansky
@timolsh
Build security @Fencer_Security
San Francisco, CA
Joined September 2009
178 Following
163 Followers
319 Posts
@dok2001 I've noticed that SNI and host overrides are still in enterprise plan (https://t.co/s0mV4EiQpF) - any chance we can get that in other plans too given your very generous policy of everything in every plan (https://t.co/Pwh3CRR2Lg)? 🙏🙇☺️
Make sure to always reuse your botoclients. Initializing a fresh one on each task has A LOT of overhead!
Engineering capacity at a startup is finite. Security is one of the things asking for a piece of it.
Here's Tim Olshansky on how to stop running security as a parallel program to product and start budgeting it as part of engineering capacity instead:
https://t.co/X6xvNjoGiV
Who to follow
Lean (inkel)
@inkel
The floating head with a beard. Site Reliability Engineer @grafana. Formerly @theoremco
Joshua Slayton
@joshuaxls
Founder @angellist @coinlist and Hella and #flirtmore and other stuff 🦜🎨 Half Kentucky half SF
Ross Macdonald🇺🇦🇺🇦
@rossmac2310
African, Ukrainophile, ☕️ , tech 4 telco, climate and poverty, rugby 🇿🇦 | 🏴. No DM's.
Friends! I've built a cool little tool for reviewing security reports, starting with SOC 2 that I'm looking to recruit testers for. Comment in thread or DM and I'll share it with you - would love any/all feedback 🙏
New: a field guide on running security at a startup, from someone who lived it.
Our co-founder @timolsh was a CTO at a startup before he built Fencer. He built and ran the security program himself. Led the company through SOC 2 with no security team to hand it to.
He wrote down what he wishes someone had handed him then.
Startup Security: A Field Guide for CTOs covers:
👉 When security stops being a "someday" problem
👉 Where your hours actually go when you're the one doing the work
👉 What to put in place first
👉 How to run security operations without burning out the team
👉 Considerations for startups in the AI era
Read it here: https://t.co/t0Cy0TIMU4
@bnj I’m building @fencer_security and would love to come check out the space. Working on a few things right now that would really benefit from design help 🙏
@MaxBrodeurUrbas @satyanadella The most challenging platform I’ve ever built on. Nothing works and nothing makes sense. Have to wade through ungodly amounts of documentation to figure out that it still doesn’t work.
Trust me chat. Forget about Glasswing spamming 0days in your software, you're already cooked with current models.
I've hacked hundreds of global orgs, including governments (legally) over the last 10 years, and the amount of times I required a 0day to do so was exactly 0 times.
Being worried about Glasswing is like living in Europe and being worried about Northrup Grumman having lethal space lasers while you're more likely to get stabbed by a crazy person walking through the streets.
@0xgaut What does it mean when you have all of them? 🤦♂️
I know its "another tuesday" guys, but what(!) is happening in security right now
Trivy, LiteLLM, now Axios. Damn malware is hitting hard and fast now. A few small shifts that close most of the security gap:
* Add a 3–7 day delay on new package versions with package cooldowns (minimumReleaseAge)
* Disable install scripts (--ignore-scripts)
* Only install from lockfiles (--frozen-lockfile)
* Upgrade on a schedule, not on deploy
Attackers rely on speed. You don’t have to.
With recent Python supply chain attacks (Trivy/LiteLLM), it’s worth mentioning uv’s `exclude-newer = "x days"` config.
It forces uv to only installs packages published more than x days ago, reducing risks since problematic packages should be yanked by then.
@josevalim I'd go with Vanta or Drata (we use Drata) - both are solid platforms and have a somewhat "arms-length" relationship with their auditors. Anyone that offers to include an audit and manages the audit themselves are not too dissimilar to you-know-who.
The even bigger problem is that SOC2 doesn’t even have standards. You just need to prove that you’re doing what you said you’d be doing even if what you’re doing is completely useless.
I’ve seen companies with Vulnerability Management policies with no SLAs or commitment to resolving the issue
@shravvmehtaa Us too @shravvmehtaa - we are providing proper security tooling and testing to affected folks. Would love to partner and integrate @fencer_security with Secureframe
@usebland If you’re worried that your security posture isn’t as strong as you’d like because of this, we would be happy to help @fencer_security
https://t.co/vDcZAcHzVO
If you were impacted by the recent Delve issues and want to harden your security posture, we (@fencer_security ) will be happy to help you out.
For anyone that signs up in the next two weeks, we will give you 15% off an annual subscription and provide white glove onboarding ourselves. This will include our full platform of code, infrastructure, runtime protection, static code analysis (SAST), dynamic application security testing (DAST), identity management and SIEM.
We typically work with software companies between 20 and 500 employees.
While we don’t ourselves do the compliance part, we integrate with many of the large vendors in the industry (Vanta, Drata, etc.)
Feel free to DM me or comment below.
If you were impacted by the recent Delve issues and want to harden your security posture, we (@fencer_security ) will be happy to help you out.
For anyone that signs up in the next two weeks, we will give you 15% off an annual subscription and provide white glove onboarding ourselves. This will include our full platform of code, infrastructure, runtime protection, static code analysis (SAST), dynamic application security testing (DAST), identity management and SIEM.
We typically work with software companies between 20 and 500 employees.
While we don’t ourselves do the compliance part, we integrate with many of the large vendors in the industry (Vanta, Drata, etc.)
Feel free to DM me or comment below.
Last Seen Users on Sotwe
Kang retweet
Seen from Germany
Hiç etik değil
Seen from Turkey
rafa
Seen from Mexico
Sultan
Seen from Turkey
mouhnewgrek
Seen from Indonesia
عـ‘ــِـِِـِـهر بـًٌٍّ̨̥روٌ مـ‘ـٱكُـُس ◕。)➜
Seen from Netherlands
Fister
Seen from United States
LELUHUR JAV
Seen from Indonesia
فحل
Seen from Australia
بائع المقاطع النار 🔥
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.5M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.1M followers
Taylor Swift
@taylorswift13
81M followers
Lady Gaga
@ladygaga
72.5M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
69.1M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.7M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.2M followers