Alex Smolen
@alsmola
Followers
2K
Following
3K
Media
191
Statuses
2K
No longer active, check out https://t.co/dcjzMpK8Mh
Oakland, CA
Joined June 2008
Since Twitter's transition makes me sad I'm no longer gonna post here. Follow me on Mastodon instead:
infosec.exchange
Got FedRAMP? I wrote up my thoughts for meeting the FIPS 140-2 requirement on AWS https://alsmola.medium.com/meeting-the-fedramp-fips-140-2-requirement-on-aws-e9886ba3f66b
0
0
2
We're excited to announce LaunchDarkly Federal—the first FedRAMP®-authorized feature management platform. This means we can help public sector agencies develop software faster and release with less risk. Learn more: https://t.co/7Z1Wn8WBnZ
0
2
4
Seven years ago @benadida noticed @clever devolved chaos whenever we had an issue, and created a “flare” process to make sure we quickly triaged & carefully learned from issues. 1,383 flares later, the process is stronger than ever. Read all about it:
benlog.com
When I was VP Engineering at Clever, I defined an incident response approach that I called The Flare Process. A few years later, with the added benefit of hindsight, here’s my description of …
3
1
10
You have a vulnerability problem. You run a scanner. Now you have two problems - vulnerabilities and a mess of scanner results to process. https://t.co/YruFm0I7PZ
alsmola.medium.com
This is a summary of my LocoMocoSec 2022 and QCon SF 2022 conference talks — thanks to co-author Jake Mertz and the LaunchDarkly Security…
2
1
7
I have nothing to add to the current shitshow other than nostalgia for simpler times 🥲
0
0
6
Back in the day this used the original core Twitter SMS infrastructure. It led to issues where you could only use an phone number for a single account, you could send Tweets via 40404 after enrolling in 2FA, etc.
1
0
6
My guy here running a blameless post mortem after pushing a commit straight to prod
Folks at Twitter past and present are strong and resilient. They will always find a way no matter how difficult the moment. I realize many are angry with me. I own the responsibility for why everyone is in this situation: I grew the company size too quickly. I apologize for that.
5
49
580
What advice would you give to a first time engineering manager?
19
2
22
You have a #vulnerability problem. You run a scanner. Now you have two problems - vulnerabilities and a mess of scanner results to process. @alsmola, Director of Security @LaunchDarkly, shares a vulnerability management pipeline at #QConSF: https://t.co/pEyYeh2g0g
0
1
5
I have *always* been interested in how people change their minds. I think it started with my Dad's story - he was a conservative, religious Jew until he was 18, then he had an argument with a union activist on a picket line. 1/
8
245
1K
This is why security teams should frame user-facing changes as: "Check out this new way of doing x, y, and z - it will improve your life" -instead of- "You need to start doing x, y, and z - or else"
The world is easier to understand when you realize some people have high reactance - they just don’t like being told what to do & if they feel restricted by rules, they do the opposite. If you make people high in reactance sign an agreement not to cheat, they actually cheat more
0
0
2
How we are meeting the challenge of enabling business velocity while also achieving security? Hear real advice from @JuliaaMarieee, @travismcpeak, Aditi Gupta, @alsmola & @nasthagiri. 🇺🇸 In-Person #QConSF: https://t.co/k2g4fUxV0j 🌎 Online #QConPlus: https://t.co/LIXcqxeBBx
0
4
7
Coolio played at my high school’s charity celebrity basketball game (MCed by Kato Kaelin) and headlined the party that bankrupted my college fraternity. I felt oddly connected to him. RIP.
0
0
9
Add FIPS 140-2 encryption labels and you could submit this diagram for FedRAMP ATO
0
0
1
Excited to run back the @LocoMocoSec talk we gave on Vulnerability Inbox Zero for the Practical Security track at @QConSF on October 26th!
qconsf.com
0
1
3
There’s a security problem affecting your endpoints. You want fix it by setting a baseline across your inventory. Now you have two problems.
New stuff in Starting Up Security... Endpoint Security: Intuition around the Mudge Disclosures https://t.co/KIQaN8FOo4
0
0
2
Every standup I give the team a random creative prompt to go with their status update. Today’s prompt was “an animal you like eating a food you like” (h/t @Hannoussa) The answers were plugged in to AI image generation algorithms. Enjoy.
1
0
3
In security, logging and alerting without action is the equivalent of “thoughts and prayers”.
6
42
181
Come join/lead our team of AppSec pros!
More jobs on our WISP Job Board! @LaunchDarkly, Application Security Engineer @LaunchDarkly, Engineering Manager, Application Security @AleadaPrivacy, Technical Writer (Remote) @AleadaPrivacy, Project Manager (Remote) @AleadaPrivacy, Sr. Privacy Associate https://t.co/pIRic5c4p7
1
1
1