Oblique
LightNews LightNews
banner
oblique.security
Oblique
@oblique.security
24 followers 2 following 22 posts
Scale access securely and automatically
Posts Replies Media Videos
Pinned
oblique.security
Oblique @oblique.security · Jun 23
Identity management has quietly become the primary security perimeter. But it's a mess — identity requires constant manual work that security teams burn out from.

At Oblique, we're helping organizations make their access controls actually maintainable.

Full post: oblique.security/blog/identit...
Identity management is harder than it should be | Oblique
Identity management is surprisingly hard, as access controls change constantly, and getting them right requires context. We founded Oblique to work on impactful security problems.
oblique.security
oblique.security
What you really want to control access to is data, not systems — so why are we stuck thinking in systems? Our cofounder @mayakaczorowski.com shares what she learned researching tiered controls for our latest report on Modern Access Controls.
November 7, 2025 at 2:49 AM
oblique.security
Authentication failures from the last five years at Okta, Snowflake, and Twitter show very similar attacks, from credential theft, to MFA bypass, to session hijacking.

Dive deeper into these incidents and avoid repeating the same mistakes: oblique.security/blog/authn-f...
What we can learn from real-world authentication failures | Oblique
Recent breaches at Okta, Snowflake, and Twitter help us learn how to prevent authentication failures like credential theft, MFA bypass, and session hijacking.
oblique.security
October 15, 2025 at 5:59 PM
oblique.security
Don't rely on managers for access approvals — they don't work, for either security or speed.
Instead, get approvals from app owners who actually understand the systems and risks, and automate approvals that are always granted.
October 7, 2025 at 6:28 PM
oblique.security
We see it all the time: internal security tools “work” but hurt to use—so people route around them. We break down why teams underinvest in UX and how to build tools users actually adopt. Treat security like a product. https://oblique.security/blog/security-ux/
October 7, 2025 at 4:44 PM
oblique.security
We interviewed IT and security teams on what actually works in access control: shared ownership, data-first controls, enforce at change time, route approvals to app owners or automate, pre-approved groups for JIT access. https://oblique.security/blog/policies-report/
October 3, 2025 at 6:54 AM
oblique.security
What *really* works in access control? We asked modern IT and security teams how they define and improve their policies — in reality, not in theory.

Read the report: oblique.security/blog/policie...
Modern access controls: takeaways on what actually works | Oblique
We interviewed IT and security teams to ask them how they actually define, implement, and improve their access control policies. Get the report to learn more.
oblique.security
September 24, 2025 at 9:25 PM
oblique.security
The biggest scaling challenge for IT and security teams isn't technical — it's organizational. When you're managing access for thousands of employees and hundreds of applications, you need to know: who owns what?

Read more in our latest post: oblique.security/blog/delegat...
Delegate authority to those with context | Oblique
Business teams have context for access decisions but lack authority. Delegate to those closest to the resources by defining clear ownership for each app.
oblique.security
September 17, 2025 at 6:36 PM
oblique.security
You shouldn't build your internal tools in git unless you hate your users.
Stop making me learn git. Stop trying to make git happen 💁‍♀️
oblique.security/blog/git-int...
Stop trying to make git happen | Oblique
Internal tools built as code come with version control and audit logs for free, but git becomes a barrier for non-engineers to use these tools.
oblique.security
September 10, 2025 at 6:08 PM
oblique.security
If you're interested in learning more about what's happening in the IAM market — and who's competing with Okta and why — then you should read our cofounder @mayakaczorowski.com's latest post.
mayakaczorowski.com Maya Kaczorowski @mayakaczorowski.com · Sep 4
Wrote up some thoughts for how Okta is getting squeezed from all sides: squished by Rippling at the bottom, Msft at the top, and other markets and startups in the middle.
I hope you love some red string diagrams 🤣
ventureinsecurity.net/p/the-unbund...
The unbundling of Okta: are startups chipping away at Okta?
A guest post from Maya Kaczorowski who breaks down Okta’s competition and how Okta is not being unbundled, but rather squeezed from all sides.
ventureinsecurity.net
September 4, 2025 at 5:35 PM
oblique.security
Your job title makes a bad RBAC role: what access does a Chief Happiness Officer need, anyways? A role in RBAC should represent what someone actually does in your environment. Your job title is your position, not your job function.

Read more in our latest blog post: oblique.security/blog/rbac-ro...
Why your RBAC roles aren't actually roles | Oblique
A role in RBAC should represent what someone actually does in your environment. Your job title makes a bad RBAC role: it's your position, not your function.
oblique.security
September 2, 2025 at 5:29 PM
oblique.security
Comms groups map to how people actually work, and often, access groups don't (but they should). But comms groups always become access groups. It's not a matter of if, but when.
Read more in our latest post: oblique.security/blog/comms-a...
Comms groups inevitably become access groups | Oblique
Comms groups map to how people actually work, and often, access groups don't (but they should). Comms groups always become access groups. It's not a matter of if, but when.
oblique.security
August 28, 2025 at 6:12 PM
oblique.security
Check out our cofounder @mayakaczorowski.com's post on @frankw.bsky.social's Frankly Speaking on how modern security teams are scaling.
Read the post for the new commandments of security teams: franklyspeaking.substack.com/p/the-new-co...
The New Commandments of Security Teams
Guest post by Maya Kaczorowski
franklyspeaking.substack.com
August 26, 2025 at 5:02 PM
oblique.security
Check out the latest from our cofounder @ericchiang.bsky.social to learn about a neat Go type trick to avoid query injection in SQL builders.
August 18, 2025 at 3:53 PM
oblique.security
Over the past 60 years, we've gone from reusing the same password everywhere to advanced biometric authentication like FaceID. Dive into the history of authentication in just 2 minutes!
August 13, 2025 at 7:10 PM
oblique.security
Authentication has evolved from simple passwords to federated systems with passwordless logins, with a constant push and pull to balance security and usability.
Deep dive into the evolution of authentication in our latest blog post!
oblique.security/blog/history...
The evolution of authentication, from passwords to passkeys | Oblique
Authentication has evolved from simple passwords to federated systems with passwordless logins, continuously balancing security and usability.
oblique.security
August 13, 2025 at 6:59 PM
oblique.security
Instead of minting long-lived API keys, you can use GitHub Actions' OpenID Connect support for workload identity. Here's how we authenticate config-as-code workflows in Oblique without secret management headaches.

Better security + Better developer experience 💟

oblique.security/blog/github-...
Authenticating GitHub Actions without API keys | Oblique
Instead of minting long-lived APIs keys and warning users “keep this secret,” let's use GitHub Action's OpenID Connect support instead.
oblique.security
July 31, 2025 at 11:03 PM
oblique.security
Check out this interview with our co-founder @mayakaczorowski.com on finding and solving problems that have real security impact - like why access management is a perennial issue for organizations.
thesecuritywing.com/making-iam-l...
Making IAM Less Painful: A Security PM's Journey to Founding Oblique Security
TL;DR: I sat down with Maya Kaczorowski who’s building Oblique Security. I chatted about her early beginnings studying math and cryptography to building security products at Google Cloud, GitHub, and ...
thesecuritywing.com
July 28, 2025 at 9:29 PM
oblique.security
Most access request justifications are useless. "Please give me access" doesn't give you any context, it's just someone trying to get back to work.
oblique.security/blog/justifi...
Good justifications write themselves | Oblique
Organizations ask users to fill out justification fields when requesting access, but these are useless explanations. Your authorization system should already have the context it needs.
oblique.security
July 25, 2025 at 9:50 PM
oblique.security
IT teams are afraid of removing access — what if something breaks?

Even if you don't know why someone has access, you should be able to figure out if they're using it. Removing unused access isn't risky — never removing access is.

Read more in our latest blog post: oblique.security/blog/chester...
Chesterton's fence doesn't apply to access controls | Oblique
IT teams are scared to remove access they don't understand, leading to sprawling entitlements. Removing unused access isn't risky — never removing access is.
oblique.security
June 27, 2025 at 11:22 PM
oblique.security
Identity management has quietly become the primary security perimeter. But it's a mess — identity requires constant manual work that security teams burn out from.

At Oblique, we're helping organizations make their access controls actually maintainable.

Full post: oblique.security/blog/identit...
Identity management is harder than it should be | Oblique
Identity management is surprisingly hard, as access controls change constantly, and getting them right requires context. We founded Oblique to work on impactful security problems.
oblique.security
June 23, 2025 at 7:09 PM