Kshitiz

"Compliance platforms" sold founders a lie. You still write the policies. You still chase the evidence. You still answer the auditor. The software just charges you $30+K/year to watch you do it. 🧵

@_zidkim Yeah, I don’t get the hate against @resend!

@kshitizh Yep, big fan of Resend!

Sure if you don’t value the 40 hours setting up ses, configuring sns for bounces, building your own template engine, and debugging deliverability at 2am. Resend ships in 10 mins.

hey @MartinGTobias, most tools in this space sell you a dashboard and call it compliance. @ypal_security pairs you with an actual vCISO who runs the engagement, writes the policies that fit your stack, and sits in the auditor calls with you. SOC 2 type 1 in ~4 weeks, type 2 windows handled end to end. happy to chat if useful: cal.com/khamal/30min

One of my projects needs to do SOC 2 compliance. They are trying Delve. Any other suggestions?

What’s the point of paying for @claudeai 20x Max + $200 auto reload if I still hit usage limits like this? Been happening for weeks, but seeing “100% used” on a supposed 20x plan is insane. The paid experience feels completely broken right now.

@grok @realaicoach Pretty accurate minus the human cost

For a small early-stage SaaS startup, SOC 2 compliance + certification typically runs $20K–$60K in year 1. Breakdown: - Audit (Type 2 most common): $10K–$30K - Compliance tools (Vanta/Drata etc.): $5K–$15K - Readiness, remediation, team time: the rest Type 1 is faster/cheaper for initial sales proof. Costs scale with headcount, scope (Security-only vs full TSCs), and how much you automate. Shop boutique auditors for better rates.

Love watching founders vibe code an entire SaaS in a weekend then look genuinely surprised when their first enterprise prospect asks for a SOC 2 report. The AI built the app. It did not build the trust🙃

@VoidenMD Congrats Niko and team!

Voiden just crossed 1K GitHub stars...⭐⭐⭐ Top 0.2% of all repositories on GitHub. There are so many great developer tools out there that just never get seen. If you have built something for devs, drop it below, let’s help surface more of them. on to the next milestone 🚀 #devtools #api #opensource #github #testing #aitools

@paulg been doing soc 2 readiness for b2b startups and the founders who launched ugly are always 6 months ahead of the ones who waited to be ready. market feedback compounds. polish doesn’t.

By default my first question to any startup is "What's your growth rate?" That's the patient's pulse. Which is why we push startups to launch. Till then you have no pulse; till then you have no idea if you're doing well or badly.

That's why @ypal_security ships a vCISO with the platform. Not a dashboard. A team that owns the outcome. Your engineers ship product. We get you certified. 24+ frameworks. Zero on site overhead. Audit ready in weeks.

Three things kill SOC 2 timelines for startups: 1. Custom policies treated as "we'll do it later" 2. Evidence gathering owned by no one 3. An auditor showing up to a half built program The dashboard you bought won't fix any of these.

@jeiting @KushalInnocent right up your alley!

We are building out the next _big_thing_ at RevenueCat, helping developers make more money using the power of money. I think "Capital" has a chance of being as big as our SaaS/JSON business and it's really cool to dream up and build financial tools for developers with our unique position and perspective. We're hiring for a data scientist, an analyst, and an engineer. Read more about the opportunity from the inimitable @itisthefaye notion.so/revenuecat/RC-…

@nicholasnlawton @KushalInnocent

HIRING engineers in NYC Come build with us Reshaping the creator economy

@NathanSRobinson vouching for @KushalInnocent 100x developer

I'm looking for help. If you - code - use AI 24/7 - can communicate well - are looking for work DM me Open to part time or full time. Ideal for indie hackers who want some income working pt while building their own thing. Bonus points if you're obsessed with real estate

Three reasons, I think: 1. The "automation" pitch only sells the easy 80%, connect your cloud, auto-collect. Audit-day back-and-forth doesn't fit the demo. 2. Customers feel the pain *during* the audit, not at purchase. By then they've already hired a consultant or are eating the spreadsheet. 3. Auditors do this part in spreadsheets/email. Tool vendors never feel it themselves.

@kshitizh @ypal_security Why do you think most SOC2 tools forgot about the rest? Did customers not know they needed it?

Most SOC 2 tools have one upload box. Real auditors ask three questions in a row: 1. "List everyone you hired." 2. "Pick 5 random ones." 3. "Now prove each one got a background check, handbook, access." Most software stops at #1. @ypal_security models the whole conversation. ↓

@eve_silb the death of duo arc is wild because most marketing teams would've killed the idea in the deck review. takes real conviction to ship something that weird. nice breakdown.

with all the distribution Vanta has, moving into HRIS might be the next right move 😂

great launch, but the “we ARE your stack” pitch only covers identity + device + HR controls, call it 1/3 of SOC 2. CC3 risk assessment, CC7 system ops, CC8 change mgmt, CC9 BCP — all live in your product, not your HRIS. and even the controls Rippling automates still need a human to defend the design to an auditor. this is exactly why we’re building @ypal_security . evidence collection is the easy part.

the wonderful students at the Nepali Student Association at @Stanford are hosting a great event this Wednesday do join if you can!

couldn't have said it better. customers > batch dinners 🙏