diff --git a/v2/fleet/twistlock-defender.service b/v2/fleet/twistlock-defender.service
new file mode 100644
index 0000000..2552dba
--- /dev/null
+++ b/v2/fleet/twistlock-defender.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Install Twistlock Defender
+After=docker.service bootstrap.service
+Requires=docker.service
+
+
+[Service]
+User=core
+TimeoutStartSec=0
+ExecStart=/usr/bin/sudo bash /home/core/mesos-systemd/v2/util/twistlock.sh
+
+[X-Fleet]
+Global=true
diff --git a/v2/util-units/create-users.service b/v2/util-units/create-users.service
index 9377430..15dd3aa 100644
--- a/v2/util-units/create-users.service
+++ b/v2/util-units/create-users.service
@@ -13,7 +13,8 @@ ExecStartPre=-/usr/bin/rm -rf /home/core/mesos-users
 
 # TODO: re-visit this - dir should probably be configurable
 # look at the script to see what it's doing - you just need a repo with user public keys
-ExecStart=/usr/bin/bash -c '/usr/bin/git clone git@github.com:behance/mesos-users /home/core/mesos-users && /home/core/mesos-systemd/v2/util/add_users.sh /home/core/mesos-users/users'
+ExecStart=/usr/bin/bash -c '/usr/bin/git clone git@github.com:behance/mesos-users /home/core/mesos-users && /home/core/mesos-systemd/v2/util/add_users.sh /home/core/mesos-users/users && /home/core/mesos-systemd/v2/util/twistlock-user.sh'
+ExecStartPost=/usr/bin/sudo bash /home/core/mesos-systemd/v2/util/twistlockproxy.sh
 
 [Install]
 WantedBy=multi-user.target
diff --git a/v2/util/twistlock-user.sh b/v2/util/twistlock-user.sh
new file mode 100755
index 0000000..fcd13dc
--- /dev/null
+++ b/v2/util/twistlock-user.sh
@@ -0,0 +1,58 @@
+#!/bin/bash
+
+source /etc/environment
+
+HOMEDIR=$(eval echo "~`whoami`")
+
+sudo docker run --rm \
+    -v ${HOMEDIR}:/data/ behance/docker-aws-s3-downloader \
+     us-east-1 $CONTROL_TIER_S3SECURE_BUCKET .core
+
+
+while read line; do
+  etcdctl set $line
+done < ${HOMEDIR}/.core
+
+sudo docker run --rm \
+   -v ${HOMEDIR}:/data/ behance/docker-aws-s3-downloader \
+    us-east-1 $CONTROL_TIER_S3SECURE_BUCKET .twistlockparameter
+
+
+while read line; do
+  etcdctl set $line
+done < ${HOMEDIR}/.twistlockparameter
+
+twistlockclientusername=$(etcdctl get /twistlockclientusercore)
+twistlockclientpassword=$(etcdctl get /twistlockclientpasswordcore)
+twistlockparameter=$(etcdctl get /twistlockparameter)
+
+#steps to generate private cert for each ssh user in HOMEDIR/.docker
+
+curl -sSL -k --header "authorization:Bearer \
+$(eval echo $(echo $(curl -s -H "Content-Type: application/json" \
+-d '{"username":"'$(eval echo $twistlockclientusername)'", "password":"'$(eval echo $twistlockclientpassword)'"}' \
+https://"$(eval echo $twistlockparameter)":443/api/v1/authenticate) | sed -ne 's/.*"token":"\([^,]*\)".*/\1/p'))" \
+https://"$(eval echo $twistlockparameter)"/api/v1/cert/client-certs.sh | sh
+
+
+for i in `ls /home`;
+
+  do sudo cp -rf /home/core/.docker /home/$i
+
+done
+#steps to run twistlock as proxy server
+
+#echo "export DOCKER_HOST=tcp://$(eval echo $COREOS_PRIVATE_IPV4):9998" >> /etc/environment
+#echo "export DOCKER_TLS_VERIFY=1" >> /etc/environment
+
+
+
+#etcdctl set DOCKER_HOST tcp://$(eval echo $COREOS_PRIVATE_IPV4):9998
+#etcdctl set DOCKER_TLS_VERIFY 1
+
+
+#DOCKER_HOST=$(etcdctl get DOCKER_HOST)
+#export DOCKER_HOST
+
+#DOCKER_TLS_VERIFY=$(etcdctl get DOCKER_TLS_VERIFY)
+#export DOCKER_TLS_VERIFY
diff --git a/v2/util/twistlock.sh b/v2/util/twistlock.sh
new file mode 100755
index 0000000..246f051
--- /dev/null
+++ b/v2/util/twistlock.sh
@@ -0,0 +1,33 @@
+#!/bin/bash
+
+source /etc/environment
+
+HOMEDIR=$(eval echo "~`whoami`")
+
+sudo docker run --rm \
+   -v ${HOMEDIR}:/data/ behance/docker-aws-s3-downloader \
+    us-east-1 $CONTROL_TIER_S3SECURE_BUCKET .twistlock
+
+while read line; do
+  etcdctl set $line
+done < ${HOMEDIR}/.twistlock
+
+sudo docker run --rm \
+   -v ${HOMEDIR}:/data/ behance/docker-aws-s3-downloader \
+    us-east-1 $CONTROL_TIER_S3SECURE_BUCKET .twistlockparameter
+
+
+while read line; do
+  etcdctl set $line
+done < ${HOMEDIR}/.twistlockparameter
+
+twistlockusername=$(etcdctl get /twistlockusername)
+twistlockpassword=$(etcdctl get /twistlockpassword)
+twistlockparameter=$(etcdctl get /twistlockparameter)
+
+curl -sSL -k --header "authorization:Bearer \
+$(eval echo $(echo $(curl -s -H "Content-Type: application/json" \
+-d '{"username":"'$(eval echo $twistlockusername)'", "password":"'$(eval echo $twistlockpassword)'"}' \
+https://"$(eval echo $twistlockparameter)":443/api/v1/authenticate) | sed -ne 's/.*"token":"\([^,]*\)".*/\1/p'))" \
+https://"$(eval echo $twistlockparameter)"/api/v1/scripts/defender.sh \
+-o defender.sh && chmod a+x defender.sh && sudo ./defender.sh
diff --git a/v2/util/twistlockproxy.sh b/v2/util/twistlockproxy.sh
new file mode 100755
index 0000000..e3550cd
--- /dev/null
+++ b/v2/util/twistlockproxy.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+source /etc/environment
+echo "export DOCKER_HOST=tcp://$(eval echo $COREOS_PRIVATE_IPV4):9998" >> /etc/environment
+echo "export DOCKER_TLS_VERIFY=1" >> /etc/environment
\ No newline at end of file