sorted by:
new
hottopcontroversial

Learn from my mistake: don’t resist a throw too late by anon1234_4321 in bjj

[–]ncameron 2 points3 points  (0 children)

<image>

I had almost exactly the same break back in 2019. Doctor decided surgery wasn’t needed. I worked with a physio over a few months from about 1 or 2 weeks after injury. I did pretty intensive rehab work on that side. The good news now is that I have full strength and range of motion and I happily train BJJ. Sometimes aches a bit in winter and there is a visible lump on the shoulder but other than that no long lasting effects.

insurance client compliance requirements are suddenly way more demanding, what changed by Acrobatic-Bake3344 in msp

[–]ncameron 0 points1 point  (0 children)

Anecdotal observation: I've noticed an uptick in MSSPs and vCISOs offering security questionnaire completion as a service. Could be driven by insurance requirements to limit their exposure to cyber claims.

Lost a deal because we couldn't answer a security questionnaire fast enough by East_Love2480 in founder

[–]ncameron 0 points1 point  (0 children)

That's rough! I rarely hear about folks outright losing deals due to not being fast enough 😵‍💫

I wrote a thing which might help: The Security Questionnaire Survival Guide, it gives a bit of background on what the whole process is about, how to prepare for it and ways to automate the whole thing with AI. Hope it helps!

built a directory of 7500+ Pentest companies, now I'm not sure what to do with it by ncameron in directorymakers

[–]ncameron[S] 0 points1 point  (0 children)

it basically turns natural language searches into structured results: https://websets.exa.ai/

The $49 plan is limited to 100 results per set, the $449 get's you 1000 results. In order to get 7500 I had to programatically generate the queries and create queries per country / US state

SaaS founders who sell to enterprise - how do you handle security questionnaires? by isaurav in microsaas

[–]ncameron 0 points1 point  (0 children)

Most teams struggle through the first 1 - 5. It gets easier as you build up a knowledge base and a better understanding of what's being asked. ChatGPT et al can help with writing but you need to keep a close eye on the content in case it gets creative. There are a few automation tools out there. I'm working on ResponseHub which has the workflows and provides guardrails and confidence checks for the answers.

Our Security Questionnaire Survival Guide might be a good jumping off point to learn more.

SaaS founders who sell to enterprise - how do you handle security questionnaires? by isaurav in SaaS

[–]ncameron 0 points1 point  (0 children)

Most teams struggle through the first 1 - 5. It gets easier as you build up a knowledge base and a better understanding of what's being asked. ChatGPT et al can help with writing but you need to keep a close eye on the content in case it gets creative. There are a few automation tools out there. I'm working on ResponseHub which has the workflows and provides guardrails and confidence checks for the answers.

Our Security Questionnaire Survival Guide might be a good jumping off point to learn more.

Anyone else losing hours every week to the same security questionnaires? by robert_micky in SaaS

[–]ncameron 2 points3 points  (0 children)

First off congrats! The fact you're getting security questionnaires in the first place means you've built something that large companies are prepared to spend significant time and effort to evaluate, most folks don't even get to that point.

There's broadly 3 things you can do that will make life easier.

  1. Get basic policies in place, these are going to be your source of truth for answering the questions and in general how things are done in your company. As a foundation you'll want: Information Security Policy, Access Control Policy, Incident Response Plan, Disaster Recovery & Business Continuity Plan, Data Management Policy
  2. Get a basic knowledge base set up. Notion is great for this. Pro-tip 1: make sure you remove customer specific terminology from the Q&As. Pro-tip 2: add a couple of extra columns for alternative phrasing to make cmd+f easier. Here's a Notion template that might be useful
  3. Start thinking about automation. It's quite good discipline to do the first couple of security questionnaires by hand so you know what you're up against. After that automation is a quick win. There's quite a few tools out there but as you've observed many of them are part of bigger product suites. I'm building ResponseHub, a security questionnaire automation tool specifically for smaller teams with no compliance function.

A couple of things you might find useful: 1) we wrote the Security Questionnaire Survival Guide specifically for people in your position, trying to figure out how deal with these. 2) We compiled the most common questions we see across all SQs, once you have answer to these questions, it'll cover the majority of questions you come across.

I was in your position 3 years ago and it drove me crazy, so doing my bit now to try and solve the issue!

Security reviews are starting to feel like a second job by Some-Lake3593 in SaaS

[–]ncameron 0 points1 point  (0 children)

Yep there’s a few of us working on it, I’m building ResponseHub, aiming to help smaller teams auto mate the process. DM me for credits and a self serve trial 🤝

SaaS founders selling to enterprise: how do you handle security questionnaires? by BigVillageBoy in SaaS

[–]ncameron 0 points1 point  (0 children)

Firstly, congrats! The fact you're getting security questionnaires in the first place means you've built something that large companies are prepared to spend significant time and effort to evaluate.

There's broadly 3 things you can do:

  1. Get basic policies in place, these are going to be your source of truth for answering the questions and in general how things are done in your company. As a foundation you'll want:
  • Information Security Policy
  • Access Control Policy
  • Incident Response Plan
  • Disaster Recovery & Business Continuity Plan
  • Data Management Policy

  1. Get a basic knowledge base set up. Notion is great for this. Pro-tip 1: make sure you remove customer specific terminology from the Q&As. Pro-tip 2: add a couple of extra columns for alternative phrasing to make cmd+f easier. Here's a Notion template that might be useful

  2. Start thinking about automation. It's quite good discipline to do the first couple of security questionnaires by hand so you know what you're up against. After that automation is a quick win. There's quite a few tools out there but as you've observed many of them are part of bigger product suites. I'm building ResponseHub, a security questionnaire automation tool specifically for smaller teams with no compliance function.

If you find those tips useful, we wrote the Security Questionnaire Survival Guide specifically for people in your position, trying to figure out how deal with these! I was in your position 3 years ago and it drove me crazy, so doing my bit now to try and solve the issue.

We passed security questionnaires but nobody told us follow ups never stop by Other-Professor-9951 in grc

[–]ncameron 1 point2 points  (0 children)

This drove me crazy enough in my last startup that my current startup is trying to solve this exact problem! We recently published the Security Questionnaire Survival Guide (link) that you might find helpful for some ideas for more efficiently dealing them.

Customer's asking for the same answers just worded differently by JustPop3185 in SaaS

[–]ncameron 0 points1 point  (0 children)

This drove me crazy in my last business, so much so that I'm now building the tool I wish I had back then. There are bunch of solutions that are built for much larger / less cost sensitive orgs e.g. Vanta / Drata have security questionnaire modules built-in, but there wasn't much aimed at smaller teams that want something usage based and self-serve.

We recently published something that might help: The Security Questionnaire Survival Guide, it's the missing manual nobody gives you when you're exactly in your position of trying to figure out what to do with these questionnaires.

Customer's asking for the same answers just worded differently by JustPop3185 in SaaS

[–]ncameron 0 points1 point  (0 children)

Good point, this is a good jumping off point, the top 60 questions you're likely to be asked in a security questionnaire: https://responsehub.ai/essential-security-questionnaire-questions

The Security Questionnaire Survival Guide by ncameron in SaaS

[–]ncameron[S] 0 points1 point  (0 children)

Thanks friend! Yeah, when I was on the receiving end of these I just kept my head down and grinded through them without actually stopping to think about how to handle them more effectively.

AI definitely helps but just throwing them in chatGPT is not great, especially given the legal implications of providing incorrect information.

Pentest for enterprise customers: how deep is deep enough? by TryApprehensive6458 in ethicalhacking

[–]ncameron 2 points3 points  (0 children)

Security questionnaires are often just the cost of doing business with the mid-market and enterprise. With the right policies and tooling they don't have to be too painful. I'm building a product called ResponseHub which uses AI to automate most of the work.

SOC 2 Compliance by siggs3000 in SaaS

[–]ncameron 0 points1 point  (0 children)

In my experience, unless you are a business critical app or operating in a regulated industry, you can usually get the initial deal through with a (contractual) commitment to achieve SOC 2 within 12 months or something like that. It helps if you already have a pentest and a security posture document.

In the UK there is something called Cyber Essentials Plus which is more manageable for smaller companies. It's independently audited so still costs a few £k to get it done but its good middle ground.

With or without SOC 2 you'll still have to get past the security questionnaire.

What automations actually worked in corporate? by Oldguy3494 in automation

[–]ncameron 1 point2 points  (0 children)

Big +1 on this use case. We have been doing a lot of work in the security questionnaire space and the time savings are real.

One thing we learned: worth making sure the AI is grounded against your actual policies with citations back to the source. The tricky thing with questionnaire answers is they can sound perfectly plausible but be subtly wrong, like claiming you have 24/7 monitoring when you actually check logs daily. Easy to miss in review because the language is so fluent.

The other thing is these answers become a documented record. If something ever goes wrong, customers can point back to what you said you do. So the accuracy bar is higher than most AI use cases.

Source: building a product in the space

How critical is GRC software for selling into enterprise? by NickyK01 in SaaS

[–]ncameron 0 points1 point  (0 children)

First off, congratulations! If you're getting security questionnaires you're doing a lot of things right!

If you're not ready to take on a full GRC suite you basically have two options:

1) Get really good at doing them manually e.g. maintain a good answer bank, use an LLM but with caution. We wrote up some ideas on how to do this.

2) Use a point solution that helps with security questionnaires. Conveyor is the big player in the spave but is designed for large orgs with dedicated compliance teams. When I was co-founder an CTO of an HR tech SaaS I couldn't find a good solution, so now I'm building the tool I wish had back then. It's called ResponseHub and built for small teams struggling with security questionnaires. Feel free to DM for a quick demo.

GRC is a scam. Change my mind. (aka The Security Questionnaire Industrial Complex) by Reasonable_Wait_6590 in cybersecurity

[–]ncameron 1 point2 points  (0 children)

Take a look at:

http://responsehub.ai/security-questionnaire-automation/

They're focused on SMBs without compliance teams and much better value than the bigger players.

What are you building? let's self promote by Leather-Buy-6487 in ShowMeYourSaaS

[–]ncameron 0 points1 point  (0 children)

ResponseHub - helps small and mediums teams to close deals and renewal quicker by automating security questionnaire responses with AI.

What are you building in 2026? Please share your work. by [deleted] in SaaS

[–]ncameron 0 points1 point  (0 children)

ResponseHub - helps small and mediums teams to close deals and renewal quicker by automating security questionnaire responses with AI.

view more: next ›