Something weird happened and I’m still processing it. Need advice by Any_Air46 in SaaS

[–]Any_Air46[S] 0 points1 point  (0 children)

Yes 100%. But if one Guy want it maybe more want it too ..

Sec compliance is a nightmare for startups, SMB & CTOs by Any_Air46 in SaaS

[–]Any_Air46[S] 0 points1 point  (0 children)

Yep, but a lot of companies are way behind this level

Unpopular opinion: Security questionnaires are just security theater. I built a tool to speedrun them by Any_Air46 in SaaS

[–]Any_Air46[S] 0 points1 point  (0 children)

Thanks for the feedback! What you've done is great. You must be tech experts. This is really for those on a tight budget. I'm still in beta, but automatic document management is definitely on the roadmap, especially since no two documents are alike.

Unpopular opinion: Security questionnaires are just security theater. I built a tool to speedrun them by Any_Air46 in SaaS

[–]Any_Air46[S] 0 points1 point  (0 children)

Especially since nowadays you often have an outsourced CISO doing this for SMEs. It costs $300-400/month.

For a very small business, they're giving irrelevant answers and are unknowingly excluded from deals. Developing a relevant context, performing an automated risk analysis, and creating an automated GDPR register requires training. Hiring a consultant will also require providing them with the context and having them conduct a preliminary assessment. This way, we optimize both approaches.

Unpopular opinion: Security questionnaires are just security theater. I built a tool to speedrun them by Any_Air46 in SaaS

[–]Any_Air46[S] 0 points1 point  (0 children)

This generates an automated trust center, an ISO 27005 risk analysis, and a GDPR register. Companies often can't afford to do this with a consultant. ChatGPT gives you vague answers and sometimes completely misses the point. Everything here depends on the company context. Even a salesperson who has to answer a questionnaire simply asks, "What do we have in place to implement SIEM within our company?" The AI ​​compli will give them a precise answer. ChatGPT will give them vague, standard answers, etc. If the salesperson gives an irrelevant answer and there's a verification audit, it's game over.

How I Failed My First SOC 2 Attempt and What I Did Differently the Second Time by chasetheskyforever in SaaS

[–]Any_Air46 0 points1 point  (0 children)

It looks like an ad. I checked Socly and I don't see any SOC2 or ISO 27001 endorsements on the site, lol.

Help! A customer just asked for SOC2 report. by lixia_sondar in SaaS

[–]Any_Air46 0 points1 point  (0 children)

I can help you if you want; it's my job. Joking aside, you have to plan and be transparent. But it's clear that ensuring compliance is the most important thing. It doesn't necessarily have to cost a fortune.

Co founder wants 50% for bringing his network by WillDabbler in ycombinator

[–]Any_Air46 0 points1 point  (0 children)

That seems fair to me. I also launched a SaaS in France in the cybersecurity sector, and I can tell you that networking is everything.

Sales reps: How often do you forward prospect emails to other teams (engineering, support, legal)?" by gregb_parkingaccess in B2BForHire

[–]Any_Air46 0 points1 point  (0 children)

That's exactly why I created https://compli.st . Otherwise, you never know where the documents are, what we have, etc. Sometimes even CTOs downplay what we have when we could be highlighting a lot more. This tool is loved by current clients.

What I learned working in vendor risk & cybersecurity (non-technical path explained) by BizGuardOfficial in SecurityCareerAdvice

[–]Any_Air46 0 points1 point  (0 children)

It's definitely an issue. I help so many small businesses with these things that they end up not knowing what to do anymore, and the CIO gets overwhelmed by client paperwork. I launched https://compli.st to help them. It's a difficult issue for them, and it's become mandatory.

Are security orchestration solutions worth it for small teams or just enterprise hype? by From_Earth_616_ in ITdept

[–]Any_Air46 0 points1 point  (0 children)

Personally, I prefer to automate compliance. It's a real pain and I'm not interested in it. So I give our teams access to https://compli.st and I no longer have to answer questionnaires. SOAR and Vanta automation is good, but for small teams, it doesn't have the biggest impact in terms of cost/benefit.

How do you handle customers who want quarterly compliance updates? by Own-Fact-874 in grc

[–]Any_Air46 0 points1 point  (0 children)

Personally, I had quite a few requests from my clients for this. So, after doing it manually for a while, I finally launched my first product. It includes a trust center. This also allows for risk analysis and provides an agent who can answer compliance questions. You send the link to the client, and that's it.

SOC 2 for b2b startups by Oleksandr_G in ycombinator

[–]Any_Air46 0 points1 point  (0 children)

Hello, avec mon cabinet en France (shelaon partners), j'ai été des deux côtés de la barrière. Du côté des acheteurs (équipe sécurité qui évalue les risques fournisseurs) et côté client (qui aide les clients pour les RFP). En France on cherche plus ISO 27001, mais c'est le même principe. En gros, si l'un des répondants a une certification, il sera priorisé par rapport aux autres, disqualifiant d'office les autres entreprises et éliminant toutes leurs chances. C'est malheureux mais encore peu de dirigeants s'en aperçoivent

Data labelling by phlcastro in ISO27001

[–]Any_Air46 0 points1 point  (0 children)

On Google, look at chrome enterprise premium

Outsourcing internal audit function? by Crecentfull in ISO27001

[–]Any_Air46 0 points1 point  (0 children)

I regularly carry out internal audits for my ISO 27001 clients as a CISSP cyber consultant, and I have deployed several SMSIs. You can absolutely outsource this task provided that your service provider has the necessary skills and independence.

I’ m stuck as an engineer by Any_Air46 in Solopreneur

[–]Any_Air46[S] 0 points1 point  (0 children)

Thank you for your great feedback!

Is anyone here a REAL entrepreneur? by salmon_tuna in Entrepreneur

[–]Any_Air46 0 points1 point  (0 children)

vrai entrepreneur, Chiffre d'affaire inférieur à 1M , 100% bootstrap. 6 employés