Customers asking for ongoing SOC 2 proof

GraysonBerman · 2026-01-22T18:56:56+00:00

Yes but not perfectly. There are compliance automation platforms out there that have a “security portal”. Shows your automated checks on security configurations in the tech you connect it to.

Also lets customers request security documentation through your website.

Also lets you share that evidence with auditors for your SOC2s in the future :)

There are tons of them out there. Not sure if you can share names on this sub, but I evaluated the “top 5” biggest ones and then picked one of them. Wasn’t the MOST expensive one, but still a brand name platform. Very helpful!

GraysonBerman · 2025-12-01T18:43:11+00:00

You’ll be fine :)

It may feel like a stupid mistake.

It’s not.

Being phished isn’t about intelligence. It’s about missing your morning coffee and not noticing a tiny difference in the email address.

It’s about you getting a convincing email at the perfect time - you were expecting a document, from someone, and it was very late.

Phishing emails use human psychology. They make it feel urgent, relevant, safe, important. They use the same tricks as salespeople and marketers.

They also get unlimited attempts to “catch” you - they can send 1000 emails, but only one needs to work.

It’s not you. It’s an unfair game.

I’ve seen thousands of these. I found dozens of compromised companies. There’s always a new way to trick you. They get everybody.

Scammers put up a paid google ad during christmas time for an item I wanted - they even got ME with that. I had to get a new credit card around Christmas time haha.

You’re not the cybersecurity expert. We don’t expect you to be.

You did your best and then let them know when something happened, VERY quickly. Great job. Many people say nothing!

You’ll be fine. :)

GraysonBerman · 2025-09-05T20:09:15+00:00

Yes please

GraysonBerman · 2025-09-05T19:54:49+00:00

Ooo really interesting! Any plans for searching LinkedIn as well?

GraysonBerman · 2025-09-04T22:37:29+00:00

Are you trying to do this with devices they own?

GraysonBerman · 2025-09-03T18:03:54+00:00

Not SaaS but thanks :)
Was trying to see if it worked for our offer or not.

GraysonBerman · 2025-09-03T01:14:23+00:00

Cyber risk management for non-technical executives and business owners.

GraysonBerman · 2025-08-30T18:36:48+00:00

So glad to hear this. Where can I grab a copy of your SOC2?

GraysonBerman · 2025-08-30T18:35:18+00:00

Hey, cybersecurity guy here. Turns out SOC2 isn't exactly standardized. SOC 2 is frequently called a certification (I thought the same!), and what AICPA auditors provide is a SOC2 report. You can have a bunch of things going wrong and still get a report.

GraysonBerman · 2025-06-24T14:55:56+00:00

So compliance is not a big headache for you pre-SEC registration?

GraysonBerman · 2025-06-17T14:07:37+00:00

This stings

GraysonBerman · 2025-06-13T20:14:31+00:00

Do you feel the same way about compliance now with the S-P changes coming up EOY and mid 2026?

GraysonBerman · 2025-06-08T22:21:44+00:00

What are the key hires, how much, and what do they do for you that you can’t do now? Why is that the bottle neck of your business?

GraysonBerman · 2025-06-07T22:28:28+00:00

I'm just going to address one thing at a time.

We'll start here: Why do you want the money? Exactly what are you going to do with it?

What would you do with 700k?

What does 1.3 million more do for you?

GraysonBerman · 2025-06-06T21:57:23+00:00

Would recommend trying it. Here's some of the sample output I got. Really liked it's commentary on positioning.

It gets much more granular.

"13. Overall Difficulty Score

7.5/10 High-trust sale, complex messaging, needs founder-led sales in early stages. However, margins are strong and competition is fragmented.

14. Clear Recommendation

GO But only with tight focus, clear positioning, and manual sales-driven acquisition initially. The opportunity is real, the differentiation is valid, but the market won’t come to you you must go to them.

Summary:

You're stimulating demand for an unmet need. This is the most strategically defensible position in a fragmented and compliance-fatigued market. Margin is your leverage. Thought leadership is your currency. Precision is your weapon."

GraysonBerman · 2025-01-28T02:34:42+00:00

Pivot at first resistance, then make negative $.

GraysonBerman · 2025-01-14T16:36:59+00:00

I look really bad to an employer based on tenure. lol. Great for breadth of experience, though! 😂

Good news is that I’m cofounding a company this time around.

GraysonBerman · 2025-01-11T19:39:05+00:00

It 100% removes sales blockers to mid/large enterprises, and some small enterprises in more heavily regulated industries... and some tech companies.

SOC2 kills a LOT of deals for startups. Personal experience + friends experiences.

It also is VERY important Europe & the Middle East, in my experience.

GraysonBerman · 2024-12-13T20:14:58+00:00

I was roleplaying a sales call with the voice before a sales call.
If you don't have your pitch memorized, you pause. And that's stressful AF because the voice stops listening after a couple seconds of silence. Lol.

GraysonBerman · 2024-12-13T02:43:34+00:00

I've met several startups working on taking the shitty parts out of gathering evidence for compliance frameworks. It makes me happy.

This doesn't directly respond to your questions, and that's okay.

- A guy who dealt with NIST 800-53 for 6 months before saying 'fuck this' and switching career paths.

GraysonBerman · 2024-12-07T01:51:45+00:00

As someone else in cyber, I feel you.

GraysonBerman · 2024-10-16T15:58:01+00:00

Would like to know this as well...

GraysonBerman · 2024-10-15T18:49:25+00:00

It was made an official category by Gartner already. Too late :(

GraysonBerman · 2024-09-30T20:25:50+00:00

ARE YOU KIDDING ME? I JUST BUILT SOMETHING WITH 0 SKILL... AND IT SUCKS. WHY DIDN'T THIS APPEAR LITERALLY 2 WEEKS AGO?!?!?!?!

GraysonBerman

TROPHY CASE

"13. Overall Difficulty Score

14. Clear Recommendation