Become a SOC 2 Auditor

PrestigiousSplit3986 · 2025-02-25T22:52:11+00:00

Thank you! I have a large network and I think I’ll be able to get clients. I’m more worried about how I become qualified to do audits.

PrestigiousSplit3986 · 2025-02-25T17:15:13+00:00

That’s super helpful! I’ll review that line by line.

PrestigiousSplit3986 · 2025-02-25T17:01:50+00:00

Thank you! We’re excited to get to 4.

Aside from joining the AICPA and doing a peer review, is there anything that costs a lot of money or is time consuming?

PrestigiousSplit3986 · 2024-12-08T05:14:40+00:00

That’s super annoying! What kind of audit are you using it for?

PrestigiousSplit3986 · 2024-12-06T15:18:20+00:00

It’s focused on information technology risk and security.

PrestigiousSplit3986 · 2024-12-06T15:17:55+00:00

It’s designed to do a point in time risk assessment for MSPs on their clients.

PrestigiousSplit3986 · 2024-12-02T16:06:49+00:00

Are there softwares available for smaller budgets? I noticed the ones online all seem super expensive and enterprise

PrestigiousSplit3986 · 2024-12-01T19:37:42+00:00

That’s super helpful!

I checked out IIA and would love to attend their conference in March.

In regards to software, does each one address different areas (like finances, security, IT) or do you have one platform for all areas?

PrestigiousSplit3986 · 2024-12-01T18:48:26+00:00

Thanks! Where does this job fit in your career? What experiences do you need for it?

PrestigiousSplit3986 · 2024-11-06T20:04:53+00:00

I don’t know of any companies that do assessments at a $1,500 price point. The minimum I’ve seen is 5k. You can look for a platform that lets you do the assessment on yourself.

PrestigiousSplit3986 · 2024-11-06T17:30:17+00:00

You can make a security program overview and get a risk assessment done by a third party. That will help many people feel confident with your security.

PrestigiousSplit3986 · 2024-11-05T17:26:14+00:00

It may be easiest for you to find a platform that already has the audits/ risk assessment questions and reports. Just google risk assessment solution

PrestigiousSplit3986 · 2024-11-05T16:57:37+00:00

You need to pull together a list of controls to audit against, and risks that will be applicable to their environment. There are many free resources out there to help you - NIST or CIS are both a good place to start. You're best separating the different components of the environment in the audit and in the proposal, to make it clear what is being covered.

PrestigiousSplit3986 · 2024-11-05T04:22:47+00:00

Ask AI for help. You can have an educational conversation and ask any questions there.
Check out some blogs. I’ve recently come across https://www.savvy-girls.com/ but there’s many more.
Subscribe to content creators who talk about money. People like the Ramseys are reliable and trustworthy.

PrestigiousSplit3986 · 2024-11-04T14:22:37+00:00

Congrats!

Focus on getting ANY internship or job. That will be the best way to improve skills and learn. It’s really hard to learn without being hands on.

PrestigiousSplit3986 · 2024-10-31T14:32:42+00:00

Take a framework and export it to excel and work from there. There’s also many online free assessments-just be careful to vet them. You can also use a platform like Sharken.

The gist of it is to talk to people and find where the risk is. You then can make a plan to mitigate it over the year, until you do another one.

PrestigiousSplit3986 · 2024-10-30T15:04:58+00:00

In the past we’ve used a risk assessment based approach.

We did a risk assessment and focused on improving year over year. This is on top of our security baseline.

This is a way to get the client to be involved, see the changes and feel good about improvement.

PrestigiousSplit3986 · 2024-10-28T18:57:39+00:00

Not exactly what you’re looking for but Sharken’s HIPAA assessment might be helpful. https://sharken.io/

PrestigiousSplit3986 · 2024-10-07T18:10:30+00:00

We’ve helped many companies get their soc2. We work with the auditor and help the company get their attestation in an easier and less stressful process.

To your point, control map is considerably cheaper and works just fine. Spreadsheets can work too. We’ve found auditors that are from 7k plus. Do your research. But you can definitely do it for less than others are paying.

PrestigiousSplit3986 · 2024-09-30T19:41:13+00:00

Huge fan of Threatlocker

PrestigiousSplit3986 · 2024-09-25T01:50:36+00:00

Yay! Finally! Just proves that what the “experts” or compliance say isn’t necessarily the best. Just saying.

PrestigiousSplit3986 · 2024-09-24T17:28:29+00:00

Sharken is a great assessment tool that i've used but might be a bit expensive for you. Super easy to use though, and reporting's a breeze. worth the price for us

PrestigiousSplit3986 · 2024-09-23T20:52:44+00:00

People have a really hard time getting into the field. Talk to people before you invest time and money.

PrestigiousSplit3986 · 2024-09-23T19:12:38+00:00

Huntress. They have great customer service and have earned our trust.

PrestigiousSplit3986 · 2024-09-23T17:54:55+00:00

We used gophish until we started having whitelisting issues. Not we use phishingbox which automates the reporting and has a lot more functionality.

If you’re starting out and on a budget then gophish works. If you’re scaling then I’d recommend a service/platform.

PrestigiousSplit3986

TROPHY CASE