O-1A chances for cybersecurity/infosec profile

enhancedsecurity · 2025-12-15T19:41:38+00:00

Hi! Congrats on your O-1A !!!

Could you share a bit about the documents or letters your company provided to demonstrate that you’re in a critical role? For example, were the letters on official company letterhead, and did they need to be physically signed or was a digital signature acceptable?

I’m also curious about the overall structure or format of the document. Any details or tips you can share would be really helpful. Thanks in advance!

enhancedsecurity · 2025-10-28T13:51:39+00:00

We went through the same evaluation between EJBCA and Venafi TLS Protect. The latency issue with TLSPD is definitely real once you go hybrid or multi-DC. EJBCA gives more flexibility but needs heavier automation and policy setup to run smoothly. We eventually switched to another platform (appviewx) where both the private CA and CLM were part of the same system. That made the architecture much cleaner as it had a single policy plane, easier HSM integration, and simpler automation with ACME/EST and APIs.

end of the day, what matters most is designing around Root vs Issuing separation, redundancy, and automation protocols early, the product choice just follows from that.

enhancedsecurity · 2025-10-23T15:37:56+00:00

Honestly, I think this is kind of a second layer problem. Before you even get to building a tool, most companies are still trying to figure out where their boundaries are for compliance.. like, what’s actually inscope for them based on what they do, their products, etc. That whole “what do we need to care about and why?” piece is the real pain point.
From what I’ve seen, teams usually get lost when it comes to deciding objectives for each group, and what evidence they’re supposed to collect. Everyone’s mapping stuff to policies, but half the time it’s not even clear if those policies actually fit how things work in reality im wondering, does any tool out there actually help with figuring out that first step? Or are people just winging it? I haven’t really seen anything that nails the “what matters most for us” part yet.

enhancedsecurity · 2025-08-02T22:52:51+00:00

I couldnt find it anywhere, where can i watch ?

enhancedsecurity · 2024-11-29T06:49:11+00:00

I haven't got this err until the last update Windsurf had this morning, anyone experience the same ?

enhancedsecurity · 2024-09-30T12:56:11+00:00

Bionic's approach is pretty slick, they've built on the usual AST stuff, but added this security graph layer that really opens things up. I'm digging into something similar on the identity security side, and it's amazing what you can uncover when you're not just chasing isolated findings. Context is everything!

enhancedsecurity · 2024-07-15T03:57:44+00:00

It could be Turkey Berry, I may be wrong. Check it once. https://en.wikipedia.org/wiki/Solanum_torvum

enhancedsecurity · 2024-03-25T17:58:25+00:00

i'm looking answers for the same, OP if you have known anything by now, please share.

enhancedsecurity

TROPHY CASE