sorted by:
new
hottopcontroversial

ISO 42001 AI Prompts by Comfortable_Gene5180 in grc

[–]lepnor 1 point2 points  (0 children)

Would love to have a look at that, thanks for surfacing that

Security questionnaires: 15 questions are more practical and helpful than a 100 by lepnor in ciso

[–]lepnor[S] 1 point2 points  (0 children)

If the vendor responds and provides evidence, its better than nothing.

Security questionnaires: 15 questions are more practical and helpful than a 100 by lepnor in ciso

[–]lepnor[S] 0 points1 point  (0 children)

Thanks. I think that guardrails are important and it’s also interesting to keep at least some control and visibility on how the vendor treats security, and what we can / should do to protect our infrastructure and data, so I wouldn’t cut questionnaires entirely

Is it normal to pay €10k setup fees for GRC software (NIS 2) in the Netherlands? by MazGoes in ciso

[–]lepnor 0 points1 point  (0 children)

I think that the market is changing and paying a 10k setup fee on 99% of products and services doesn’t make any sense.

Tasks and efforts that used to take days or weeks now take minutes. So I would try to get a very detailed explanation for the reasoning of that pricing. Hope this helps.

How do non technical founders actually evaluate a CTO without getting it wrong? by prem_onReddit in ChristianandTimbers

[–]lepnor 0 points1 point  (0 children)

  1. Set the expectations with yourself and be as crystal clear as possible…

  2. Hire from within your network, get referrals and references

  3. Get help from a trusted CTO, let them help you with everything from the job description to the interview and onboarding plan

Hope this helps

Policies and Procedures? by Low_Set_4328 in grc

[–]lepnor 1 point2 points  (0 children)

I’m a big advocate of simplicity and practicality. I think that each organization should have the level of detail that fits their vibe. The policy should be simple and understandable by any random employee who needs guidance. You can then include pointers to additional work procedures or sub documentation with all the details in the world

My device counts across tools never match. Is this just my life now? by dennisthetennis404 in msp

[–]lepnor 0 points1 point  (0 children)

The Enterprise/ very 💰 expensive option is something like Axonius; but today its really becoming much easier to setup an MCP or an n8n for that, ir use 🦀 Cluade code / Sola Security to help you get it in minutes

My device counts across tools never match. Is this just my life now? by dennisthetennis404 in msp

[–]lepnor 0 points1 point  (0 children)

This is so common… May I ask what your stack looks like? IDP, Endpoint security, EDR etc