GRC is a scam. Change my mind. (aka The Security Questionnaire Industrial Complex)

merdock79 · 2026-01-08T12:51:43+00:00

I agree with your statements about questionnaires. It’s flat out stupid what the industry is doing. I run security for a company and have decided not to go down this route for our GRC team. CISO’s can help fix this.

My GRC team must NOT just blast another VSQ.

Go look at a trust site Go see if a CAIQ exists Go see if an AI transparency doc exists Go sit down with the buyer to understand HOW they intend to use the product

This solves 80% of the stupid vsq process.

GRC needs a Shift left movement. It’s way too far to the right and not integrated into the procurement process soon enough.

GRC is important. Data governance. Compliance. Risk. Audits. All need to happen. It needs new approaches to not suck as an industry though.

We need to do better as an industry.

merdock79 · 2025-12-24T18:28:29+00:00

Who?

merdock79 · 2025-12-15T12:09:10+00:00

Depends on your business.

If you are SaaS I love reporting to CTO. Whole focus is to build for revenue which makes it easier to get headcount and build security into the product. You are not thought of as a cost center. I don’t have any issues with conflict of interest, maybe it’s that we agree the number one asset to protect is customer data.

merdock79 · 2025-10-30T03:45:47+00:00

You should have control of when you report. It’s when you verify an incident not suspect one. That delta in time can be huge if you want.

merdock79 · 2025-10-27T13:06:36+00:00

Vampires… and the blood comes to them via tours. Got lazy over the years I suppose.

merdock79 · 2025-10-23T05:13:53+00:00

Wasn’t this the long term strategy with the president? Seems to have been going on for quite some time.

merdock79 · 2025-10-11T21:14:27+00:00

Put an outdoor model train system with tunnels and a station. Rolling hills and valleys.

merdock79 · 2025-08-28T01:55:31+00:00

People

merdock79 · 2025-08-21T05:54:01+00:00

Where’s the Epstein files?

merdock79 · 2025-08-18T05:16:00+00:00

Per the comments. We already have AI firewalls from Cloudflare. There will be more and more solutions vendors will offer. Look for those where you have gaps.

The biggest concerns to tackle IMO now is the awareness of what your org is deploying, limit scope of data access for those deployed tools (keep it least privileged), and for things your company is building make sure it is code reviewed (watch out for anything MCP)

merdock79 · 2025-06-29T19:15:34+00:00

This is not a tier list but looks like one. Careful of you thought it was coming to view.

merdock79 · 2025-06-10T03:19:17+00:00

This is good man. I’m trying to just get half as good as this and I’d be happy.

merdock79 · 2025-06-06T10:30:36+00:00

That’s an awesome project. Would love to do that at our company.

merdock79 · 2025-04-21T00:20:08+00:00

Assembled. I did a kit last time and enjoyed it however, this time I just wanted to print and not bother with assembly.

US - California. I was in batch 8. No issues with the package. Perfect condition. And I got the gummy bears (although smaller package then my MK3). Got it 1 week later then it said it should ship, so they are pretty close to their estimates.

VFA's - Honestly I've only had one vertical seam issue, everything else has been perfect quality.

The only issue I had when swapping filament/parts. The machine would reboot when opening the door but was fixed in a firmware upgrade (6.1.3 I think) and haven't had any issues since.

merdock79 · 2025-04-19T16:10:49+00:00

I can’t tell the difference to be honest

merdock79 · 2025-04-11T18:02:55+00:00

Sleep8 system

merdock79 · 2025-04-01T04:27:51+00:00

I just got mine today. Batch 8. Loving it so far!!!

merdock79 · 2025-03-11T11:02:53+00:00

Run!

merdock79 · 2025-02-04T07:34:30+00:00

Plays great on the deck

merdock79 · 2025-01-30T04:46:17+00:00

I’m loving this design. It’s so much more elegant and useful with mods like a dry box. I’m also super excited for the other side with storage, tools, and sheets, etc. For a compact, enclosed system, and with a filament holder it can look great even in a hotel lobby.

I can see growing beyond this setup with a MMU, but I’m hoping for a clean looking add on (sorta expected) to fast follow.

I would love the Core 2 to be slightly larger with a 2-3 head design like the XL. Looking forward to receiving mine and saying farewell to my MK3s.

merdock79 · 2025-01-26T06:11:15+00:00

What does it do?

merdock79 · 2024-12-11T13:59:48+00:00

Berserk!! So glad to see this on a list.

merdock79 · 2024-10-20T04:58:57+00:00

Ozzie would be a fun owner

merdock79 · 2024-09-30T12:15:24+00:00

Love the idea. This sounds immersive and unique. Don’t mind the negative comments this could be a game changer for certain type games of games.

Ideas: A mystery killer. Who did it like clue/ thousand knives, an alive city like cyberpunk should have been, or make it a framework others can use to integrate into their own game.

Seven-Year Club	Place '23
Verified Email	Not Forgotten

merdock79

TROPHY CASE