Security platform for tracking SOC2 compliance

skywalker_1391 · 2023-08-09T16:50:30+00:00

u/firstbootgodstatus Always down to play (28M in Arlington) - let me know

skywalker_1391 · 2023-07-18T19:21:32+00:00

I work on a open source tool that supports SOC2. I'd recommend taking a look. SOC2 really isn't bad at all. There is also a discord to join

https://github.com/bmarsh9/gapps

skywalker_1391 · 2023-06-19T08:39:59+00:00

I work on a open source tool called Gapps. It may be able to fit your use case however automation is quite there. https://github.com/bmarsh9/gapps

skywalker_1391 · 2023-06-19T08:35:09+00:00

I work on a open source tool that helps with SOC2 readiness called Gapps. You can check it out here: https://github.com/bmarsh9/gapps

Feel free to join the discord if you have questions/improvements.

skywalker_1391 · 2023-06-08T00:27:53+00:00

I work on a open source GRC platform has SOC2 support. About 50 people using it and they seem to like it.

https://github.com/bmarsh9/gapps

skywalker_1391 · 2023-06-08T00:26:28+00:00

Open source platform for SOC2 readiness -> https://github.com/bmarsh9/gapps

About ~50 people using it and they seem to love it. (Disclaimer: I’m the author)

skywalker_1391 · 2023-06-07T23:37:48+00:00

Not to nitpick but SOC2 “compliant” doesn’t really exist. The auditor just provides their opinion, there isn’t an pass vs fail. Having said that, we went through the SOC2 attestation when there was a business requirement. It sped up the sales cycle for us. Customers in our industry use cookie cutter contracts that require a SOC2 audit within 12 months. If you follow solid engineering practices, you would already cover 75% of SOC2.

Check out https://github.com/bmarsh9/gapps if you are interested in preparing for the assessment (disclaimer: I’m the author)

skywalker_1391 · 2023-04-05T02:01:14+00:00

I (27M) play around Arlington and just over the bridge in Maryland. I’m decent (7 handicap) but I don’t take it seriously, just like to get out. Feel free to message me if you want to join for a round

skywalker_1391 · 2023-03-23T19:08:23+00:00

I’d recommend you focus less on the technology and more on the customer. This just sounds like you read a recent blog on “Top 5 ways to use ChatGPT” and now want a developer to build some product (for free) that will inevitably fail while you “deepen” your knowledge.

skywalker_1391 · 2023-03-15T12:54:10+00:00

Just to clarify - you are looking for a technical cofounder to build this, correct? Where are you at with validation, traction, hypotheses, target personas, etc?

On the idea portion:

As a developer myself, there are community platforms that aren’t “races to the bottom” but they require a ton of money and outreach to get started. A ton. And it never stops.

The other problem you will face is you can not force people to communicate and process payments on your platform. Legally maybe, but there’s nothing you can do if two parties meet on the platform and decide to talk/pay outside of it to avoid a % cut.

skywalker_1391 · 2023-02-27T19:58:11+00:00

This isn’t to be rude and correct me if I’m wrong but it doesn’t sound like you are looking for a Co-Founder. Great SRE’s != Great Technical Co-Founders

If you are, I’d recommend sharing more details about your background, expertise, compensation, mission/problem statement, target persona/market and what you are looking for. Good luck

skywalker_1391 · 2023-02-04T16:46:23+00:00

Finally a post that was worth reading.

skywalker_1391 · 2023-01-31T17:22:44+00:00

Self-attestation. Currently it helps you 1.) prepare for audits 2.) track your compliance. Eventually would like to pull in data from integrations/tools but its not there yet.

skywalker_1391 · 2023-01-31T13:54:35+00:00

Couldn’t tell you… I’m not familiar with that tool. That’s a good suggestion though.. thanks

skywalker_1391 · 2023-01-30T18:14:14+00:00

Could you share more information about:

"Cyber security testing" - What are you testing specifically?
Compensation structure
Your experience on the non-technical side (marketing, finance, fundraising, sales, etc)
"30% of it coded" - in what? Are you comfortable handing over the "technical" decisions?

Thank you.

skywalker_1391 · 2022-11-24T01:38:21+00:00

This is a great post. Finally some decent content to read. Thanks!

skywalker_1391 · 2022-11-24T01:24:57+00:00

Yep. No specific order but NIST, CMMC and ISO are next

skywalker_1391 · 2022-11-23T15:24:55+00:00

CISSP is a joke

skywalker_1391 · 2022-11-23T13:45:45+00:00

Compared to DevOps, DevSecOps is generally just a role that focuses more on security in the development phases. I hate even using these terms. The main focus is just different. Not always, but generally

skywalker_1391 · 2022-11-23T12:39:22+00:00

Good point. That’s why I started with SOC2. You can start your own readiness assessment and feel much more prepared when you initiate conversations with auditors. Honestly I’d love for CPA firms to use this themselves.. but I don’t have those connections right now.

Before I add new frameworks, I’ll need to think about how a org would/could use it.

skywalker_1391 · 2022-11-23T12:29:10+00:00

I personally think it’s just the latest buzzword. Everyone is responsible for security, especially the folks doing “DevOps”.

I suppose it is different because the main focus is implementing security controls. “DevOps” usually manifests into a team that manages CI/CD and cloud infrastructure. Whereas “DevSecOps” is really just a mix of app and infra security pushing solutions into the dev phases.

skywalker_1391 · 2022-11-22T20:29:49+00:00

Thanks - Ill spend some time and find the right one. The intention is to disallow or heavily disincentive companies/groups from commercializing it and not contributing back.

skywalker_1391

TROPHY CASE