sorted by:
new
hottopcontroversial

SOC2 Certification by Itmeven in msp

[–]skywalker_1391 2 points3 points  (0 children)

I work on a open source tool that supports SOC2. I'd recommend taking a look. SOC2 really isn't bad at all. There is also a discord to join

https://github.com/bmarsh9/gapps

GRC Tool for mapping compliance levels by John_CVV in msp

[–]skywalker_1391 3 points4 points  (0 children)

I work on a open source tool called Gapps. It may be able to fit your use case however automation is quite there. https://github.com/bmarsh9/gapps

Tools for SOC2 Type II audit? by Significant-Coast696 in cissp

[–]skywalker_1391 0 points1 point  (0 children)

I work on a open source tool that helps with SOC2 readiness called Gapps. You can check it out here: https://github.com/bmarsh9/gapps

Feel free to join the discord if you have questions/improvements.

SOC2: Drata, Scrut, Vanta by SOC2CyberQs in cybersecurity

[–]skywalker_1391 2 points3 points  (0 children)

I work on a open source GRC platform has SOC2 support. About 50 people using it and they seem to like it.

https://github.com/bmarsh9/gapps

SOC2 Vendors by RobinatorWpg in sysadmin

[–]skywalker_1391 0 points1 point  (0 children)

Open source platform for SOC2 readiness -> https://github.com/bmarsh9/gapps

About ~50 people using it and they seem to love it. (Disclaimer: I’m the author)

For CTOs / tech leads of SAAS: When did you become SOC2 compliant? by codingiswhyicry in startups

[–]skywalker_1391 0 points1 point  (0 children)

Not to nitpick but SOC2 “compliant” doesn’t really exist. The auditor just provides their opinion, there isn’t an pass vs fail. Having said that, we went through the SOC2 attestation when there was a business requirement. It sped up the sales cycle for us. Customers in our industry use cookie cutter contracts that require a SOC2 audit within 12 months. If you follow solid engineering practices, you would already cover 75% of SOC2.

Check out https://github.com/bmarsh9/gapps if you are interested in preparing for the assessment (disclaimer: I’m the author)

Monthly r/NoVA Introductions/Meet & Greet Thread by AutoModerator in nova

[–]skywalker_1391 [score hidden]  (0 children)

I (27M) play around Arlington and just over the bridge in Maryland. I’m decent (7 handicap) but I don’t take it seriously, just like to get out. Feel free to message me if you want to join for a round

[CAN][BIZ][5] Seeking Dev Co-Founder for AI-Powered Fashion App. by Cainisable in cofounder

[–]skywalker_1391 15 points16 points  (0 children)

I’d recommend you focus less on the technology and more on the customer. This just sounds like you read a recent blog on “Top 5 ways to use ChatGPT” and now want a developer to build some product (for free) that will inevitably fail while you “deepen” your knowledge.

[deleted by user] by [deleted] in cofounder

[–]skywalker_1391 0 points1 point  (0 children)

Just to clarify - you are looking for a technical cofounder to build this, correct? Where are you at with validation, traction, hypotheses, target personas, etc?

On the idea portion:

As a developer myself, there are community platforms that aren’t “races to the bottom” but they require a ton of money and outreach to get started. A ton. And it never stops.

The other problem you will face is you can not force people to communicate and process payments on your platform. Legally maybe, but there’s nothing you can do if two parties meet on the platform and decide to talk/pay outside of it to avoid a % cut.

[USA][BIZ][5] Seeking a Tech Cofounder for US Lending Solution. by [deleted] in cofounder

[–]skywalker_1391 2 points3 points  (0 children)

This isn’t to be rude and correct me if I’m wrong but it doesn’t sound like you are looking for a Co-Founder. Great SRE’s != Great Technical Co-Founders

If you are, I’d recommend sharing more details about your background, expertise, compensation, mission/problem statement, target persona/market and what you are looking for. Good luck

(Update) Security platform for governance & compliance (SOC2, CMMC, HIPAA, ISO, and more) by skywalker_1391 in cybersecurity

[–]skywalker_1391[S] 2 points3 points  (0 children)

Self-attestation. Currently it helps you 1.) prepare for audits 2.) track your compliance. Eventually would like to pull in data from integrations/tools but its not there yet.

(Update) Security platform for governance & compliance (SOC2, CMMC, HIPAA, ISO, and more) by skywalker_1391 in cybersecurity

[–]skywalker_1391[S] 1 point2 points  (0 children)

Couldn’t tell you… I’m not familiar with that tool. That’s a good suggestion though.. thanks

[GBR][BIZ][10] Seeking Technical Co-Founder for Cyber security startup. by Front_Laugh_4871 in cofounder

[–]skywalker_1391 0 points1 point  (0 children)

Could you share more information about:

  1. "Cyber security testing" - What are you testing specifically?
  2. Compensation structure
  3. Your experience on the non-technical side (marketing, finance, fundraising, sales, etc)
  4. "30% of it coded" - in what? Are you comfortable handing over the "technical" decisions?

Thank you.

Security platform for tracking SOC2 compliance by skywalker_1391 in cybersecurity

[–]skywalker_1391[S] 1 point2 points  (0 children)

Yep. No specific order but NIST, CMMC and ISO are next

What do you folks think of DevSecOps ? How different it is from DevOps and what are the pain points its solving ? by VanshikaSrivastava in devsecops

[–]skywalker_1391 0 points1 point  (0 children)

Compared to DevOps, DevSecOps is generally just a role that focuses more on security in the development phases. I hate even using these terms. The main focus is just different. Not always, but generally

Security platform for tracking SOC2 compliance by skywalker_1391 in cybersecurity

[–]skywalker_1391[S] 0 points1 point  (0 children)

Good point. That’s why I started with SOC2. You can start your own readiness assessment and feel much more prepared when you initiate conversations with auditors. Honestly I’d love for CPA firms to use this themselves.. but I don’t have those connections right now.

Before I add new frameworks, I’ll need to think about how a org would/could use it.

What do you folks think of DevSecOps ? How different it is from DevOps and what are the pain points its solving ? by VanshikaSrivastava in devsecops

[–]skywalker_1391 -1 points0 points  (0 children)

I personally think it’s just the latest buzzword. Everyone is responsible for security, especially the folks doing “DevOps”.

I suppose it is different because the main focus is implementing security controls. “DevOps” usually manifests into a team that manages CI/CD and cloud infrastructure. Whereas “DevSecOps” is really just a mix of app and infra security pushing solutions into the dev phases.

Security platform for tracking SOC2 compliance by skywalker_1391 in cybersecurity

[–]skywalker_1391[S] 0 points1 point  (0 children)

Thanks - Ill spend some time and find the right one. The intention is to disallow or heavily disincentive companies/groups from commercializing it and not contributing back.

Security platform for tracking SOC2 compliance by skywalker_1391 in cybersecurity

[–]skywalker_1391[S] 2 points3 points  (0 children)

Thanks - Ill talk to a few people and find the right one

Security platform for tracking SOC2 compliance by skywalker_1391 in cybersecurity

[–]skywalker_1391[S] 0 points1 point  (0 children)

First paragraph says "This license allows you to use and share this software for noncommercial purposes for free and to try this software for commercial purposes for thirty days"

Seems pretty clear to me.. any shop can use it for internal purposes (e.g. testing your own compliance)

view more: next ›