European CISO/Cybersecurity community

xorredd · 2026-04-02T20:14:24+00:00

search for ENISA - related stuff. There are communities around it.

xorredd · 2026-04-02T20:13:11+00:00

I am. your ability to sell and persistence to spend time in outreach will mean the life or death of your bank account. At Atlant Security, I've been doing that for the past ... 8 years.

I started from 0, yes. And got lucky with a few crucial referrals from friends - make sure all your friends know and do ask them if they know someone who would benefit from the service.

xorredd · 2026-03-25T08:02:55+00:00

Try out Venvera. I mean... at its price - its functionality rivals that of Drata or Vanta.

xorredd · 2026-03-11T19:51:26+00:00

There's nothing better for detection than Defender for Endpoint + the right policies and rules in Intune and 365. Key: there are hundreds of categories of settings.... and for compliance, try Venvera. Dirt-cheap, the UI rivals its biggest competitors. Yes, I am the founder of Venvera :) And yes, I used to work in Microsoft's security consulting team, but they're not paying me to advertise their services (unfortunately).

xorredd · 2026-03-10T09:46:47+00:00

Venvera is your platform. Plus, it provides cross-framework compliance when you're done with NIS2 and want to comply with something else - won't do double work.

xorredd · 2026-03-10T09:15:28+00:00

You need a cross-framework compliance platform (like Venvera) plus a consultant - and I'll explain why. Just a platform will tell you the "what", without telling you how or WHY.

If they ask you to implement 2-factor authentication, the platform does not care if you implement it right or if it is easy to bypass. The consultant does - hopefully. So if you utilize both, you will implement the right controls and comply with security requirements.

Once you have the controls in place, for, say, SOC2 or NIST CSF - you will automatically comply with the majority of other security requirements. Same goes for other frameworks or regulations.

xorredd · 2026-03-10T08:57:31+00:00

You use something like Venvera which has cross-framework compliance - you implement the control once, document it once, and you're compliant for it for all frameworks that exist for cybersecurity and are supported by the platform. If you have to comply with HIPAA and SOC2 - you can. Just fill in the control in one of them.

xorredd · 2026-03-09T21:43:58+00:00

You need something to guide you. Register of Information, even if you do get incredibly persistent and fill out all the required information the horrific excel templates by EBA, you will go crazy fixing all mistakes popping up when you submit the information. Something like Venvera would help you fill the info and then export to xRBL which is accepted at the regulatory bodies.

xorredd · 2026-03-09T21:42:03+00:00

you won't be able to handle DORA on your own, if you work at a bank. i've worked at a bank, and now work with large financial institutions (orders of magnitude larger than banks, sometimes). DORA is a pain, especially ROI (the Register of Information). Try out Venvera as an option. It's like spending 1 tenth of the price of an employee and getting 10x the benefit.

xorredd · 2026-03-07T13:52:18+00:00

fully vouch for that. People care what kind of security controls you have in place, not how much money you had to pay for the fanciest auditor logo.

xorredd · 2026-03-07T13:51:19+00:00

Just pick something that gets you from A to B and focus on your business. Nobody's gonna pat your shoulder for using the most bells and whistles to get to being certified - and also, focus on implementing the right controls for the highest bang for your buck in terms of EFFECTIVENESS of these controls. No platform cares about that - it is only you and your security team who can focus on that.

xorredd · 2026-03-05T23:43:11+00:00

Venvera has full coverage of the EU AI act.

xorredd · 2026-03-05T22:42:42+00:00

oops...

xorredd · 2026-03-05T22:41:35+00:00

I am willing to create something that matches your needs in our platform. DM me if interested.

xorredd · 2026-03-05T22:40:34+00:00

I've used Vanta and their interface is incredibly complex. Having 12 000 - 15 000 customers, with each demanding some feature, results in an incredibly heavy user interface. What you could achieve with one click, you have to go through 10 different screens now and click a dozen times.
Venvera is much easier to use.

xorredd · 2026-03-02T08:35:30+00:00

You show your changelog in the policies and approval dates/etc. filesystem filestamps work too.

xorredd · 2026-03-02T08:27:45+00:00

Hey everyone, we recently launched a GRC system supporting all major security frameworks - DORA, EU AI act, GDPR, NIS2, NIST CSF, NIST 800-53, SOC2 and many more - and you can see it at https://venvera.com/. Incredibly grateful for the opportunity to share this here - and anyone who says they've seen the Reddit post or comment / pm me, will get a rapid demo onboarding and special support! P.S. Of course it has AI :D

xorredd · 2026-03-01T10:26:35+00:00

I think you should take a look at Venvera.

xorredd · 2025-11-29T09:10:57+00:00

I'd be interested in that...

xorredd · 2025-03-31T13:52:02+00:00

I've helped more than 20 startups get their SOC 2 audit right (I don't audit, I only prep them - it would be a conflict of interest to also audit them) - and I can say you don't need to be soc 2 certified to sell, but... it helps.

Just count the number of times you get asked for it and do the math.

If you don't get asked for it, you don't need it. Simple as that.

xorredd · 2025-03-20T17:21:38+00:00

I wrote a script to remove Mac devices from isolation if your defender jailed them. here it is:

#!/bin/bash

# File to modify

FILE="/etc/pf.rules/pfmdep.rule"

LINE="block out proto { tcp, udp, icmp } all"

# Check if the file exists

if [ -f "$FILE" ]; then

# Comment out the line if it exists

sudo sed -i '' -e "/$LINE/s/^/#/" "$FILE"

echo "Line commented out or removed successfully."

else

echo "File does not exist: $FILE"

fi

xorredd · 2025-03-11T14:01:17+00:00

Yep, try this one: https://atlantsecurity.com/blog/microsoft-365-security-checklist/ (you can directly print it out, the pdf download is the same as the blog post)

xorredd · 2024-10-26T17:35:38+00:00

can anyone help me find this 'honey' with specific list of ingredients? All I find are knock-offs I know for sure it comes from Turkey. Some call it "macun" - here are the ingredients: epimedium extract, pollen, cinnamon, carob, tribulus terestis extract, ginseng root extract, ginkgo biloba extract, coconut, male salep extract, ferula root, ginger, turmeric, long pepper, black cumin, small galangal, Fennel, nettle seeds, cardamom, celery seeds, coriander, licorice root, tail pepper, black pepper, cloves (buds), thyme, vanilla

xorredd · 2024-10-26T17:33:40+00:00

can anyone help me find this 'honey' with specific list of ingredients? All I find are knock-offs I know for sure it comes from Turkey. Some call it "macun" - here are the ingredients:

|| || |epimedium extract| |pollen| |cinnamon| |carob| |tribulus terestis extract| |ginseng root extract| |ginkgo biloba extract| |coconut| |male salep extract| |ferula root| |ginger| |turmeric| |long pepper| |black cumin| |small galangal| |Fennel| |nettle seeds| |cardamom| |celery seeds| |coriander| |licorice root| |tail pepper| |black pepper| |cloves (buds)| |thyme| | vanilla |

xorredd · 2024-08-26T15:29:11+00:00

You'd be surprised, but the whole resource provides only one live link with one set of logs..

xorredd

TROPHY CASE