Dr. HermanSJr.<p>Industry's 1st & only book/#bible on <a href="https://mastodon.social/tags/compliance" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>compliance</span></a>/#governance for <a href="https://mastodon.social/tags/SOC2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SOC2</span></a> for all <a href="https://mastodon.social/tags/enterprise" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>enterprise</span></a> & <a href="https://mastodon.social/tags/startups" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>startups</span></a> <a href="https://mastodon.social/tags/serviceProviders" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>serviceProviders</span></a> worldwide regarding <a href="https://mastodon.social/tags/IT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IT</span></a>, <a href="https://mastodon.social/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AI</span></a>, <a href="https://mastodon.social/tags/InformationTechnology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InformationTechnology</span></a>.</p><p>"The Framework Efficiency Architect: Transforming SOC 2 Into A Monetization Weapon"</p><p>More info at DrHermanSJr.carrd.co (last book at bottom).</p><p>Launching late April 2025 as the first in a series covering major frameworks.</p><p>Pre-sales, with an added free 1-hour consultation, available now at <a href="https://ko-fi.com/s/0727fa33a1" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">ko-fi.com/s/0727fa33a1</span><span class="invisible"></span></a>.</p>
Recent searches
No recent searches
Search options
Only available when logged in.
nerdculture.de is one of the many independent Mastodon servers you can use to participate in the fediverse.
Be excellent to each other, live humanism, no nazis, no hate speech. Not only for nerds, but the domain is somewhat cool. ;)
No bots in general. Languages: DE, EN, FR, NL, ES, IT
Administered by:
Server stats:
1.1Kactive users
nerdculture.de: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7
#soc2
0 posts · 0 participants · 0 posts today
passbolt<p>Over the last four months, passbolt underwent three independent assessments to evaluate and strengthen our security posture.</p><p>These assessments help us identify and address areas for improvement while confirming our existing security strengths. </p><p>Read more about the latest security reviews: <a href="https://hubs.li/Q039csDh0" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">hubs.li/Q039csDh0</span><span class="invisible"></span></a></p><p>See the findings in the thread.</p><p><a href="https://mastodon.social/tags/SecurityAudit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecurityAudit</span></a> <a href="https://mastodon.social/tags/Cryptography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cryptography</span></a> <a href="https://mastodon.social/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSource</span></a> <a href="https://mastodon.social/tags/PasswordSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PasswordSecurity</span></a> <a href="https://mastodon.social/tags/SOC2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SOC2</span></a> <a href="https://mastodon.social/tags/Pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Pentesting</span></a></p>
Jeff Horton (Elbows Up CanElxn 2025)<p>Had a call today with one of those security compliance vendors (eg SOC2 platform) stuff. I could have closed my eyes and been at a used car dealer.</p><p>- What else are you looking at? Really wanted specific names.<br>- I can do a deal, just need to check with finance<br>- A number of add-ons available at 5k+ each<br>- How long would you sign for?<br>- Can fit so much automation and AI in this bad-boy you won't have to do anything.</p><p><a href="https://mstdn.ca/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://mstdn.ca/tags/soc2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>soc2</span></a> <a href="https://mstdn.ca/tags/audit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>audit</span></a></p>
NosirrahSec 🏴☠️<p>Need some help making sure what I'm writing for SOC2 compliance isn't pure shit, and since searching for anything SOC2 related just results in sales bullshit...</p><p>Was hoping the community had resources saved from their own pains doing this.</p><p>Anyone got resources related to writing up compliant policies for SOC2 compliance? </p><p>I'm shooting out of my depth I feel going from engineering/infosec/operations to writing policies, but if I don't who will? lol</p><p><a href="https://infosec.exchange/tags/SOC2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SOC2</span></a> <a href="https://infosec.exchange/tags/grc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>grc</span></a></p>
isecjobs.com<p>HIRING: SOC 2 Manager, Audit and Certification / US and CA Multiple Locations</p><p>👉 <a href="https://infosec-jobs.com/J107586/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">infosec-jobs.com/J107586/</span><span class="invisible"></span></a></p><p><a href="https://mastodon.social/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://mastodon.social/tags/infosecjobs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosecjobs</span></a> <a href="https://mastodon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://mastodon.social/tags/CyberCareer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberCareer</span></a> <a href="https://mastodon.social/tags/cyber" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cyber</span></a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://mastodon.social/tags/jobs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>jobs</span></a> <a href="https://mastodon.social/tags/cyberjobs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cyberjobs</span></a> <a href="https://mastodon.social/tags/jobsearch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>jobsearch</span></a> <a href="https://mastodon.social/tags/techjobs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>techjobs</span></a> <a href="https://mastodon.social/tags/hiring" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hiring</span></a> <a href="https://mastodon.social/tags/SOC2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SOC2</span></a> <a href="https://mastodon.social/tags/Audit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Audit</span></a> <a href="https://mastodon.social/tags/Certification" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Certification</span></a> <a href="https://mastodon.social/tags/NIST" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NIST</span></a> <a href="https://mastodon.social/tags/HITRUST" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HITRUST</span></a> <a href="https://mastodon.social/tags/CSA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CSA</span></a> <a href="https://mastodon.social/tags/CCM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CCM</span></a></p>
passbolt<p>🚀 <a href="https://mastodon.social/tags/Passbolt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passbolt</span></a> has successfully renewed its SOC2 Type II audited report, with no exception noted by the auditors, for the third time in a row! Contact us to review the report: <a href="https://hubs.li/Q02sxvf00" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">hubs.li/Q02sxvf00</span><span class="invisible"></span></a></p><p><a href="https://mastodon.social/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a> <a href="https://mastodon.social/tags/Compliance" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Compliance</span></a> <a href="https://mastodon.social/tags/SOC2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SOC2</span></a> <a href="https://mastodon.social/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSource</span></a></p>
Thijs Kromhout<p>Fairly simple question regarding <a href="https://infosec.exchange/tags/soc2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>soc2</span></a> reporting:</p><p>Is it possible for an organization to decide not to do a type 1 assurance report and straight go for a type 2?</p><p>Or should one always do type 1 and then type 2?</p>
Marcel Waldvogel<p>Der <a href="https://waldvogel.family/tags/Republik" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Republik</span></a>-Artikel von <span class="h-card" translate="no"><a href="https://chaos.social/@adfichter" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>adfichter</span></a></span> zu <a href="https://waldvogel.family/tags/Xplain" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Xplain</span></a> zeigt auf, dass<br>1️⃣ die Behörden sich selbst immer tiefer in Abhängigkeiten zu Xplain navigiert hatten, <br>2️⃣ für diesen Lock-In keine Exit-Szenarien existieren und<br>3️⃣ Due Diligence vernachlässigt wurde (wieso?).</p><p>Übrigens: Ein IT-Sicherheitszertifikat wie <a href="https://waldvogel.family/tags/ISO27001" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ISO27001</span></a> oder <a href="https://waldvogel.family/tags/SoC2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SoC2</span></a> sagt nichts über die tatsächliche Sicherheit aus, nur dass man viel Text dazu geschrieben hat.</p><p>1/2<br><a href="https://waldvogel.family/tags/TooBigToFail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TooBigToFail</span></a> <a href="https://waldvogel.family/tags/LockIn" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LockIn</span></a> <a href="https://waldvogel.family/tags/FOSS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FOSS</span></a> <br><a href="https://www.republik.ch/2023/09/25/xplain-ein-beschaffungsskandal" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">republik.ch/2023/09/25/xplain-</span><span class="invisible">ein-beschaffungsskandal</span></a></p>
isecjobs.com<p>HIRING: Senior Cybersecurity Analyst, GRC / Concord, MA 👉 <a href="https://infosec-jobs.com/J40475/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">infosec-jobs.com/J40475/</span><span class="invisible"></span></a> <a href="https://mastodon.social/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://mastodon.social/tags/infosecjobs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosecjobs</span></a> <a href="https://mastodon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://mastodon.social/tags/CyberCareer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberCareer</span></a> <a href="https://mastodon.social/tags/cyber" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cyber</span></a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://mastodon.social/tags/jobs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>jobs</span></a> <a href="https://mastodon.social/tags/jobsearch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>jobsearch</span></a> <a href="https://mastodon.social/tags/techjobs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>techjobs</span></a> <a href="https://mastodon.social/tags/hiringnow" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hiringnow</span></a> <a href="https://mastodon.social/tags/job" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>job</span></a> <a href="https://mastodon.social/tags/SeniorJobs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SeniorJobs</span></a> <a href="https://mastodon.social/tags/compliance" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>compliance</span></a> <a href="https://mastodon.social/tags/GRCjobs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GRCjobs</span></a> <a href="https://mastodon.social/tags/SOC2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SOC2</span></a> <a href="https://mastodon.social/tags/PCIDSS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PCIDSS</span></a> <a href="https://mastodon.social/tags/ConcordMA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ConcordMA</span></a> <a href="https://mastodon.social/tags/KAYAK" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>KAYAK</span></a> <a href="https://mastodon.social/tags/NIST" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NIST</span></a> <a href="https://mastodon.social/tags/flexiblehours" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>flexiblehours</span></a></p>
Thomas Strömberg 🚲🌳🛵<p>Today it's my turn to present at the company all-hands meeting, discussing the importance of the <a href="https://triangletoot.party/tags/SOC2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SOC2</span></a> "certification".</p><p>I hope the first slide captures my feelings appropriately.</p>
Thomas Strömberg 🚲🌳🛵<p>Our latest <a href="https://triangletoot.party/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>opensource</span></a> drop: <a href="https://github.com/chainguard-dev/acls-in-yaml" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/chainguard-dev/acls</span><span class="invisible">-in-yaml</span></a></p><p>As part of <a href="https://triangletoot.party/tags/SOC2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SOC2</span></a> <a href="https://triangletoot.party/tags/compliance" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>compliance</span></a>, we've been using this to run monthly <a href="https://triangletoot.party/tags/audit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>audit</span></a> reviews of our ACLs across SaaS platforms: <a href="https://triangletoot.party/tags/GCP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GCP</span></a>, <a href="https://triangletoot.party/tags/Slack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Slack</span></a>, <a href="https://triangletoot.party/tags/Vercel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Vercel</span></a>, etc. </p><p>acls-in-yaml dumps <a href="https://triangletoot.party/tags/ACLs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ACLs</span></a> from each platform into a consistent and neutral <a href="https://triangletoot.party/tags/YAML" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>YAML</span></a> format, which makes it easy to visualize change over time. </p><p>We use this by committing the result into a <a href="https://triangletoot.party/tags/Github" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Github</span></a> repo and getting the PR reviewed by the admins for each system.</p><p>PS: ACL change alerts are also awesome!</p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload