Share this page!

Accidental CISO Profile picture
Twitter logo
12 Sep, 4 tweets, 1 min read
While it is absolutely possible to prepare for a SOC-II audit without outside help, I recommend that startups without a CISO engage outside help as a part of that strategy. A vCISO or consulting company can help bring clarity to the roadmap and accelerate execution.
Especially since most organizations don't decide to pursue SOC-II until there is customer pressure for it and sales are jeopardized. Timing and success become critical.
I didn't have outside help my first time through it. I thought the project was going to kill me. It at took at least 6-8 months longer than it should have because I had to find my way through it, and the audit itself was more stressful and time consuming than it needed to be.
I wasn't a CISO back then, just a manager trying to help. It was during that fateful project that I was first named as the "security officer" in the documentation.

The rest, as they say, is history. I was destined to become the glass of whiskey that you see before you today.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Accidental CISO

Accidental CISO Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @AccidentalCISO

Accidental CISO Profile picture
14 Sep
Shadows
There are flashes of forever
in the glintings of the past.
The shadows make predictions
through the images they cast.

By the eerie light of memories
glowing deep inside the heart.
Phantom silhouettes are dancing
ghosts of fears that will not part.

1/x
I wrote this poem 22 years ago and it still haunts my memory today. A few years later, my wife painted this painting in school. As soon as I saw it, I associated it with this poem.
She was going to toss the painting when the class ended, but I loved it. Thankfully she let me keep it. The painting hangs on the wall in my home office still today.
Read 12 tweets
Accidental CISO Profile picture
8 Sep
Hiring for entry-level roles presents an interesting challenge that I hadn’t anticipated, though, in hindsight, I should have.

When prior experience isn’t required, and there is significant interest in the role, narrowing down candidates to interview is a real problem. 1/x
With “senior” roles, we can look for specific experience or skills to compare resumes and test against some minimum bar. We can look at the types of that orgs candidates have worked for, and what achievements they choose to highlight.
But for entry-level, when prior InfoSec experience is not required, and education, certifications, or other prior experience is looked at as a whole, it becomes much more difficult.
Read 12 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @AccidentalCISO has new unrolls!

Check out other threads from @AccidentalCISO!

Read all threads by @AccidentalCISO

:(