• Activity
  • Votes
  • Comments
  • New
  • All activity
  • Showing only topics in ~tech with the tag "consulting". Back to normal view / Search all groups
    1. Data security help - SOC2ish

      Hi Tilderinos, I head up a small startup and we're looking to get some support for our data security. Up until now we've worked with small mom and pops that didn't have any requirements, but a few...

      Hi Tilderinos,

      I head up a small startup and we're looking to get some support for our data security. Up until now we've worked with small mom and pops that didn't have any requirements, but a few of our new clients have full data security teams and our infrastructure and policies/protocols aren't up to snuff. We reached out to a few consulting firms and they quotes us between $80-100k to get things set up and run us through a full SOC2 review. As a small company we don't really have that type of budget, more like $40-50k. I stumbled upon Vanta and Drata as alternatives and had meetings with their sales folks last week. Both of their offerings from setting up our protocols to monitoring and getting us through a SOC2 were only $16k.

      Are platform based companies like Vanta or Drata enough to get us off the ground while we're still getting set up? Has anyone worked with them before and have any feelings one way or the other? Should we be signing on with a security consulting company - be it at a lower rate if we can negotiate it?
      This is all quite new to me and any insight folks here can provide would be incredible useful.

      12 votes
    2. Input please: How to identify the right IT project stakeholders

      I'd like your input for an article I'm writing. Let’s say you’re starting a new IT project. It could be custom software; perhaps it’s a migration to cloud services; maybe it’s a shiny new IoT...

      I'd like your input for an article I'm writing.

      Let’s say you’re starting a new IT project. It could be custom software; perhaps it’s a migration to cloud services; maybe it’s a shiny new IoT project.

      The point is that you're here to build something great. You’re in charge of the design (or an important part of it), and making sure that the resulting system makes everybody happy.

      How do you make sure that you are interviewing the right people to find out what “make them happy” looks like? What do you do to get input from the people who matter for the project’s success… without inviting so many suggestions that it’s impossible to deliver everything?

      Case in point: Ten years ago I was in charge of an online tech community. The company I worked for hired custom developers to build the software platform, but the developers never talked to me. They interviewed the boss, two levels above me (who just so happened to be the person who signed the checks) even though she had never used this online community or any other. Needless to say, the community software they delivered was horrible, missing basic-to-me features.

      Formally this process would be called “identifying the project stakeholders” or “master the requirements-gathering process” but that seems too corporate-speak. I’m looking for real-world examples of what works and what doesn’t, so I can write a genuinely useful article with practical guidelines.

      Note that this is NOT about the questions to ask those stakeholders; that’s another discussion. Here I am writing merely (merely!) about making sure you are speaking to the people whose input you need.

      My questions:
      • How do you decide which people to ask for input? In what way do you find those people? How do you know when you have everyone you should?
      • How do you decide whom NOT to invite? Where do you draw the line?
      • Tell me about the manner in which you learned that lesson. (The hard way. Anecdotes are good.)
      • If you want to be quoted (it's good for business!) tell me (via PM) how to refer to you in the article: Name, title, company name, short company description, URL.

      7 votes