We have a SOC2 report type II, and security questionnaires/meetings are still there. Once we had a security questionnaire from a potential customer, took a glance at it, told the customer "hey you can find all of the answers in our SOC2 report and in our CAIQ (CSA)", they told us to still fill the questionnaire...
The objective of most companies is to make money (let us be honest), thus the objective of the information security team is to make sure that the organization can achieve its objectives.
Thus, a lot of times, to sign customers, you need to be secured, as an IT/Security department can easily shut down any SaaS project if it is not secure enough. Having a certification like ISO 27001 or a report like SOC2 can really be helpful, and is sometimes a necessity. So ask yourself "does our company needs a SOC2/ISO 27001 to sign customers? Is it a blocker for our business?". You never want to achieve compliance "just because", you need a business reason to do it.
We started building our security program (ISMS) based on ISO 27001 (which is a really good basis in my opinion), but decided to get a SOC2 report instead. We started with a SOC2 type I report, then a type II. I personally find that a SOC2 is much more flexible than an ISO 27001 certification.
We mainly deal with big European customers, and SOC2 and ISO 27001 are seen as equal; never had a problem there. Most customers don't even read the report to be honest; it's a check in a box.
Having a SOC2 report or ISO 27001 certification shows that you care about security, and it sets the tone from the start.
I find that Joe Rogan can be sometimes hit or miss, but for the most part, he has some interesting guests, the conversation with his guests are "natural" and does not seems forced, and I find that he knows how to ask good questions
This is actually the best suggestion of the bunch, at the moment, at least for the most critical Word documents we have. It's cheap enough that I can try to sell it internally with minimal effort. It even has a readonly api that I could use to package the final versions of this or that. The only weakness for my usecase is the lack of support for Powerpoint, which hopefully will come at some point.
Good ressources. I've been following Ryan Mcgeehan for a few years, and he's really dedicated to the development of simple risk management techniques. Risk management can be really difficult to grasp.
Same, we use gsuite MDM for BYOD just to ensure that personnel's devices have basic security configurations (e.g. encryption, lock screen, etc.) Beyond that, this MDM is quite limited to what's possible to accomplish.
There are multiples reasons to not use a pie/donut chart as it does not (most of the time) help to better understand the information presented. Edward Tufte and Stephen Few (both experts in data visualization) have given multiple arguments against pie charts. See the link for a good summary on the subject
My gripe with this edict is that it is not as relevant in the age of dashboards and interactive data. The same reason they were often a bad choice in static views, can be a positive within an interactive dashboard - a busy pie chart indicate visually that selection filters are not granular enough for the design criteria of the view.
You'd never use a pie chart? What if it's just more visually pleasing to the rest of your page design and you only want to convey roughly how say 3 data values compare in size?
They may be visually pleasing, but humans just cannot process angular magnitudes at a granular level.
A bar chart where one bar is 25% larger than another is obvious, a pie chart with the same is not obvious. Numeric labels are needed, because the chart itself does not serve as a useful visual reference.
It may look nice, but it does no good. Especially once you have more than a handful of values!
My point is making sometimes look good or to draw the eye of the user can be a big enough factor to use a pie chart. Maybe you're only showing two values and only need to convey if one value is larger or a lot larger than another for example.
If you are comparing 2 values, sure, maybe. But 40% versus 60% still won't be the most obvious thing other than "60% is larger", understanding the magnitude of the difference will involve more thinking, flat out. Taking more mental processing power to understand a visual chart is a bug, not a feature!
At this point you may as well write it longhand, "X is much larger than Y". Since promoting anything less than maximally accurate beliefs is an act of sabotage on your fellow human beings, you have to ask yourself why are you using a pie chart - because it's not to provide value for users.
