This explains why the aws sales engineer assigned to my account updated his linkedin last week to looking for new opportunities. He lives a few hundred miles in the middle of no where.
I was out at Defcon this year and it was all about AI this, AI that, AI will solve the worlds problems, AI will catch all threats, blah blah blah blah...
I work with people like this. The least skilled, least experienced, least productive people on my team constantly recommend “AI” solutions that are just a waste of time.
I think that’s what people like about AI, it’s hope, maybe you won’t have to learn anything but still be productive. Sounds nice ?
I was at a UX / Usability conference and it was basically the same. Everyone talked about AI here and AI there, but no one had an actual usecase or idea how to incorporate AI in a purposeful way. I can genuinely understand, why people feel that AI is a fad.
When you do this kind of stuff, you make American companies less competitive as a whole. If GM can get as good software for cheaper by outsourcing (granted, they almost certain cannot), then they should do it because that might help save tens of thousands of other jobs within the company and broader economy. The government should not generally be in the business of telling companies how to build software.
I don't agree with this. The US government needs to encourage an economic structure that is best for US citizens. The company is not looking to save other jobs, but rather to increase their profits for stakeholders. Other industries are highly regulated, such as Medicine, Law, or otherwise have tariffs that combat against this. This is also a slap in the face to the US citizens that bailed out the company previously.
Literally everything that does not require a US stamp or certification is being outsourced. Mechanical Engineering, Civil Engineering, non-software architecture, customer support, project management, and even accounting. This is not good for the US as a country. American workers are not competitive right now, unfortunately, considering the high cost of living and strength of the dollar. Also, American workers will find it hard to get a work visa in a very low cost of living country if they do wish to pursue a career where their field has been outsourced.
I worked for SITA ( https://en.wikipedia.org/wiki/SITA_(business_services_compan... )back in the late 2000's. They had a massive X25 serial network connecting airlines across the globe. Some of its customers were still running Windows 3.11 in the data center on old AT system. We would buy old computers on craigslist and ebay to keep hardware around for when it failed. I wouldn't be surprised if those systems are still in use today.
Waiting that 12 months to really demonstrate you have a working security program with efficient controls really pays off. It's something I look for when doing vendor reviews and I assume others do the same.
For the first SOC2, I don't hold this against a startup (I appreciate they are going through the efforts this early). Would want to see it become 6 month/1 year as the program matures. A vendor like this is low risk (aggregator of "public" information, limited data sharing, etc).
I have all sorts of issues with Vanta/Drata "compliance as a service" tools, but adequate for something like this, at this point in time.
Tbf, I’ve found it’s a good sign when an org goes through this pain early on - less chance for tech debt to pile up.
Most of my employment has been in the security auditing/testing space, and the difference between “bolting it on later” and “building it in from the start” is incredible from both a purely technical and a process standpoint.
NSA and FBI both approached previous bitlocker devs to insert backdoors in the early days. It's no secret Microsoft cooperates with federal government branches to ensure the government keeps using their products. Further because bitlocker is closed source, there hasn't been any outside research done on the code.
"This is your life, and it's ending one minute at a time." - Tyler Durden