2024-08-07 –, Firenze
The SOC2 Type II from the American Institute of Certified Public Accountants is the de facto standard of security audits in Silicon Valley. However, its roots lie in a different time and context. In this talk, I'll reinterpret SOC 2's objectives through the lens of Gen-Z as well as give 5 EFFICIENT and ESSENTIAL steps for obtaining SOC 2 certification at a startup-level. I'll highlight its strengths, pinpoint potential pitfalls, and keep you all in the loop with my Gen-Z perspective.
Over the past few months, I had the opportunity to witness Series C security startup, Semgrep, navigate its SOC 2 certification. I was also interested in the general understanding of SOC 2 with engineers, so I went and interviewed 50 of them to hear their viewpoints! I uncovered surprising insights into SOC 2, GRC, and security policies.
In this talk, I'll share the essential steps for obtaining SOC 2 certification at a tech startup, providing quick and straightforward strategies for success. Drawing from Semgrep's experience, I'll highlight the crucial steps for a smooth certification process.
From a modern viewpoint, I'll call out the parts of SOC 2 that surprised me the most and I’ll delve into the areas that I saw drive real value for our company. We’ll have a bit of fun, critiquing SOC 2 with a Gen-Z lens. Lastly, I’ll touch on things that SOC 2 doesn’t demand but should be part of any modern security program.
The key things that I hope you take away from my talk are what to expect when you start to pursue SOC 2 certification, traps to watch out for, and ways to make it as painless as possible.
Charissa Kim is a Security TPM at Semgrep. She has spoken on various panels and presented at conferences such as the National Cryptologic Foundation (NCF), National Institute of Standards and Technology (NIST), National Initiative for Cybersecurity Education (NICE), and many others. Charissa also founded Cyber Youth Tech (CyTech), a non-profit organization devoted to empowering the next generation of STEM and cybersecurity professionals. Furthermore, Charissa directed and produced K-12 Cyber Talk, a cybersecurity webcast sponsored by the National Security Agency, providing a welcoming environment for K-12 students to learn and explore cybersecurity along with its diverse career options and opportunities. She is also the first female All-American from the National CyberPatriot and Northrup Grumman Nationals competition."