Accidental CISOIf you are doing vendor security assessments for your employer, it is your job to assess the risk associated with vendors so that your leadership can make decisions.
It is not your place to bully the vendor.
Thank you for coming to my Ted Talk.
Trevor@accidentalciso is it bullying to tell the vendor the SOC 2 report they provided is actually from their data center provider and doesn’t mean they themselves are SOC 2 compliant. Also insert HIPAA or PCI interchangeably.