LeeRayl

@[email protected]
340 Followers
210 Following
7.5K Posts
InfoSec Manager, vCISO ish
US Coast Guard Veteran
Service Disabled Small Business Owner
—
Outlaw 🤠
Punk Alt Folk Garage Rock
Harley's, Trikes, and Touring
#Starfield #Fallout random sims
—
Very Neurodivergent with Doctors note
—
Living On Duwamish Land among the Salish Sea Tribes
Who’s Land do you live on https://native-land.ca/
LinkedInhttps://www.linkedin.com/in/leerayl
JetCity Techhttps://jetcity.tech
GitHubhttps://github.com/leerayl
Signalleerayl33
Show threadLeeRayl22h ago

It’s also funny to me that someone on LinkedIn claimed to be the first to coin GRC engineering.

We just did the work not make up titles for a long as time.

GRC Engineering is not really a thing. We just call that engineering. In fact I will go one further and say that GRC Engineering is not a thing as GRC and Engineering are and will always be separate disciplines, as one must be able to provide oversight….

No dude, you didn’t coin anything but I do think your writing about GRC and evidence collection with continuous delivery is cool. We just used to call it integration and tooling.

LeeRayl1d ago

Heh, that company I did work for last year has a GRC Engineer role open.

I applied, it’s a cool company.

LeeRayl2d ago
rsalz2d ago
Delta Airlines is suspending all congressional perks, including special congressional service desk, until TSA is funded. Hope others follow!
LeeRayl2d ago
After a month of feeling like death with no real symptoms other than depression with occasional flu like symptoms I feel a lot better. I hope it’s gone cause it was messing me up.
Show threadLeeRayl2d ago

Because I do silly stuff, I went to the Delve.co career site and they list a Senior GRC specialist role for hire.

Now I am not gonna kick them while they are down but maybe that should have been a hire a long time ago….

Maybe hiring GRC experts is a good thing for your GRC tool/platform when building trust as a new player in the space.

Pretty sure AI would have told you that….

A breach of trust is still a breach. Reputation in a trust industry is all you got.

#InfoSec

LeeRayl3d ago

RE: https://mstdn.science/@memerman/116280030788276149

The Cherry blossoms are out in force across the region. Saw 2 beautiful blooming trees yesterday.

LeeRayl3d ago

Hey #InfoSec family

My heart was lifted this morning reading about the Delve issues and I am ready for it.

I just posted to LinkedIn that I am available to help organizations using tools like Delve, Vanta, Drata, etc… to evaluate their current GRC programs and help them make Risk based decisions on assurances and assessments.

GRC is my jam, compliance is my happy place, controls, I love them, and I have time.

Heck, maybe you’re stuck in this position and need someone to help get back on track, I got you.

So many companies are about to get rocked through TPRM and the “Show me your SOC 2” is not going to be enough.

If you have ever had to meet the GRC requirements of a big financial company or other highly regulated industry, you know the time required to meet the need, your clients will start demanding the same.

Oh, and the insurance industry must be losing their minds now that there is a massive question on security and liability.

Anyway here’s my LinkedIn post if you want to share it, or use it to reach out. https://www.linkedin.com/posts/leerayl_if-your-team-iswas-using-delve-or-any-of-share-7441904958955962369-yaU-

If your team is/was using Delve or any of the “GRC Platforms” and realize the current state of GRC platforms providing assurances is bunk, I can help. I have watched the space for years, worked with… | Lee Rayl

If your team is/was using Delve or any of the “GRC Platforms” and realize the current state of GRC platforms providing assurances is bunk, I can help. I have watched the space for years, worked with many of them, and understand the appeal but they have created a market for themselves that do not serve you. I am a Certified InfoSec Manager, GRC Engineer, InfoSec Program Manager with SOC 2, ISO 27xxx, ISO 42001, TISAX, and FedRAMP/NIST CSF, RMF, AI RMF, 800 53, GDPR, HIPAA, and EU AI Act. I am available to help you find the right level of compliance within your governance requirements to help you move into a more complete and comprehensive solution for your organization. I believe this work is important and requires more than a SaaS solution, it requires humans, tools, and collaboration to prove compliance and meet emerging governance challenges. Before you find out your SOC 2 is worthless because it was rubber stamped by a partner of your software, let me help you get on track, find a good firm that uses professional auditors, and build the assurance model you thought you were getting with that GRC tool. I am currently available to help.

LinkedIn
LeeRayl3d ago
Got out of the house and went for a walk. Lots of raptors out today. Most impressive was the osprey, biggest I have seen on the west coast. Flew next to a bald eagle and it was twice the eagles size.
LeeRayl4d ago
Show threadSarah E Bourne4d ago
@leerayl If all else fails, I just recommended this the other day:
https://mastodon.social/@sbourne/116259545868864364
LeeRayl4d ago

I went to four stores in the South Seattle area looking for a zipper to fix a jacket.

Not one place had anything acceptable. The closest was small pocket zippers. There used to be a time you could go to a store and touch things, even purchase them outright.

Even online ordering is not easy. I just want a YKK #5 style antique brass zipper with pull and locks, 3 foot length tape.

If you know of anyplace let me know, please. #sewing