Stop claiming that SOC is an information security certification. Stop treating SOC2 Type II as an indicator of anything other than achieving SOC2 Type II, a standard created and audited by accountants.

As I wrote in 2021, SOC2 provides a highly valuable set of data in an easy-to-consume form, but even its creators will tell you it was never intended to serve as the sole criterion for a risk-based decision - something that often happens.

@fuzztech WHAT?!?! Are you saying it's all security theater with a two drink minimum? *shocked I say, SHOCKED*

@fuzztech I wonder if the name collision with Security Operations Center was intentional...

@fuzztech To be frank, it seems unlikely that IT experts could do any better than accountants.

@tasket Word. But if I were writing a spec I doubt I would start, for example, by making an accounting certification created and implemented by IT experts. Hey it could be a really numerate IT guy but he just isn’t an accountant.

@fuzztech The difference is that the IT field doesn't know what its doing.

Computer scientists don't give a flying f_ck anymore about advancing the field with respect to the systems used for everyday business; if computer security is a dumpster fire the response is always to make the dumpster smaller and faster.