Sign In

Cybersecurity insights from leaders with experience

Starting your cybersecurity journey can feel daunting - but we’re here to help. Check out these insights from our expert staff.


Why Trust Assets Are Essential to Growing Your Business

B2B companies are confronted by a new challenge in accelerating their customer acquisition. The challenge is often described as needing to complete a...

HIPAA + SOC 2: Why Tackling Them in Unison Makes Sense

HIPAA and SOC 2 compliance are essential milestones for any business that deals with the storage or transmission of consumers' data and health...
hipaa + soc 2 in unison

Useful Tools and Products for Startups that Won't Break the Bank

We are often asked for recommendations for cost-effective, bare minimum products and tools to help with SOC 2 compliance. Cost can be a driver or a...
hand holding a brain to share SOC2 tools

Announcing Our Series A!

I co-founded Strike Graph with Brian Bero in the Spring of 2020. We saw the need for a simpler, customer-centric security compliance solution that...
Strike Graph Leadership Team

How much time does it take to prepare for a SOC 2 audit?

The length of time required to prepare for your SOC 2 audit is really determined by two factors: the maturity of the processes in your organization,...
business woman in Hijab

SOC 2 test exceptions - What are they and how to address them

Co-author: Steve Seideman, Principle Security Consultant at Prescient Assurance Your type 2 SOC 2 audit is underway and appears to be going well....
Confused woman with hands up

Why SOC 2 is also an operational governance framework

Unlike some frameworks that have a narrower focus, SOC 2 requires you to demonstrate solid corporate governance practices across the organization....
two people fist bumping

Security Questionnaires 101: The Basics

Let’s talk about the dreaded security questionnaire - also known as a vendor assessment, third-party vendor assessment/questionnaire, or cloud...
woman karate chopping a stone padlock

Deciphering integrations and automation in SaaS IT compliance tools

Your organization is unique. Different organizations are at different stages of IT security maturity, and a one size fits all ‘integration’ may not...
hands at keyboard with cogs overlay

Skipping a Type 1 on your SOC 2 journey? Think again!

The following appeared as an article on Security Boulevard We’re often asked by our customers who are embarking on the SOC 2 journey: Can we skip...
man looking at two dashed lines

Interview with a Penetration Tester

We are often asked for advice on how best to prepare for a penetration test. I sat down with Adrian (we’ve disguised his real name to protect his...
person in hoodie with text of penetration test overlaid

How to select a SOC 2 auditor

(The following originally appeared as an article in Security Boulevard) Choosing a SOC 2 auditor can seem like a panic-inducing process. How do you...
Crystal ball and hands

Takeaways from Biden’s Cybersecurity Executive Order

A review of lessons learned is a key component of any good incident response plan. After the SolarWinds attack, the US Government considered their...
incident response icons

Top 9 Cybersecurity Measures for Remote Teams

(The following is an excerpt from recently published piece on   Many organizations had to quickly adapt to a work from home model...
Cat on Keyboard

Five Lessons Learned from Our Own SOC 2 Journey

There is a saying that the cobbler's kids have no shoes. Not in our case! We ate our own dog food and tackled a SOC 2 Type 1 using our Strike Graph...
man at laptop at peace

Pen Test FAQs

Penetration testing (also known as  “pen testing” or “ethical hacking”) is an authorized, simulated attack on a company’s computer system, network,...
ones and zeros penetration testing

The Secret Ingredient for a Smooth Audit

Readiness. You will encounter this word often as you start to research SOC 2. It is typical for auditors to include a readiness phase as part of...
Secret for a Smooth Audit

Our #1 Tip for Completing Security Questionnaires

Are you searching for an efficient way to complete security questionnaires so that you can move along quickly and make that sale? Wouldn't it be nice...
Man in a sea of question marks

The Dangers of a Checklist Approach to SOC 2 Compliance

When our customers are eager to begin their SOC 2 preparations, they always ask us which policies they should draft first? We don't have them start...
Business man in a swarm of policies

What are Complementary User Entity Controls (CUEC)?

Complementary User Entity Controls, or CUECs, are the controls that you, as a SaaS (or other services) company want your customer to have in place in...
Woman thinking about audit lingo with curvy thought arrows

The Difference Between SOC 2 and ISO 27001

Are you deciding between a SOC 2 audit or an ISO 27001 certification? The Easy Answer: Go with the one your customer is asking for! But what if...
Man at a crossroads choosing between a SOC 2 and ISO 27001

How Much Does a SOC 2 Audit Cost?

There is some truth to the adage, “You get what you pay for.” How many times have you saved a few bucks by going for the cheaper option only to have...
value vs cost scale

System Description Series: How to Describe Your System Boundaries

For many organizations, creating the System Boundaries section of the System Description can feel like a painful slog. You’ve worked so hard to...
woman reading a report

How SOC 2 Auditors Test

You are ready for the SOC 2. You have chosen an auditor and you are confident that your controls are working. Now what? Getting audited can be a...
Audit hovering over an open hand

Are You Ready for Your SOC 2 Audit?

No one wants to go into a SOC 2 audit blind or unprepared. So how do you know when you’re ready? Whether you tackle your SOC 2 preparation solo, or...
Ready for a SOC 2 Audit

Got Your SOC 2 - Now What?

You just got your final SOC 2 report back from the Auditor. You sent the report off to the customer that wanted it and a Big Deal has just been...
Got your SOC 2 Now What

SOC 2 Controls and a Remote Workforce in 2021

We are often asked for guidance on the controls that auditors will look for in this new remote reality. A web search for “work-from-home best...
SOC 2 Controls and a Remote Workforce in 2021

How Long Does it Take to Get a SOC 2 Type 1? | How Long Does it Last?

A big sale is on the line. Your customer requires that you achieve a SOC 2 Type 2 certification before they will sign the contract for your service....
SOC 2 Type 1 Finish Line

SOC 2 Trust Services Criteria: How to Choose in 2021

For organizations beginning their SOC 2 journey, figuring out which of the five Trust Services Criteria (TSC) to include in their scope can seem like...
man looking at closed doors

What (the bleep) is a Control?

A lot of lingo gets tossed around in the compliance world: Criteria, Standard, Point of Focus, Narrative, Control Owner, Test of Operating...
What is a Control?

5 Things Founders Should Know About a SOC 2 (2021)

If you are like us, you wish you had a SOC 2 Fairy Godmother to guide you through the convoluted SOC 2 compliance process. We have something better:...
Soc 2 Questions

How to use Your Cybersecurity Program to Drive Sales

There is a stretch of time in your organization’s SOC 2 journey where security practices are being established or refined. Sometimes they are being...
Pre-audit cuber security program drives sales

System Description Series: Adding Additional TSCs

Weaving Privacy into Your System Description We are often asked how to best weave the Privacy, Confidentiality, Availability and Processing Integrity...
Editing a report

Service Commitments and System Requirements

What are ‘principle service commitments and system requirements’? Embedded deep in the depths of the System Description is a small, but critical...

System Description Series: Creating Trust in Company Leadership

One important and often overlooked use of the System Description (sometimes called a Section 3) is to demonstrate to your existing and potential...
Creating trust in company leadership

Crawl, Walk, Run: We understand the SOC 2 journey because we have been there

At Strike Graph we know the challenges faced by smaller companies and startups when they embark on their SOC 2 journey. We experienced the sticker...
SOC Compliance Whiteboard

Announcing Strike Graph v1.1: System Description & Enhanced SOC 2 Dashboard 2

Strike Graph is excited to announce the release of v1.1 of This release contains a new major feature: the System...
Enhanced SOC 2 Dashboard 2

Security Theater:  Not another policy!

It’s such a common theme. You need to establish a cyber security program so that you can get your SOC 2 certification and the first thing that an...
Security Theater

Strike Graph Launches With $3.9 Million in Funding to Automate Security Audits

SEATTLE--(BUSINESS WIRE)--Strike Graph, a compliance automation startup, today announces its launch and seed funding of $3.9 million, led by Madrona...
Strike Graph Founders

Don't fail your SOC 2 with a "just do it" attitude

We’ve all heard “Just Do It”. Since 1988 it’s been a mantra for a certain shoe company and five years ago became a meme for motivation, thanks Shia...
Don't Fail SOC 2

Is your edtech meeting security standards?

By:  Josh Jarrett The current global pandemic has thrust the education industry into 100% online learning. Institutions and educators are...
is your edtech meeting security standards

Valid8 Financial earns their SOC 2 with Strike Graph

Chris McCall the CEO of Valid8 Financial was pushing hard to get his SaaS platform adopted by a Fortune 100 customer. Valid8 is an innovative...
Valid8 earns SOC 2

Welcome to Strike Graph

While CTO at a prior startup we had developed an amazing new AI product. Our product was an exciting innovation in the ability for companies to...
Welcome to Strike Graph

Learn how you can leverage Strike Graph for your cybersecurity needs