SOC 2 for Engineers: What It Is and Why Your Terrible Tagging Strategy Is an Audit Failure Waiting to Happen
I’ve walked into companies mid-way through their first SOC 2 audit, and the scene is always the same: a palpable sense of panic. A senior engineer, who usually commands a fleet of Kubernetes clusters with ease, is white-knuckling a mouse, desperately trying to pull together a spreadsheet of every production EC2 instance. The auditor just…