Everyone’s selling “continuous compliance” right now. Cool. But what does that look like in a real company with real humans? Today we tackle this topic thanks to 2 related listener questions.

Question 1: Is continuous compliance actually happening in smaller SOC 2 / ISO programs, or do we all still sprint before audits?

Question 2: Our SOC 2 deadline is close and training completion is stuck at 20%. How do we fix this without turning into the Training Police?

In this episode, we referenced some videos on social engineering. Here are some links to our favorites:

• https://youtu.be/lc7scxvKQOo?si=DxCSbATtVNEsl8Vf
• https://youtu.be/PWVN3Rq4gzw?si=InAvEbxQ-VrCya2y

Want to get your own questions answered? Head on over to https://blacksmithinfosec.com/ask