Work With Me

SOC 2 Consulting

Your team is busy and your business is growing. You need someone who gets startups and security compliance to help you balance current deliverables with that looming SOC 2 deadline. My approach is consultative and collaborative. Together we’ll get the right tools, people, policies and processes in place to make it happen. I have first hand experience building a SOC 2 program with American and Canadian SOC standards, AWS and Azure infrastructure, for firms serving government, big pharma, large enterprise and investors.

  • • Confirm scope: App(s), personnel

    • Align communication: Cadence, channels (access), timezones, preferences

  • • Assess risk & map to SOC 2 controls

    • Review best practices, resources, timeline and budget

  • • Source and differentiate security compliance vendors

    • Assist in policy development, evidence collection and project management

  • • Develop sales enablement scripts, and website copy

    • Assist in presenting to investors, partners, customers, and leads

#SOCit2me

“Everyone has a plan until they get punched in the face.”

- Mike Tyson

InfoSec Marketing

Your company is past the point of infancy, you’ve got some stickiness in the market and your team can’t get their head above water to strategize the next growth plan. My approach is to understand your market, differentiators, and stakeholders so we can collaborate on a plan and execute.

I have first-hand experience marketing an awareness/risk mitigation PaaS, mapped to NIST to highly regulated industries, (2.5M inbound 2 mo), selling ethical hacking and secure coding training to startups and security firms (2x annual revenue, yr 1), and creating sales enablement scripts and content in various sectors (training modules for transient team, 25% revenue increase, yr 1).

  • • Confirm deliverables: Buyer/partner profiles, blog copy, sales enablement scripts

    • Align communication: Cadence, channels (access), timezones, preferences

  • • Analyze existing materials: Pipeline, sales decks, partner lists, value prop, client base

    • Meet the people: Internal/external intros

  • • Experiment: Draft blog content, buyer profiles, edit sales enablement tools

    • Receive feedback: iterate messaging and deliverables based on internal/external feedback

#ClientSafari

Change before you have to.

- Jack Welch

We practice what we preach and value our clients’ security, privacy and reputation in addition to our own.

As such, the following security best practices are in place with Kassia Clifford Consulting:

Anti Virus, hard disk encryption, OS auto-updates, screen lock

Device Security

Password manager, complexity, MFA, VPN, aligned to least privilege principle

Cloud Security

Security awareness training, incident response training

People Security