Documentation is super boring, right? Yet it's critical to getting your client/audience excited about making their security better!
In this episode I talk about my mixed feelings towards the "big" standards like ISO/NIST/etc. and how a more tactical, down-to-earth documentation approach might be more effective in some cases. And I think we need our documentation to be much more focused on consultation/remediation and not just "Hey, your security sucks...and these next 100+ pages will tell you exactly why!" We can do better!
Yes, this episode is like 18 minutes because, well, I guess I'm really passionate about documentation. :-)