I am looking for recos for independents who are willing to conduct security audit for our company. I am CTO decision maker. Any pointers appreciated.
Details below:
We are a B2B startup that has scaled to 3 digit M revenue. Our business is overseas (not US). Key decision makers are however from valley, some with serious startup/FAANG exp including me.
- Core of our platform includes customer facing apps (native android), e-commerce customer, order and item/catalog workflows hosted in GCP (native java some ruby on rails, unfortunately mostly one SQL) - third party tools that integrated running warehouses. - We are above average in GCP cloud security as per Google (we use lot of tools and are auditing sec command center)
We need to conduct a security audit for software in the cloud (where most critical data lives) as well as for our physical IT infra (laptops, routers, policies etc).
Key Question: 1. What should I include in RFP for a very tech and automation driven + cloud centered security audit? 2. How about Vanta and many of these startups who give you automate compliance. Any pointers appreciated. Thx!