Case Study – Security Audit

If you don’t know what a SOC 2 Type 2 Audit is, don’t worry because I didn’t know either. I had turned down a position as a permanent copy editor (I wrote the manual for the department and trained a person for the position), instead opting to take on the role of a project manager. It wasn’t long before I had my first massive assignment – do whatever it takes to pass the audit and achieve compliance.

My specific task was twofold: first, I would be writing the bulk of the actual report. A simplified process at this time because I knew all the ins and outs of the company. I wrote training manuals for multiple departments, and had cross-trained for almost every single position. With a strong background in writing, compiling a slick, detailed report turned out to be a breeze.

The second major task proved more daunting: build an internal database for the purposes of housing the HR and IT departments. My background in coding was limited to HTML I played with in high school on notepad and MS FrontPage. I was given no budget, no team, and no guidance for putting together the database. Just a three month deadline. No pressure, right?

The first program that popped in my mind was MS Access since it had sat there on my desktop, collecting dust for years. Access = database, I thought. I discovered I needed to know two programming languages to get this right: VBA and MySQL. I immediately purchased a ‘Dummies’ book, located a handful of forums where database conversations were taking place, and got to work.

I remembered a simple trick clockmakers would use in order to master the craft: take apart the clock and then put it back together again. So, I grabbed a database off the interwebs, broke it apart, examined the coding, and put it back together. This built my confidence up.

Looking back I wish I had done some wire-framing. Although, at the time, I didn’t know what wire-framing was. Regardless, I built a database, from scratch, that housed both the IT and HR departments. I did it in three months while also compiling the SOC 2 Type 2 Audit report. Best news of all? We passed the audit and were granted compliance. At $20k+ you could say it’s the most expensive exam I’ve ever passed.

This would become the foundation for my present study in Python and R programming. It also proved to me that with dedication, discipline, and a deadline, I could accomplish just about anything. Well, almost anything. Lastly, I really don’t like VBA, but it is what it is.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s