Jeff W.

Irony: demo for new trust center access functionality that requires me to do auth to a vendor I don't currently use requiring a review of their trust center.

From a tracking perspective, that makes sense. The challenge I see is that I'm then doing one link per client. That may be the "correct" way to do it for veracity but seems time consuming. I'll have to think more about it.

Ah, the joys of being complex. 🙂

We produce risk intelligence. We have numerous data sources where we are a processor. We aggregate this data and layer on our analysis and we are controller of that amalgam. Our clients have data where they are controller. We match our data to theirs which, IIUC, results in joint controller status of that intersect. I don't want to enter things twice - as controller and as processor- so was thinking a joint control framing could be useful.

Yes, I'm using claude. And, yes, listing the external skills that are dependencies would be useful. I just tagged you on an older thread where I shared my prompt for it.

This looks very much aligned to what I'm doing but with a couple of sections different. Martin G. would you be willing to share your prompt or a redacted version of it?

Truthier truths have never been truthed.

Jason, I disagree. ATS as a model is completely broken. The only successful approach I have seen in 25+ years is employee referral. Read an article earlier this week about research against ATS systems. A human written resume versus the same resume rewritten by AI. The AI one won in 95% of cases. More telling, when the same resume was rewritten by each of the major AIs, like selected like more often than not (e.g. Grok chose a Grok generated resume). It's all about precise matching of the words in the JD. If the JD requires the CISSP cert, you'd get credit even for say "I do not have a CISSP" because you'd have the pattern match. It's explains so much with regards to all of the complaints I've heard over the years about people sending out 100 applications and not getting a single reply..

Contrarian view. Certifications start conversations and nothing more. If that's what you're after (like I was early in my career)-- they are fantastic. It's a third party attestation for passing the "you must be at least this tall to ride this ride". That said, for all of the many certifications I've gotten, the only three with any lasting value at all were my CIPP (I sat in the second test session so I was one of a very small number certified when I got it), NSA Infosec Assessment Methodology (because even though it was niche, saying I was trained by the NSA was a strong bullet point on the resume for years), and my Compaq ASE because it required a ton of actual capability in order to pass and because it came with a very nice screwdriver that I use 30 years later and long after Compaq disappeared from view. I never once got value from having a CISSP, or Bay Networks, or Cisco, or Microsoft certifications except to list them like alphabet soup on resume or on a title slide. I quickly learned that I was better off demonstrating capability than having a pile of certs. To make this post more practically valuable, if I was starting over, I would only do certs which required the demonstration of actual, real-world skills. I'd avoid certs in the security space and focus on adjacent areas- AI like Jason mentioned (though probably not CompTIA since it's fairly basic), or Certified Anti-Money Laundering Specialist from ACAMS.org to show that my breadth goes beyond security and into the applied side of that in the fraud space.