Security training, compliance, and what auditors actually want
Plain-English notes from a team that's built a SOC 2 developer training product. No marketing fluff. No vendor-jargon.
Do developers actually need security training for SOC 2? Reading the TSC and AICPA source documents
A careful reading of the actual AICPA source documents to separate what SOC 2 requires from what auditors have come to expect.
Apr 16, 2026
SOC 2
AICPA
TSC
compliance
ISO 27001 Annex A.6.3 vs SOC 2 CC1.4: mapping developer training requirements
If you're going through SOC 2 and ISO 27001, you don't need two training programs. Here's how the developer-training requirements actually map.
Apr 16, 2026
ISO 27001
SOC 2
comparison
compliance
OWASP Top 10:2025, what changed from 2021 and what it means for your team
Two new categories, one retired, a major reshuffle, and 589 CWEs analyzed. Here's what changed and the practical work it implies.
Apr 16, 2026
OWASP
security training
application security
How much should OWASP Top 10 training cost? A 2026 comparison for startups
Developer security training prices vary 50x across the market. Here's an honest breakdown of what the major platforms cost and what you get for it.
Apr 16, 2026
pricing
OWASP
security training
comparison
SOC 2 developer security training requirements: what auditors actually ask for
SOC 2 doesn't spell out a training curriculum, but auditors do expect specific evidence. Here's the plain-English list.
Apr 16, 2026
SOC 2
compliance
security training
SOC 2 security awareness training checklist for engineering teams
Ten things your SOC 2 auditor will look for when they sample security training evidence, what each one means in practice, and where first-time programs usually fall short.
Apr 16, 2026
SOC 2
checklist
security training
compliance