Skip to main content

Hacking the Compliance Kernel

Abstract:

Keeping up with regular compliance tasks can be draining and feel unrewarding, causing many to be overlooked or ignored. Ignoring these tasks can negatively affect our organizations and impact our job security. But if we don’t ignore them, we risk falling behind on other obligations and getting burned out.

Rather than ignore these tasks and risk burnout, we need to find the sources of compliance burdens and hack them.

What makes a hacker is not a hoodie, it is finding ways to accomplish tasks using creative and effort reducing methods. Hacking is not limited to the red-teamers of the world. Blue-teamers also need to hack the tasks preventing them from performing the more enjoyable parts of their workload. We can
hack compliance by doing the following:

• Use tools like the Unified Compliance Framework to create one control to rule them all.
• Put automation and calendar reminders to work doing your job for you.
• Spend time to understand requirements to avoid wasting time on controls that are not relevant.
• Stop making the perfect the enemy of the good; something is (almost always) better than nothing.
• Create enduring policies and dynamic procedures.
Putting in a little extra effort up front will pay dividends in time, resources, and reduced stress.