[rkwz]

> There's a big catch because often someone skilled enough to answer these questions would be better served actually doing things, e.g. writing code, and the people who can fill out these questions but not skilled enough to do the actual things are a weird middle-ground of mediocre that is hard to find. Really big companies often solve this by just paying overskilled people to do this for a few years, which is expensive and soul-destroying for the skilled person.

This is a really insightful comment, how do companies get around this issue (apart from paying overskilled people until they burnout)?

[mushufasa]

I do a lot of these myself (technical founder, willing to do dirty work) but there comes a point where it's not a good use of my time for all but the biggest opportunities, because these things are so time intensive and I need to wear many hats. In fact, I wouldn't be surprised if that's what's going on at Framework now.

I would love to hear if anyone has different suggestions. For reference, we already employ outsourced ciso/cyber vendors (think of vanta, strikegraph) but, while they can help draft responses to these things, they can't do the last mile of certifying and submitting on your behalf, so in practice we still need some skilled internal resources to accomplish these