quick question for the dev/cybersec folks here. dealing with a wave of non-tech dpo/compliance types askin for audit proofs but they literally dont get basic architecture…

whats ur go-to excuse or techno-babble to get them off ur back when they ask for impossible stuff??

i usually just drop the classic “its covered by the aws shared responsibility model” or mumble somethin about “ephemeral instances & dynamic salts” and they just nod and leave 🤷‍♂️

lookin for some fresh red herrings or jedi mind tricks for the arsenal. how do u guys contourn the endless audit loops???