Frustrations with SOC 2 Compliance and Security Theater in Cybersecurity

We all know compliance != security. What is the most frustrating "security theater" control you have to prove for SOC 2? The post describes engineers spending significant time collecting logs, Git histories, and Jira tickets to demonstrate compliance with automated processes. It highlights frustration over evidence-gathering tasks that consume security teams' time and could potentially be automated. The author asks which of these manual tasks is the most time-wasting and ideally suited for full automation.