Startup security starter pack
Inspired by Steve Weis - his version on Google Docs
- Starting Up Security: From Scratch: High level principles to inform your program
- Prescriptive The SOC2 Starting Seven, Latacora: Latacora is a consultancy that helps build security programs for startups. While this post is stuctured around SOC2, it contains a set of tactical controls that you should implement early and will provide a solid foundation for your security program.
- Prescriptive Early Security for Startups, Dev: Dev has been down this road, and helped scale security for hypergrowth companies. He goes so far as to call out specific tools and vendors - something we often elide but can be high-leverage if you trust his judgement. You should.
- Andrew Wansley offers an alternative take on the same topic and structure
- Start with Security: A Guide for Business by the FTC
- BVP: A comprehensive guide to security for startups
- How Early-Stage Startups Can Enlist The Right Amount of Security As They Grow
- Ryan McGeehan's scrty.io: Enough to get through the first two years of a security program. Structed as both a book and a collection of topical article. I recommend Foundations and Fundamentals, to start.
These posts are interesting to show where your program can go, but can be elided if you're treading water as the first person responsible for security.
- A Corporate Anthropologist’s Guide to Product Security, Alex Gantman
- Product Security Framework, Julian Cohen
- Building a Product Security program from scratch, Anshuman Bhartiya
- Building a Corporate Security Program From The Ground Up, Kane Narraway
Conference Talks (war stories of starting security):
- Startup security: Starting a security program at a startup, Evan Johnson, Segment + Cloudflare
- Concrete Steps to Create a Security Culture, Arkadiy Tetelman, Lob
- Starting an AppSec Program: An Honest Retrospective, John Melton, Bronto
- 0 to 1: Startup Security, Coleen Coolidge
- One-Person Army – A playbook on how to be the first Security Engineer at a company