← Wiki

Startup Security Starter Pack

A curated set of resources for building security programs at early-stage companies

Security Programs Jan 2023 (edited May 2025)

Foundation

High-level principles and tactical controls for getting started.

• Initiating Security From Scratch at a Startup - High level principles to inform your program
• The SOC2 Starting Seven - A set of tactical controls that you should implement early
• Security for Startups - Goes so far as to call out specific tools and vendors
• Minimum Viable Secure Product (MVSP) - A minimum security baseline for B2B software suppliers

Intermediate

Resources for scaling security alongside company growth.

• Start with Security: A Guide for Business
• Bessemer Venture Partners: A Guide To Cyber Risks
• The First Round Review: Security for Startups
• How to make AppSec decisions at a 50 person company
• Creating a Security-Conscious Culture

Advanced

For security leaders managing larger programs.

• Figma: Building a Product Security Program
• Cloudflare: How we think about security programs

Talks

Conference presentations from practitioners.

• BSidesSF 2019: Creating a Security Program at a Startup - Segment
• BSidesSF 2019: Building an AppSec Program from the Ground Up
• ShellCon 2018: First Security Hire - Lob

Framework

• scrty.io - Ryan McGeehan’s comprehensive resource covering ~2 years of program development