Playbook
Security Baseline for Seed and Series A
Engineering
7 min read
The 12 controls
- SSO on all internal tools
- Hardware keys for admin accounts
- Password manager mandatory
- Encrypted laptops with MDM
- Prod access via bastion or IAP only
- Secrets in a manager
- Automated dependency scanning
- Basic WAF or Cloudflare
- Backups tested monthly
- Access review quarterly
- Incident response runbook
- Vendor security review before contract
What buys you the deal without SOC 2
A 3-page security overview + the 12 controls documented + one named security owner clears 80% of mid-market procurement.
Newsletter
The Operator Memo
Bi-weekly notes on fractional hiring and executive playbooks.
No spam · Unsubscribe anytime