Startup Security Program — Pre-seed → Series A · 90 days
Foundations bundle for pre-seed → Series A startups: policies, basic controls, vendor reviews, and audit-ready posture in 90 days.
Coverage that goes deep.
Foundations bundle for pre-seed → Series A startups: policies, basic controls, vendor reviews, and audit-ready posture in 90 days.
- Security policies & procedures
- Asset & data inventory
- IAM hardening (Google Workspace / M365)
- Endpoint security baseline
- Vendor risk reviews
- Privacy compliance basics (GDPR/DPDP)
- Security awareness training
- Incident response runbook
- Timeline
- 90 days
- Methodology
- NIST CSF 2.0
CIS Controls IG1
ISO 27001 Annex A (subset) - Category
- Advisory
- Re-test
- Included after fixes
Every engagement is led by a CRTO/OSCP-certified senior engineer with named accountability.
What you get back.
A structured deliverable pack you can hand to engineers, auditors and the board.
Policy pack (15 documents)
Asset inventory
Quarterly risk review
Audit-prep package
How we work.
Scope
Confidential scoping call. We agree assets, environments, exclusions and timing.
Test
Active testing per agreed methodology, with daily check-ins on critical findings.
Report
Executive + technical deliverables. CXO presentation if you want it.
Retest
Re-test included after your team applies fixes. Certificate issued on pass.
Common questions.
Why a 90-day program?
Tell us about your environment.
A 30-minute scoping call — confidential, NDA-protected, complimentary. Our senior security team will respond within 4 business hours.
- Named senior engineer on every project
- In-house tools in production · ISO 27001 aligned practices
- 4-hour breach SLA · 5–10 day delivery