I've crafted a "Startup Security Due Diligence Survey" primarily aimed at startups from seed to Series C stages. The intention is to gauge how startups perceive and handle security matters during their early and mid phases.
However, if you're outside this range, either pre-seed or post-Series C, your insights would still be valuable. We believe that gathering a broader perspective can provide more comprehensive results and potential benchmarks for the community. All responses are anonymous, with an optional field for your name and email at the end in case you want to see full results
A little about us. Our mission is to reduce data management problems in the security industry, providing clear insights and guiding action to reduce risk. We are building the first security data cloud platform to make security data easy and accessible for DevOps and cloud engineering.
We thrive on collaboration, teamwork, and a transparent environment of proactive communication and responsiveness. We are a customer-first company, and work closely with our customers to solve all their security data challenges.
Position available:
Backend Engineer
Data Analyst
Data Architect
Data Engineer
Integration Engineer
Site Reliability Engineer
Software Engineer in Test
Positions: Data engineer, backend and full stack devs
Contact: hiring@trymonad.co
Monad is a seed stage cyber security startup backed by a top tier 1 VC. Our mission is to focus on reducing data management problems in the security industry while laying the foundation for more holistic security features. We empower security teams and engineers to leverage their most critical security data streams to communicate to their peers and business leaders.
Remote first | based in Bay Area | hiring across U.S and Canada. | Full time
Positions: Data engineer, backend and full stack devs
Contact: hiring@trymonad.co
Monad is a seed stage cyber security startup backed by a top tier 1 VC. Our mission is to focus on reducing data management problems in the security industry while laying the foundation for more holistic security features. We empower security teams and engineers to leverage their most critical security data streams to communicate to their peers and business leaders.
I have done a fair bit of reverse engineering to date including malware analysis. Havent read all the comments but of course a safe environment is important. Virtual environments can even be broken out of if you dont know how to debug simple samples that check for disassemblers or debugger presence. I recommend if you want to get some hands on experience checkout https://nostarch.com/malware (Practical Malware analysis) it will prepare you for messing with real life samples. Techniques are still relevant but technology might be different. Eg: IDA is great but Ghirda is the new hotness on the street.
Anyways have fun, good luck and be safe. Most of all happy hacking :)
I agree. I am still a IDA user myself but dabble with other tools in the field to see what competitive edge they may have to offer. What ever gets the job done :)
These are definitely some validate starting points. I recommend giving some sort of chronological order to the process. With emphasis on spending quality time up front defining what problem space you are attempting to solve. Once that is defined, you might have a more clear idea about your potential target customer. From there you could actually build better traits about your customer. This process is typically known as building personas. This part of the process is helpful and helps you and your team focus on what are the real themes/problems needing to be solved.
I do agree that reading definitely helps but one book isn't enough. There are several books in this space that are helpful but probably deserve their own thread. Especially around strategy. Maybe worth building out a collective comprehensive recommendations list one day.
Surveys are great but wont capture the true understanding of your customer or the heavy user of what ever product you create. One needs spend some quality time (1hr initially) with these customers so you can build out a better persona which will help you hone and focus on creating the right solution. Then you can use future surveys after gaining trust to get valuable feedback. I do however understand this is a "fill the top of the funnel" approach which isn't bad.
However that said you make some really great points throughout your posting about falling in love with the problem which will allow you to create a great solution.
Yes, agreed that there's much more that can be done, but this is attempting to put a basic framework around the very early stages of validation (which should obviously be an ongoing process, anyway).
It's frustrating because obviously stuff like persona building should be in there, but at some point if you include everything it becomes too unwieldy to be a simplistic, quick process. I'd love to get to a point where this is both simple AND comprehensive. But I expect that's a bit of a holy grail.
I've crafted a "Startup Security Due Diligence Survey" primarily aimed at startups from seed to Series C stages. The intention is to gauge how startups perceive and handle security matters during their early and mid phases.
However, if you're outside this range, either pre-seed or post-Series C, your insights would still be valuable. We believe that gathering a broader perspective can provide more comprehensive results and potential benchmarks for the community. All responses are anonymous, with an optional field for your name and email at the end in case you want to see full results
If you have a few minutes to spare (really short), I'd appreciate your feedback on the survey. https://forms.gle/oiVxqifijpA74sMV6
Thanks for your time and insights!