Carrying the torch of the Sqreen SaaS CTO security checklist: infosec basics for startups (part 4)

Vikrum Nijjar

At Gold Fig we are strong proponents of the view that the highest ROI activities around infosec are staying diligent and persistent around the basics. Security has a notoriously broad surface area. When given easy to act upon and actionable insights, stakeholders are able to act on them. One invaluable resource we’ve previously directed folks to was a security checklist maintained by Sqreen. Unfortunately, after their acquisition, the guide now redirects to their acquisition announcement. Similarly, the Github page hasn’t been updated in a couple of years. We’re excited to pick up where they left off and be stewards of the checklist.

Gold Fig SaaS CTO security checklist

The SaaS CTO Security Checklist Redux

We’ve carried over the original sections:

  • 🚀 Your employees
  • 💻 Your code
  • 📲 Your application
  • 🏗 Your infrastructure
  • 🏢 Your company
  • ⚡️ Your product users

As part of our third edition of the guide we’ve folded in several of the points from our Infosec Basics blog post series (e.g. turn on security scanning of container images, etc). As we continue to expand the blog series, we’re committed to keeping the checklist updated.

Update: We’ve also re-posted the DevOps checklist:

The DevOps Security Checklist Redux

  • 🚀 Your Culture
  • 💻 Your Code
  • 🏗 Your Infrastructure
  • 🛡️ Protection
  • 🩺 Monitoring

If you have any suggestions or tools to add to the checklist, we’d love to add it. Please let us know!

Subscribe to our infosec for startups newsletter