At Gold Fig we are strong proponents of the view that the highest ROI activities around infosec are staying diligent and persistent around the basics. Security has a notoriously broad surface area. When given easy to act upon and actionable insights, stakeholders are able to act on them. One invaluable resource we’ve previously directed folks to was a security checklist maintained by Sqreen. Unfortunately, after their acquisition, the guide now redirects to their acquisition announcement. Similarly, the Github page hasn’t been updated in a couple of years. We’re excited to pick up where they left off and be stewards of the checklist.
The SaaS CTO Security Checklist Redux
We’ve carried over the original sections:
- 🚀 Your employees
- 💻 Your code
- 📲 Your application
- 🏗 Your infrastructure
- 🏢 Your company
- ⚡️ Your product users
As part of our third edition of the guide we’ve folded in several of the points from our Infosec Basics blog post series (e.g. turn on security scanning of container images, etc). As we continue to expand the blog series, we’re committed to keeping the checklist updated.
