Unfortunately, startups don't have this kind of resources (CIO/CISO etc.). What we see is that security is often handled by CTOs in Seed/SeriesA startups.