I am sorry, but if you need someone else to provide you with a list like that, you should NOT be doing this. It is the wrong approach on so many levels.
Maybe I should clarify why. I am a full stack engineer and I am familiar with the basic AppSec stuff you need to launch a service at a FAANG company. However I am not familiar with the basic IT Security stuff you should setup when forming a new company. When I was researching what I should setup for IT security the documentation began referencing things like DMARC, DNSSEC, DKIM etc. and I realized I don’t know what is the basic level of security I should setup.
So I just want to know what is the basic security stuff an early stage company should setup before hiring their first security engineer. The answer to this question can’t be “you should NOT be doing this” because you should still need security even before your first security hire or before you can afford a security consultant.
So I just want to know what is the basic security stuff an early stage company should setup before hiring their first security engineer. The answer to this question can’t be “you should NOT be doing this” because you should still need security even before your first security hire or before you can afford a security consultant.