Security Top Five For Small Software Companies

In order to be ready to go public - what five security practices would be most essential to implement early-on for a small software company?   They are very small right now and without any IT staff but they hope to go public say in two to three years.  What practices could they start doing early on so as to be in the best shape when they are big enough to start bringing on a Security guy etc in the run-up to IPO?
LVL 2
amigan_99Network EngineerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
no special formula from what i see but checked out the roadmpa of recent cyber security company such as FireEye and Palo Alto. It is not solely the unique technology that make values but is the people and team that walks the security into action and proof their worth with customer base ranging from govt to private.

personally see it as you need evidence ready to gain public confidences on the
a) company expertise (not famed but well respected security mgmt),
b) company values (uniqueness and security ROI - how you measure)
c) company contribution assurances (VC, top customer and their use cases, 3rd party view)
d) Market security demand (where are the gaps and what fits - dont looks at all in one)
e) Global threat landscape and trend (recent news and hype, what works and fails)

Possible reason why they go IPO
- hacking and cyber attacks are becoming quite regular in the news cycle
- a lot of that are looking for data protection
- reports keep coming and the money for security products keeps flowing
- unique security solutions provider (e.g. prevent and not detect, solving tough attack like zero days or minimally reduce the exposure windows ...)

There is never a correct or right time to enter but always good to plan as you are doing now. Check out those IPO paper (Form S-1) from those company - if you think you have diffculty filling up, that is the gaps to address (not all are about technology). Definitely identifying an security advisor and get into the security community networks are critical too... Build Trust

e.g.

FireEye
http://www.sec.gov/Archives/edgar/data/1370880/000119312513316773/d529551ds1.htm

Palo Alto Networks
http://www.sec.gov/Archives/edgar/data/1327567/000119312512416954/d412524ds1.htm

KeyW
http://www.sec.gov/Archives/edgar/data/1487101/000114420410034017/v182126_s1.htm
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
amigan_99Network EngineerAuthor Commented:
Thanks for the excellent ideas and references.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.