Latacora is not a conventional security firm. We work only with startups, and we engage over a long period of time. Here’s a brief overview.

We start with a comprehensive 6-week assessment…

We start all our engagements the same way: with an assessment of the security of your startup. We consider five different factors during this part of the project:

  • Software security
  • Network security
  • Cloud security
  • Server/deployment environment security
  • Corporate/IT security

When we’re done, you’ll have received the equivalent of a 3rd party application security and network penetration test. We’ll prepare documentation in support of our review and keep it true for the rest of our engagement, so you can easily respond to requests for 3rd party assessment.

More importantly, we’ll use the output of this review to present a “state of your startup’s security” and build a roadmap towards filling in gaps, hardening security, and planning for the growth of your security practice in the future.

… but we don’t end there.

Unlike a convention security consultancy, when we finish our assessment, we stay on staff, usually for several more quarters.

During that time, we’re doing the things a full-time security team would do:

  • Staffing #security on your chat and answering questions.
  • Attending design meetings and offering security feedback.
  • Reviewing PRs to keep vulnerabilities from getting deployed.
  • Managing your bug bounty, if you have one.
  • Monitoring your network and cloud environments for suspicious activity.

We do more things than this, and we’re flexible; if this sounds interesting, the best way to learn more is to contact us and start a conversation.