Below is a list of websites, documents, and tools that I have found useful.


For anyone who's building a company.

Employee Handbook Template

Use this template to kickstart your own company's employee handbook. Once you get started, you should have a complete handbook finished in less than two hours.

Code of Conduct Template

Use this template to pair a code of conduct with the handbook above. All of the areas that need editing are marked.


For anyone who wants peace of mind for themselves and their customers.

Security features for your product

This is an excellent checklist of security features to build into your product. Obviously, it takes time to tackle them all, but these features are considered baseline for any modern internet company.

Building a better security program for your business

"Research suggests that implementing CIS Controls can reduce the risk of a successful cyberattack in a company by as much as 85 percent."

Besides application security, there are lots of other internal and external controls that you can implement to cover all vulnerable areas of your business. Check out this introductory guide for using the CIS Framework in your business's security strategy. (Check out the Securicy app if you need help generating policies for the first time.)

Policy Templates & Risk Assessment Template for SOC II Certifications

If you're going through an audit in order to gain a SOC II Type 1 certification, you're going to need to complete a standardized risk assessment of your business, create mitigating controls, and then document those controls in a number of policies. Here is the NIST risk assessment template and a bunch of example policies to get you started. As mentioned above, apps like Securicy can help you generate those policies quickly.

Background checks

A hiring process which includes background checks is required for most security certifications like SOC II and ISO 27001. I have chosen Checkr in the past because it's fast and incredibly affordable.