Cyber Tool Stack
All stacks

Solo founder

A one- or two-person, pre-seed to seed-stage startup founder who is also the company's entire IT and security function, running everything from a laptop and a handful of cloud accounts, with no budget for dedicated security headcount or enterprise contracts.

The absolute minimum viable security stack: free and freemium tools that piggyback on infrastructure the founder already has (Microsoft 365, a cloud account, a GitHub repo) rather than adding new subscriptions, covering the handful of risks most likely to actually bite a solo operator.

The stack, layer by layer

All 10 defense layers, in order — what this team chose, why, and what they left for later.

  1. 01

    Identity & Access

    Microsoft Entra IDMicrosoftFreemium

    A one-person company already paying for Microsoft 365 gets baseline SSO and MFA enforcement bundled into a plan it already owns, instead of adding a dedicated identity subscription before there's a second employee to onboard.

    TeleportTeleportFreemium

    Short-lived certificates for the founder's own servers and databases replace standing SSH keys that would otherwise sit unrotated indefinitely with nobody else around to notice, and the free tier covers a one-person infrastructure footprint.

  2. 02

    Endpoint Protection

    Microsoft Defender AntivirusMicrosoftFree

    Built into Windows at no cost, it covers the one or two laptops a solo founder actually uses without a management console or per-seat license to configure.

  3. 03

    Network Security

    TailscaleTailscaleFreemium

    Connects the founder's laptop directly to a home lab or cloud VM over WireGuard with almost no configuration, avoiding the cost and complexity of standing up a VPN appliance or gateway for a single user.

  4. 04

    Email Security

    Not covered

    No email security selected — phishing and malicious email remain common initial-access paths.

  5. 05

    Cloud Security

    ProwlerProwlerFree

    A free command-line scan of the founder's single cloud account catches the kind of misconfiguration — an open storage bucket, an over-permissive role — that causes most early-stage cloud breaches, without a CNAPP contract.

  6. 06

    Application Security

    GitHub DependabotGitHubFree

    Already free on every GitHub repository, it opens pull requests for vulnerable dependencies automatically, which is the only kind of dependency management a founder writing all the code alone has time to babysit.

    Cloudflare WAFCloudflareFreemium

    Cloudflare's free tier puts basic attack-signature blocking in front of the founder's live product with nothing to install beyond pointing DNS at Cloudflare, buying real protection before there's budget for a dedicated WAF contract.

  7. 07

    Data Protection

    Not covered

    No data protection selected — you can't protect sensitive data you haven't found and classified.

  8. 08

    Detection & Response

    Not covered

    No detection & response selected — incidents may persist without investigation or containment.

  9. 09

    Resilience & Recovery

    Backblaze Computer BackupBackblaze$

    A solo founder's whole company often lives on one laptop; Backblaze backs the entire machine up continuously for a flat monthly fee with nothing to configure, and its versioned file history can roll a document back to a point before a ransomware infection.

  10. 10

    Compliance & Awareness

    Not covered

    No compliance/awareness selected — control gaps and risky behavior are harder to identify and correct.

Search Cyber Tool Stack

Jump to any tool, vendor, category, or glossary term.