Solo founder
A one- or two-person, pre-seed to seed-stage startup founder who is also the company's entire IT and security function, running everything from a laptop and a handful of cloud accounts, with no budget for dedicated security headcount or enterprise contracts.
The absolute minimum viable security stack: free and freemium tools that piggyback on infrastructure the founder already has (Microsoft 365, a cloud account, a GitHub repo) rather than adding new subscriptions, covering the handful of risks most likely to actually bite a solo operator.
The stack, layer by layer
All 10 defense layers, in order — what this team chose, why, and what they left for later.
- 01
Identity & Access
Microsoft Entra IDMicrosoftFreemiumA one-person company already paying for Microsoft 365 gets baseline SSO and MFA enforcement bundled into a plan it already owns, instead of adding a dedicated identity subscription before there's a second employee to onboard.
TeleportTeleportFreemiumShort-lived certificates for the founder's own servers and databases replace standing SSH keys that would otherwise sit unrotated indefinitely with nobody else around to notice, and the free tier covers a one-person infrastructure footprint.
- 02
Endpoint Protection
Microsoft Defender AntivirusMicrosoftFreeBuilt into Windows at no cost, it covers the one or two laptops a solo founder actually uses without a management console or per-seat license to configure.
- 03
Network Security
TailscaleTailscaleFreemiumConnects the founder's laptop directly to a home lab or cloud VM over WireGuard with almost no configuration, avoiding the cost and complexity of standing up a VPN appliance or gateway for a single user.
- 04
Email Security
Not covered
No email security selected — phishing and malicious email remain common initial-access paths.
- 05
Cloud Security
ProwlerProwlerFreeA free command-line scan of the founder's single cloud account catches the kind of misconfiguration — an open storage bucket, an over-permissive role — that causes most early-stage cloud breaches, without a CNAPP contract.
- 06
Application Security
GitHub DependabotGitHubFreeAlready free on every GitHub repository, it opens pull requests for vulnerable dependencies automatically, which is the only kind of dependency management a founder writing all the code alone has time to babysit.
Cloudflare WAFCloudflareFreemiumCloudflare's free tier puts basic attack-signature blocking in front of the founder's live product with nothing to install beyond pointing DNS at Cloudflare, buying real protection before there's budget for a dedicated WAF contract.
- 07
Data Protection
Not covered
No data protection selected — you can't protect sensitive data you haven't found and classified.
- 08
Detection & Response
Not covered
No detection & response selected — incidents may persist without investigation or containment.
- 09
Resilience & Recovery
Backblaze Computer BackupBackblaze$A solo founder's whole company often lives on one laptop; Backblaze backs the entire machine up continuously for a flat monthly fee with nothing to configure, and its versioned file history can roll a document back to a point before a ransomware infection.
- 10
Compliance & Awareness
Not covered
No compliance/awareness selected — control gaps and risky behavior are harder to identify and correct.