Due Diligence Checklists › Cybersecurity › Pre-Seed
Cybersecurity Startup Investment Checklist: Pre-Seed Stage (2026)
This checklist covers 24 due diligence items for Cybersecurity startups at the Pre-Seed stage. Each item has been validated against institutional investor practice. DDR automates the majority of these checks from a single pitch deck PDF upload.
24 checklist items · 3 red flags automatically detected · See a sample DDR report
Pre-Seed Requirements
✓
Founding team quality and relevant domain expertise
✓
Problem evidence: clear pain, ideally lived experience
✓
Market size: TAM must justify a venture-scale outcome
✓
Early signal of demand: waitlist, LOIs, or first customers
✓
Founder-market fit: why this team for this problem
✓
Proprietary insight competitors don't have
Cybersecurity Sector
✓
Third-party penetration test report reviewed (last 12 months)
✓
Bug bounty program active and history reviewed
✓
No undisclosed security incidents in company history
✓
MITRE ATT&CK benchmark results reviewed
✓
SOC 2 Type II certification for company's own infrastructure
✓
Encryption standards documentation reviewed
✓
Incident response plan documented and tested
Deep Dive
✓
Third-party penetration test reports from the last 12 months
✓
Efficacy benchmarks on industry-standard threat datasets
✓
Review any prior security incidents or breaches
✓
Verify team's security clearances if targeting government
✓
Assess false positive rate from customer deployments
Regulatory
✓
Verify: Export controls (EAR/ITAR): dual-use security technology may require export licenses
✓
Verify: FedRAMP: required for federal government contracts
✓
Verify: EU NIS2 Directive: new incident reporting and security requirements for EU customers
OSINT Signals
✓
Check: CVE database: any CVEs attributed to or affecting the product
✓
Check: Shodan: public-facing infrastructure security posture
✓
Check: GitHub security advisories for any open-source components
DDR AUTOMATES THIS CHECKLIST
Upload a Cybersecurity startup pitch deck and DDR automatically completes 17+ of these 24 checklist items — sourcing data from 13 OSINT signals, benchmarking against 3 comparable companies, and detecting all 3 critical red flags.
GET YOUR FREE SCAN →