Due Diligence Checklists › Cybersecurity › Series B
Cybersecurity Startup Investment Checklist: Series B Stage (2026)
This checklist covers 24 due diligence items for Cybersecurity startups at the Series B stage. Each item has been validated against institutional investor practice. DDR automates the majority of these checks from a single pitch deck PDF upload.
24 checklist items · 3 red flags automatically detected · See a sample DDR report
Series B Requirements
✓
$3M–$15M ARR with >100% YoY growth
✓
Proven sales motion: full quota-carrying team with attainment data
✓
Expansion into new segments or geographies underway
✓
Net Revenue Retention consistently above 110%
✓
Gross margin expansion visible in historical data
✓
Clear path to profitability or capital efficiency
Cybersecurity Sector
✓
Third-party penetration test report reviewed (last 12 months)
✓
Bug bounty program active and history reviewed
✓
No undisclosed security incidents in company history
✓
MITRE ATT&CK benchmark results reviewed
✓
SOC 2 Type II certification for company's own infrastructure
✓
Encryption standards documentation reviewed
✓
Incident response plan documented and tested
Deep Dive
✓
Third-party penetration test reports from the last 12 months
✓
Efficacy benchmarks on industry-standard threat datasets
✓
Review any prior security incidents or breaches
✓
Verify team's security clearances if targeting government
✓
Assess false positive rate from customer deployments
Regulatory
✓
Verify: Export controls (EAR/ITAR): dual-use security technology may require export licenses
✓
Verify: FedRAMP: required for federal government contracts
✓
Verify: EU NIS2 Directive: new incident reporting and security requirements for EU customers
OSINT Signals
✓
Check: CVE database: any CVEs attributed to or affecting the product
✓
Check: Shodan: public-facing infrastructure security posture
✓
Check: GitHub security advisories for any open-source components
DDR AUTOMATES THIS CHECKLIST
Upload a Cybersecurity startup pitch deck and DDR automatically completes 17+ of these 24 checklist items — sourcing data from 13 OSINT signals, benchmarking against 3 comparable companies, and detecting all 3 critical red flags.
GET YOUR FREE SCAN →