Workstreet now supports ISO 42001 compliance → Learn more
July 7, 2024

Hello Workstreet

Workstreet: Your on-demand team for startup security, privacy, and compliance. We manage all aspects, freeing you to focus on growth. Expert services, tailored for your startup's unique needs.
Written by:
Travis Good
Header image

Introducing Workstreet: The Fractional Security, Privacy, and Compliance Team for Startups

If you're a startup, Workstreet solves security, privacy, and compliance for you in entirety. We provide startups with expert-built security and privacy functions without the need to hire or add any FTEs to your team.

At Workstreet, we understand the unique security and compliance challenges that startups face:

  • Startups do not have resources for security and compliance.
  • Startups have a higher bar to build and maintain trust with customers.
  • Startups use modern technologies like cloud and SaaS, which are poorly understood by auditors and many security professionals.
  • Startups have a mandate to focus on growth

Workstreet gives startups a world-class security and privacy program with zero onboarding that builds trust in the market and allows startup founders and teams to focus on core competencies of product and growth.

With Workstreet, you get a team of experienced security and privacy experts who have founded and built startups just like yours. We even wrote a book about compliance for cloud-first startups.

With no recruiting, hiring, or onboarding, you instantly add an expert virtual Chief Information Security Officer (vCISO) and Privacy Official to build, manage, and scale your startup's security. privacy, and compliance needs.

We're starting Workstreet because we continuously get asked by friends, customers, and investors for help with security and privacy questions. Here are some examples:

  • What audit platform should I choose - Drata or Vanta?
  • What data is considered PII or PHI?
  • Do I have to do pen testing?
  • Do I need a data protection officer (DPO)?
  • What do you use to do a risk assessment?
  • Is this framework or regulation something I need to plan for?
  • How do I talk about security with customers? How do I answer this security questionnaire question?

While we're always happy to help, we know there is more we can do to share our expertise with our networks and the broader startup ecosystem. We're on a mission to build trust for startups, remove security, privacy, and compliance as a blocker to growth for startups, and to free up startups teams and founders to focus on product and growth (and everything else startup teams have to do).

What Can Workstreet do for You?

With a subscription to Workstreet, we function as your security team, privacy team, and internal audit team. Think of us as a fractional team that manages security, privacy, and compliance in entirety for your company.

Our specific services are tailored to your specific needs - business model, company size, work environment, technologies used, and market. All Workstreet services are offered as subscriptions so your security, privacy, and compliance costs are predictable. You can build a better security and compliance program for less money and in less time with Workstreet.

Our services include:

  • Determining which audit and regulatory frameworks are relevant to you, including the must-haves and nice-to-haves.
  • Managing audits and assessments to ensure compliance with industry regulations and standards.
  • Building trust with partners and customers by demonstrating your commitment to security and privacy. We're happy to jump on sales calls if you need us.
  • Ensuring that all employees are trained on security best practices and protocols.
  • Aligning policies and procedures with your company work flows.
  • Completing security questionnaires like a pro, using the language and words to convey your security and privacy expertise, so you can focus on growing your business.
  • Implementing and managing audit and monitoring platforms like Vanta.
  • Recommending and implementing various security and privacy software as well as engagements for things like penetration testing.
  • Reach out to us on Slack any time with questions.
  • Weekly snapshots of the state of security and compliance at your company.
  • See a complete list of services here.

Every startup should have access to top-quality security, privacy, and compliance services. Startup teams have too much on their plates already. With Workstreet, our services remove trust as a blocker to growth and allow startup teams to focus on accelerating their businesses.

Where Does Workstreet Fit?

Security and privacy have always been important. But, in recent years, with the explosion of digital data and cloud / SaaS apps, there has been a tidal wave in the need for companies to build trust to close new customers. The market for "trust" is still new and there are different ways that companies build trust today.

  • Some companies do SOC 2 or ISO 27000 audits either the old fashioned way (spreadsheets) or with automation platforms such as Vanta.
  • Some companies create or work with vendors to build trust webpages that highlight all they do for security and privacy.
  • Some companies create marketing and sales material to showcase their security and privacy programs.
  • All companies are required, at least on some deals, to complete security questionnaires from their customers.

None of the above is a silver bullet for trust and all of the approaches listed require companies to build, run, and show evidence of a security program. Whether you go alone, hire a consultant, or use an automation platform like Vanta, you need resources to manage your security and compliance program. With Workstreet, we build, run, and provide evidence of your security program and build trust by employing all of the above approaches for your company.

  • Workstreet determine the relevant audit and regulatory frameworks for your company, implements the controls you need, close any gaps you have, and helps you choose an auditor and complete audits using the Vanta platform.
  • Workstreet provides all customers with trust pages to showcase our security work (Workstreet + your specific company).
  • Workstreet provides custom marketing and sales collateral to ensure your prospects and customers feel good about working with you and sharing their data with your company.
  • Workstreet completes your security questionnaires using the language and approach that security, risk, and privacy teams understand, making your company look like security pros in the process.

No matter the customer or the ask, we have you covered when it comes to trust.

Who is Workstreet For?

We use the word "startup" to represent our ideal customer. This is the type of company we've founded, run, and worked with to manage security and compliance.

What is a startup?

  • Primary focus is growth.
  • SaaS for apps and cloud for product hosting.
  • 2 - 200 employees.
  • Venture-backed most of the time.
  • B2B or B2C though B2B is typically a better fit.

One additional criteria that screams "great fit" is if you are considering hiring a full time security person, you are assigning security tasks for your engineers, or you have decided you have to do a SOC 2, HIPAA, or ISO 27000 audit.

What Makes Us Different

The Workstreet team is uniquely positioned to help startups with their security and privacy needs. While Workstreet is new, our team, open source projects, and experience have been used by 1,000s of companies. Here are a few things that set us apart:

  • We are founders ourselves. We have founded and run companies that have raised over $50 million. We understand the challenges that startups face, and we know how to balance security and privacy with growth and product needs.
  • We have built and managed security and privacy programs for startups in a variety of industries. We have seen firsthand what works and what doesn't, and we can help you avoid common pitfalls.
  • We are experts in modern technology like cloud computing and Software as a Service (SaaS). We understand the unique security and privacy challenges that come with these technologies, and we can help you navigate them.
  • We've successfully navigated over 1,000 audits for startups.
  • We wrote the book on cloud compliance for startups. Literally. Our team has authored a best-selling book on this topic, and we are recognized experts in the field.
  • We wrote and open sourced security and privacy policies built for cloud-first startups. These have been forked and used by 100s of companies.
  • We wrote and open sourced security awareness and HIPAA privacy training for remote startup teams.

Our team brings a wealth of experience and expertise to the table, and we are committed to helping startups succeed.

Our Doors are Open!

Looking to build a security and compliance program, scale your security function to align with hyper-growth, make your first security hire, look like a security boss to your customers and partners, or start down the path of an audit with Vanta? If so, reach out we can show you what we can do.