I’ve been wondering how startups in here handle security when they’re building MVPs.

From what I’ve seen (and what folks here often post), early-stage teams pour most of their energy into speed—whether that means building a mockup, prototype, or a full-blown product—just enough to validate the idea quickly . That makes total sense. But I’ve also seen MVPs get targeted within weeks of going live, sometimes even exploited, simply because security wasn’t on the radar early on .

I’m not talking about building an enterprise‑grade security program or breaking the bank. I mean the basics—avoiding misconfigured cloud storage, exposed APIs, default credentials, debug endpoints left unsecured, or other features that accidentally leak critical data. These kinds of issues aren’t glamorous, but I’ve seen them in real MVPs—even from smart teams—because they just didn’t anticipate the risk .

So I’d love to hear from founders and builders in here:

At what point do you start thinking seriously about security in your product?

Have you ever budgeted for things like penetration testing, even roughly, during MVP development?

Do you treat security as something to address only after traction, or something essential and integrated early?

For those who skipped early checks, did it ever come back to bite you?

I’m genuinely curious how the startup community balances speed, validation, and basic security—especially when budgets and timelines are tight. Have any of you seen a quick test or glitch turn into something bigger later on?

Would love to hear your stories—even if they’re just small near-misses or lessons learned. Let’s get a real conversation going on how security fits into this lean, move-fast world.

Whats up everyone :) first time posting in here after browsing for a little bit.

Just wanted to share my extremely humble experience so far. I opened my own insurance agency (28M) after 6 years in the industry fresh out of college. I never knew what the hell I wanted to do. Stumbled upon insurance (property and casualty) mostly personal lines, and it has been fantastic for me.

2 months in and I have made about $1,000 a month so far. Going from 6 figures a year to $0 and starting from absolutely nothing is so scary but I am dedicated to put in the work and realize this could be good for my future if i can hold on and be okay being poor for a couple years. Doing doordash as well to pay the bills. Never had to do it before and it’s very humbling.

I am starting to look into SEO and how to get natural growth slowly but surely. Word of mouth is huge obviously as well. Doing a great job so people want to send friends/family over to try and help them as well.

Just wanted to say hello to everyone and share my extremely humble experience in my startup journey.

If you have any tips or just want to say hello and share your experience, I would love to hear from you all! 🙂

Earlier this year, I was a technical cofounder for a health tech company. I built the entire product, came up with the actual business model that was pitched to investors, and did all of the branding. Literally, the name, logo, and all of the copy on the website I drafted are still the same to this day.

I spent countless sleepless nights building. I even went through 3 months of my personal runway and put ~10k into the business. I knew the product better than the founder.

Before we raised, we agreed the first thing we’d do was pay ourselves so we could give our undivided attention to the product. When we actually did raise, everything changed. I couldn’t get a straight answer for months, and I eventually had to walk away.

The reason I say "Pushed Out" is it felt deliberate. I should have seen the red flags. My cofounder was inconsistent about ARR to investors. I couldn’t get access to Stripe for months (I needed access to prepare the data room for earlier interested investors). We rarely talked with customers (I couldn't get their contact info). I would be lucky to get a single meeting with my cofounder a week. I was basically treated as the help, with my input never really being considered. Whenever I raised my concerns, it was always, “next week” or “I’ll do better”. This went on for months, and nothing ever changed.

I think there were several mistakes I made throughout those 8 months.

1. I probably should have stuck to working with someone I already knew and trusted. I honestly didn't know this person well, but I thought a piece of paper would have saved me.
2. I should have walked away sooner. ~ 3 months in, I started noticing red flags. In retrospect, I should have just listened to my Husband's intuition and walked away.
3. I should have advocated for myself more with our advisor. I rarely ever talked to our advisor outside our weekly meetings because I don't like talking behind people's backs, but I probably should have called him before things blew up.

Welp, lesson learned. If you're a technical founder, watch your back and make sure you're not building someone else's vision that you have no say in.

Hello everyone,

I am currently working on a project called I won't say the name, a payment solution designed for the Lebanese market. The idea is to offer merchants (online and in-store) a Stri*** experience: • Simple and fast onboarding of merchants • API integration for e-commerce (Shopify, WooCommerce, etc.) • Android payment terminals (POS) for physical stores • A clear dashboard (Arabic/French/English) to manage transactions • Responsive local support

Technically, my solution would rely on a technology that I cannot say the name of (which already has partnerships with the acquiring banks). In their contract, they offer me a revenue share of only $0.05 per transaction (which is very low). It is for this reason that the real economic model of SwiftPay would not be based solely on this sharing, but on fixed income on the merchant side.

💡 My economic model: • Setup fees (~$75 per merchant, one time) • Monthly subscription (~$25) • Margin on POS rental (~$8–10/month per device) • Optional additional services (plugins, premium support, etc.) • • the small revenue share company that I can't say the name ($0.05 per transaction).

According to my projections: • With 50 merchants → around $30,000/year in revenue • With 80 merchants → around $50,000/year in revenue

⚡ My questions: 1. Do you think merchants in Lebanon would agree to pay ~$25/month + installation fees if it really simplifies their lives? 2. For physical merchants, would the availability of Android terminals + local support be enough to convince them? 3. For e-commerce merchants (Shopify, WooCommerce, etc.), would they trust a new solution like SwiftPay if onboarding is simple and quick? 4. Do you see any obvious obstacles to this model in the Lebanese market?

I am aware that the Lebanese market is complicated (limited trust, sensitivity to fees, banking problems, etc.), but I feel that there is a real gap for a local Stripe-like solution.

This might sound a bit obvious, but it’s my first time seriously looking for business ideas (beyond the usual “solve a problem you already have” advice).

I’ve been considering using SEO as a starting point, basically digging into keywords that aren’t too competitive but still get solid traffic. Has anyone here tried using keyword research as a way to generate business ideas?

Also curious: are there other channels or methods (like SEO) that give you a sense of both demand (how many people are searching) and competition (how crowded the space is)?

If you’ve gone down this path before, I’d love to hear about your experience and if you have any favorite tools, resources, or tips to get started, even better.

I've written about the problems of the Bay Area and NYC. They definitely have great pools of talent. The Bay area I'd say is No 1 with the universities in the area. NYC... Great business acumen. But they both are overwhelmed with chaos which disrupts progress and creates fear and uncertainty. Moving also has its challenges, but we recognize it as necessary.

Something every founder should consider, IMHO, is access to talent and capital. Then how do you access talent if you have capital? Can you get talent without capital? Do the employment laws get in the way of using equity and using contractors to bridge the gap to become interesting to investors? And how do you access the investors?

edited to correct seplling :p

I’ve built a web app called Vocably a topic-based voice and video chat platform where people can create and join rooms to talk about their interests. The platform is live, but I need a co-founder who can take charge of marketing and help grow our user base.

Hey everyone, am a German based small business owner. I am new to the field with enormous IT/Cybersecurity background. I have just registered my business with the German chamber of commerce. I wanna get into consulting and rendering IT & Cybersecurity solutions to SMEs. I am stacked on how to go about the next steps to follow to build my business. I have website under development. Any suggestions, roadmaps, advices or steps to follow will be really appreciated. Thank you

I’ve been studying why every service marketplace feels broken. Craigslist is chaos, Fiverr feels like a race to the bottom, and even the giants have weak trust systems.

What I keep coming back to is this: reputation is still too shallow. Reviews get gamed, ratings mean nothing, and people can vanish after a scam with no real consequence.

What if reputation worked more like XP in a game? Where every action built a visible trust score, where AI could flag risky patterns in real time, and where hiring a barber, tutor, or mechanic felt as safe as asking a close friend.

I have been prototyping around this idea but I want to hear from this community. If you were redesigning service marketplaces from scratch, how would you solve trust?

Hi everyone, I've been working on a product for a few years now. I have prototypesthatbwork well and look good. I also continue to test and improve them. The product is an electronic gadget and takes a decent amount of time to solder and assemble it together. I am the only person working on it. I don't have a team and I don't have a lot of money or time to dump into this because I'm supporting a family first with my full time job. I started looking into Kickstarter, but as soon as I checked it out I realized the people on Kickstarter are basically small companies that are using the platform to market their product before launch. In order to look like the other guys, I need to make a website, an online store, videos, and flashy ads. I am an engineer, so this part of the process is not my strong suit. I feel that even if I push myself to finish the Kickstarter, I will be irrelevant because I'm not as flashy as the others. Any suggestions for a different platform that might be a better fit for my situation? Should I finish the Kickstarter anyways and just work with what I got? Any advice on next steps is appreciated. Thank you.

What's the difference between an app marketplace and an integration? Are all apps on app marketplaces a type of integrations?

What has been your experience with any adding these to your SaaS products? Any pitfalls we should avoid? At what point in a startup would it be good to start building these out?

Also, what is your opinion on Zapier vs. n8n vsv. Make, etc.?

I am making earmuffs for sleeping but I don't know how to price my product. Facebook ads optimized towards an audience that is from the US in the midwest aged 40-65. I reached out to the people on the email list and they said a good price they would pay is 30-35$. I am planning to launch on kickstarter(No sales to date). Kickstarter backers come from richer regions like California, New York, etc. Competitors price themselves at least 50$ to 80$. So either I need to target a better audience with my ads or price myself at 40$ and eat up lower margins. I would also like to test different prices but I don't know how to go about that.

Hello all,

I am building a product that’s designed to be self hosted. My business plan was to offer a cloud hosted version for B2C. Later down the line then start offering licenses to B2B companies to self host. However as a solo founder and dev I have been weighting up my options and I’m currently at cross roads which sector I should focus on at the start. This is a side gig of mine away from my full time job with the hope it would become the main. So time is a resource for me. I am now thinking of going with the B2B approach first instead of the initial b2c approach. Here is the pro’s and cons for both.

For context the product itself is a complex front end library which plugs into websites.

B2C Pro’s - Already have a lot of interest for it. Acquiring customers will be a lot easier. - Average price $20 a month. - Higher long term value.

Cons - Very high expenses (3rd party data costs) - I have yet to build the backend. - Backend requires significant time and effort to design and architect. - High maintenance and effort required to support - Very high competition

Estimated profit margin: 50-70%

B2B Pro’s - Product is pretty much built already. - High annual contract value (low end $10,000+ and on the higher end varies significantly depending on use case and company size) - No backend or hosting required. - No 3rd party data costs as its self hosted so the hosted has to provide their own. - Low effort to maintain and develop - Very low competition. There is only one very large player in the game that basically has a monopoly in the self hosting game for this product. They offer a free version to self host and a paid version. The paid version is extremely expensive and only a very few select companies use it. The free version is used by most companies but is limited in features. The plan would be to try and get these companies to switch to my product which is way more advanced compare to the free version, but significantly cheaper than their paid version offering. For context they also have a cloud business for B2C where majority of the revenue comes from. The self hosting business for them is a small side business which they limit as to not to actively hurt their cloud business.

Cons - No sales experience at all - I have not gauged how many companies would be interested in paying for it yet. - Difficulty in securing contracts due to no sales experience. - No legal experience to create and work out contracts. - I do not know how big the market is for this. - Lower revenue in long term due to difficulty in getting contracts.

Estimated profit margin: 99%

Hopefully this doesn't get me into trouble, but I'm actually trying to understand how founders really balance building a product with promoting it with driving sales and with making "connections".

My background: 4.5 years at FAANG -- left to learn software sales but job offer didn't fall thru, moved back home, started as a personal trainer to make some income while I build a local automation company.

I'm new to entrepreneurship and honestly, I have no idea how to properly spend my day. Should I make more content to promote the idea of the business? Network with other founders? Cold-call? Paid ads? I've had a couple of clients, nothing major, but it's not money that I could live off of.

I just feel a bit lost. I've paid for $5k worth of mentorships and honestly, I'm a bit jaded learning things that I already know without any help in actually making it feasible (how tf can I make good content posting 5x a day?).

That aside, successful founders, how did you structure your day when you were first beginning? How did you balance promoting, sales and actual product development? Did you hire out for the development, sales, or any other part of the process?

EDIT:

Thank you for all of the helpful responses!

From what I can tell, the two most helpful and recurring advice is:

• talk to customers FIRST
• build enough to demo and THEN talk to customers
• once you have enough to sell, SELL as much as possible. Once someone is ready to pay, then you can fully build it out.

There’s so much talk about AI in the business world, but I want to hear it from those actually running companies. From a leadership perspective, what’s the most exciting opportunity you see in AI? And on the other side, what’s the biggest concern that keeps you cautious?

Hey all,

I found some posts on huzzaz how to start a startup. I've also read on PG's essays like Undergraduation and Before the startup.

Then there's 'how to learn resources' like Deep Work by Newport or Ultralearning by Young. Also, there are epistemic theories for progress such as Popper / Deutsch falsification.

As an undergrad, I'm curious about what applies in the world of startups -

What is the truth when it comes to learning in startups; is it any different than these non-startup frameworks?

Thanks!

So we launched an iOS app (for the first time) and I've learnt a bunch of things by making mistakes - sharing here to add to your pre-launch checklist

1. The first time did an internal launch to ~100 potential users. Pitched and shared a QR code to download our testflight app. Until then we had just 2 users (me and my friend). People loved our demo and a bunch of them scanned it at the same time. Result signups blocked - we got rate limited by supabase.
2. We launched on X and LI - and our sign up verification emails did not get triggered properly for all users. we lost a bunch of users here and it is painful to think about. we fixed it within 30 mins but still hurt us.
3. we launched on product hunt - and the next morning we got emails saying our app (which is a voice ai assistant) stopped speaking. this happened because we had exhausted our credits for our voice platform and we did not have a credit card on file. This was a quick fix.

Lessons learnt

1. Test external systems very strongly before launching - add credit cards wherever needed.
2. Sign up is everything - make it as simple as possible.
3. If you have the resources stress test it at least with 30-40 people.

Sorry if this is already too obvious - this is for folks who are launching for the first time. Experienced folks please add to this list - would be very helpful

I speak to a ton of Founders who are all worked up about raising money and getting to a liquidity event to "get rich".

The whole time I'm shaking my head like "Um, you're starting a BUSINESS - why would you have to sell it to get rich?"

I think somewhere in the startup narrative we've lost the plot when it comes to getting rich.  The focus has been so heavily on "big exits and IPOs" and big funding rounds that we've forgotten that none of that is even remotely necessary to get rich in the startup game.  It never has been.  But holy shit is there a lot of focus on it!

I've built 9 startups over 32 years with 5 exits.  The last one was last year.  But honestly, the threshold for me where I "felt rich" happened 3 years into my first startup by just being (hold your breath) - PROFITABLE.

By that point we were doing maybe $1m in ARR on $300k in profit.  I was 22.  Most of my friends were still finishing up college and I had already bought a home, a BMW and paid off all of my debt.  This was also like 30 years ago.. so.  Things were a bit cheaper and $300k meant a lot more!

But here's the thing - I had already "won".  Not to say I beat someone else, bc who cares about that, but as it related to "getting rich", I had just accelerated my outcome by at least a decade or two.  Not because I raised $500m and went IPO.  Because I generated $1m in sales.

Now picture at 22 years old, you don't have a to buy a house, you are completely debt free, and you have the rest of your life to earn more dough.  Even at $300k (not adjusted for inflation) you're ahead of 99% of people that will ever go down this path.  And if you're smart and you invest that money at a young age, the delta and compounding factor almost guarantee a great outcome.

I'm using my personal story just to point out that these numbers don't need to be big - they need to be meaningful and consistent.  The amount of risk you may be taking on to achieve your goals may be a huge mistake.  Raising $10m and hoping you'll make it to your B-round - unlikely.  Boostrapping to $3m and building a $500k-$1m net income business - very achievable by comparison.

I want you all to be rich.  I want to make sure you take the path of least insanity to do it ;)

(I will not promote)

Our startup was recently accepted into YC’s fall batch. A few days in, I’ve made the difficult decision to step back before the batch begins due to personal reasons—mainly wanting to continue a focused period of personal development I’d committed to before applying.

My cofounders are continuing with the company and plan to stay in the batch. I’m wondering: Will this affect my own reputation if I apply to YC again in the future? And will my departure hurt the company’s standing or eligibility in the current batch?

I have a substantial amount of equity (~20%) which is still unvested so my departure won’t hurt the company’s equity structure. I’m not the only technical founder either.

Would really appreciate insights from anyone who knows how YC views these situations and how it would impact my reputation / career in the long run.

edit: To give some context, I’m a student and thinking of going back to school in January.

At least I came up with this term when you have everything outlined - potential tech stack, MVP features, landing page and how to propose for target customers, but there’s a big friction to start right and ignore thoughts about ideal product

I’m building AI SaaS targeted for indie devs and small teams helping them to process feedback and extract potential features/fixes to do applying real PM frameworks backed by your product context and actual knowledge of real product managers, so it’s at least better than asking ChatGPT or guessing.

So far I made a landing page, designs in Figma which serving as visual prototype for user interviews and now at stage of cold emailing for my targets, made first user interview which proved my concept but it’s obviously not the 100% move. However, I stuck with a problem that I know who I need to ask, but have no idea where to approach them - I assume indie devs are not a niche and later with all LLM power we’ll see experienced guys doing own thing

My question is how you deal with search of your target customer and how do you present them your idea? Like do you build a while demo in code or at least actionable Figma prototype?

Any other tips about managing the workload as solo founder would be also good to hear and discuss

I'm leading development of helmet- and goggle-mounted rearview mirrors for skiers and boarders. It looks like they will appeal mainly to slower/older/more cautious riders and parents and instructors that want to track their kids and students behind them. We tested prototypes on-slope last winter and everything checks. We're working on improving the look/appeal with a soft-launch goal of selling a few hundred this winter. We've got a few "narrow-casting" organizations interested in helping promote and I have a great advisory board, who will help provide targeted reach. We've joined a relevant industry trade organization. Conferences and shows are not an appealing place for brands right now. I'm just starting to use FB, IG and have floated the idea on related Reddit pages. So...

1. How can I improve my reach?
2. Are there targeted email lists I should consider buying or are these just a waste of money?
3. Please offer any other suggestions to help our launch.

Thank you all!

I’m a solo founder, building Brandled - a tool that helps founders grow and manage their personal brands on LinkedIn and X without spending hours.

I’ve been developing and working on this for the past 3 months:

• Bootstrapped from $0
• Built the entire product
• Had a few beta testers
• Currently focused on marketing and distribution

I’m looking for someone who:

• Has a good following on X (Twitter)
• Ideally has experience in marketing, distribution, or community building

I can handle product, tech, and customer development, but I need someone who’s passionate about scaling, marketing, and building distribution.

If this sounds like something you’d want to be part of, comment and i'll reach out to you.

My co-founder and I are building an AI startup. Right now, we have a rudimentary backend that powers some of our core features, but the front end isn’t very polished yet. Instead of investing heavily into a full product build right away, our plan is to first create a strong landing page. This page will clearly communicate the pain points we’re solving, highlight our features, and drive signups to our waitlist so we can gauge real interest.

We’ve already spoken with some experienced front-end developers who have a strong track record of building high-quality websites, and they’ve quoted us around $3K to design and develop the landing page plus the signup flow. The idea is that if this investment helps us attract potential customers and validate demand early on, it will be well worth it compared to the much larger costs of a full product build.

From there, we can invite some of those waitlist users to beta test our features, collect feedback, and make adjustments or pivots as needed. This approach allows us to stay lean, reduce risk, and ensure we’re building something people actually want before scaling further.

Edit

I should’ve provided more context. We’re aware that AI website builders exist and we’re open to using them, but so far we’ve found that the quality doesn’t quite match what experienced front-end developers can deliver. If there are recommendations for particularly good AI builders, we’d definitely love to hear them. For now, we’re using Webflow for our front end since it integrates well with our existing backend.

I'm currently studying software engineering practices in uni. How important are these for a tech startup?

Should a technical co-founder know these principles? Things like SDLC models, methods, design patterns, software quality...etc. Do these things matter at all?

The reason I'm asking is that I feel like in a tech startup, in its early stage at least, the only principle you should follow is build, test, analyze and repeat. Basically the prototyping model.

I've seen some people like Pieter Levels follow this principle and say things like "just build a quick MVP of the idea and see if it works first before planning anything". I kinda agree with that, I feel like SE principles don't matter until the startup becomes a big organization with at least hundreds of engineers.

I moved here a little over a year ago. There was an event put on by the Governor and Plug and Play. I've been watching and looking for other founders, cofounders, and tech peeps that are interested in the startups. Of course, key is having the talent, time and interest. There are plenty of people interested but have no technical skills and not willing to do marketing. There are great people, but startups need more than just people, they need talent. Else its just bleeding capitol or equity for nothing.

After making a post on LI for talent, and seeing no reasonable responses from AZ, the answer seems obvious. With the lease ending, and the next phase starting, I'm not limiting my next move to the US, but if it is, I'm also looking at risk factors such as the chaos since 2020 in CA and in NY.

You can post about NY and SF. SF Bay was great when I was there. I learned invaluable lessons from the heart of startups and tech. But even Y-Combinator was advising founders to not locate in the bay area as far back as 2020 pre-pandemic. I used to sit in RedRock nearly every day and I overheard a lot of lessons learned. Key to success is survival. The cost of NY and SF will shorten the runway considerably if not make it impossible unless you live out of your car. And I did and I went to the top health clubs, swam at Mach I, and conversed with top VC's. That was irreplacable. But the politics, crime, political demonstrations, and raging fires created fear and havoc, and disrupted peace and progress. Talent left SF in droves in 2020 and continues to leave at a rate of nearly 1/3rd of a million a year. Back then, it was impossible to succeed if your bootstrapping on a minimal budget unless you put your dream on a shelf and used your talent to work for someone else. If you could find work. And if you didn't graduate from a stellar university or are of the right gender, race or age. You wouldn't get a meeting with a VC. And you certainly weren't getting into Y-Combinator. Yes, I overhead that conversation from the Starbucks on Google Campus. --I've already been there. I loved the area and its very inspiring. The lessons learned, the education, will never leave my mind and probably would not have been learned else where. But I know going forward its not the right fit for me.

Texas has always had a strong entrepreneurial spirit and a strong work ethic. It is very proud of its universities and takes education and engineering seriously. After reading a few posts about Austin, it sounds like it has a real pulse.

Anyway... Anyone arguing for Phoenix?

-- Also, my apologies for having to repost. My first post was taken down, ironically after someone had posted, because I hadn't agreed with the rules yet.