These are slides that were publicly presented at BsidesNOVA in 2022 which is one of the most respected security conferences on the east coast and the OWASP Triangle Meetup in 2023 based out of Raleigh, NC. The objective is to help a security engineers or cybersecurity professionals who are building a security program from scratch to know where to start and things to think about from a technical and business perspective. These are recommendations and tools that have worked in my experience for startup, SMB businesses, and large organizations. The ideal outcome is to build relationships with business leaders so when an incident happens they're able to support the security team and not blame for negligence rather risks were already well communicated and they understands the nature of zero day attacks and real-work breaches happening in their industry.