A few remarks/questions<p>> Stop using disk-on-keys<p>never heard that phrase<p>> Buy at least 2 or 3 domain names<p>I don't really understand the whole paragraph - or fundamentally disagree with your reasoning. Of course there are some upsides (regarding security) of splitting stuff over a few domains but there's a lot of reason why you wouldn't do that. I think this is written too harshly as "Do as I say" without <i>proper</i> explanations and nuances of the details.<p>> Monitor your endpoint's public certificate expiration date, to detect prevent certificate expiration.<p>typo? missing "and"? remove "detect"?<p>> By default AWS users choose Oregon (us-west-2).<p>Highly misleading. Or is your advice only relevant for US companies? I'd also say this is false for many people who have an international market leaning towards Europe, not Asia - then us-east is often better.<p>> Using git would allow you to add outsource/freelance developers for a limited time, by giving and then revoking commit permissions.<p>Non-sequitur unless you insert "easily". Maybe. I don't disagree that git is the way to go, but your reasoning is nonsensical here. We did exactly that with CVS and SVN 15 years ago.<p>> Every service you use requires a 2nd authentication factor (2FA).<p>This is under "your first customer". Was this meant to be "should require"? Are you talking about the XaaS you (the company) are using? Are you advocating that your users use 2FA with your product?<p>> Antivirus<p>No, don't.<p>All in all some good points, but could use some clean up. You're lumping things together from varying degrees of technical expertise - also some paragraphs are highly detailed (and thus, sometimes miss to convey the bigger point) and others are pretty sparse.<p>Sorry if this sounded like complaining, there were (very) few points where I strongly disagree, but overall a good overview. I probably would've split it in at least 2 parts - e.g. for a CEO (overviews, less details, but more fields) and CTO level (technical stuff, with details).