In this age of "minimum viable products" and "lean startups", is there room for security? Large, established companies often come with large, established security programs... but most of us don't work for one of those large companies. If you're at a startup or small business unit, chances are you're lucky if there's a single dedicated security engineer, let alone a whole group or program. So how do we bridge that gap? Well, good news: it's easy to whip your organization into shape! This talk covers five simple steps to create a security program. This "minimum viable security program" starts small, but can be iterated on, grown, and improved along with your product and business.