So which security considerations are relevant at an early stage?

• What security concerns were raised by customers willing to pay for your product?
• What are the security expectations in your industry (Medical, Finance, Enterprise)?
• What are the target market (country) regulations (Data Privacy, Data Residency)? Europeans are known to have tougher regulations. Different US States have different regulations.
• Which tools and policies would not hurt your team's morale.
• How long would it take you to prepare a security risk plan (see example at the bottom of this document)?