In 2025, A42 partnered with the Ukrainian Startup Fund (USF) to deliver a practical cybersecurity program tailored specifically for Ukrainian startups.
The goal of the initiative was simple but critical: help founders and CTOs of startups to understand cybersecurity not as a “later problem”, but as a core part of building a resilient business from day one.
The program attracted more than 50 registered startup teams, representing SaaS products, fintech, hosting providers, and B2B platforms at different stages of growth.
Participants joined the program to:
- better understand real-world cyber threats,
- learn how attackers actually think,
- and get practical guidance on how to strengthen security with limited resources.
Rather than focusing on theory, the program was designed around real cases, practical tools, and decision-making from a founder’s perspective.
As part of the program, A42 founders delivered two webinars focused on the intersection of technology, leadership, and security.
How Hackers Think: Reconnaissance, Scanning, Defense
The first webinar was led by Serhii Saraichykov, CTO & Co-Founder of A42, and explored cybersecurity from an attacker’s perspective.
The session focused on how hackers actually think and operate, breaking down a typical attack into three core stages:
- Reconnaissance – discovering external assets such as domains, subdomains, exposed services, cloud resources, and publicly available information.
- Scanning – identifying vulnerabilities through dynamic testing without access to source code.
- Defense – understanding how early visibility and continuous monitoring help detect risks before they are exploited.
A key concept discussed was the external attack surface – everything a company exposes to the internet, often unintentionally. Participants saw how forgotten subdomains, misconfigurations, or test environments can become entry points for attackers.
Instead of theory, the webinar demonstrated real-world tools and workflows used by security professionals and attackers alike, including subdomain discovery, automated scanning, DAST testing, and external perimeter monitoring.
The main takeaway for founders and CTOs was clear: to build effective defenses, you must first understand how attackers see your product.
Security Starts With People and Processes
The second webinar was led by Olga Nasibullina, Co-Founder & CEO of A42, and focused on processes and team communication as key elements of cybersecurity.
A central idea of the session was the concept of the Founder as a Security Role Model.
Security is not only about tools – it is about daily behavior, leadership decisions, and company culture.
Participants explored why hackers attack in the first place – driven by profit, experimentation, unfair competition, or geopolitical motives. Not every attack is targeted – sometimes you are attacked simply because you exist and are visible. This understanding naturally led to a broader perspective: not all hackers are enemies by default.
Founders were encouraged to rethink their relationship with the security community and consider how responsible researchers can become allies through:
- Vulnerability Disclosure Programs
- Clear and transparent disclosure policies
- Bug Bounty initiatives
At the leadership level, this approach helps companies detect vulnerabilities earlier, reduce blind spots, and build trust – both internally and externally.
The session also encouraged founders to set the right tone early by:
- Treating security as a core value from day one
- Leading by example through basic security practices (2FA, password managers, secure tools)
- Avoiding common mistakes such as postponing security or assuming it is too expensive
The key takeaway was clear: security culture starts with leadership, not technology.
Participant Feedback
One of the program participants, CTO of Surwise, shared his perspective after joining the webinars:
“The program provided practical cybersecurity insights we can apply to strengthen our product. The information was compact, practical, and extremely valuable. Especially the examples around Cloudflare and how a company can become a victim of an attack without being specifically targeted. This program helped me clearly see our growth opportunities in cybersecurity and understand how to reduce risks without huge budgets.”
He also noted that for SaaS startups, cybersecurity increasingly becomes a business requirement, driven by client expectations around ISO and SOC 2 compliance.
Another program participant, CEO & Founder of SuoQ, shared feedback from his team after completing the infrastructure scan using A42:
“During the scan of SuoQ’s infrastructure with the A42 platform, our team gained valuable insights into potential external cyber threats, including exposed subdomains, technologies in use, and possible risk points.Particularly valuable was having consolidated information in a single report about potential credential leaks and publicly accessible infrastructure components – areas that often remain outside the scope of internal audits.A42 enables a fast assessment of a company’s current cybersecurity hygiene and helps define clear priorities for further strengthening security.”
Another program participant, CTO of IF.team, shared his experience after attending the webinars and using the A42 platform:
“I attended Serhii’s webinars and found them extremely useful. He answered questions related even to non-standard server architectures, which was especially valuable for us. If you have the opportunity to attend – I definitely recommend it. An important takeaway for our team was the need to clearly separate different areas of cybersecurity. One area focuses on certifications and compliance-related activities, while another focuses on scanning the active application perimeter. This is exactly where the A42 platform delivers strong value. A42 provides a fast and convenient interface for perimeter scanning. We also used the free trial to scan our own application. Only non-critical findings were identified, which gave us additional confidence in our current security approach.”
Why This Program Matters to A42
For A42, this program was about more than education – it was about supporting the Ukrainian startup ecosystem.
A42 aimed to help founders understand that cybersecurity matters from day one, even before the first customers appear. Addressing security early helps startups avoid technology theft, reduce future risks during fundraising, and prevent security-related blockers when working with partners and investors.
This initiative also reflects A42’s commitment to strengthening the overall level of Ukrainian IT, where cybersecurity plays a critical role in trust and long-term competitiveness.
As part of the program, all participants received free trial access to A42, enabling them to scan their external perimeter for vulnerabilities and gain practical, hands-on security insights.
Summary & Impact
The joint program by A42 and the Ukrainian Startup Fund demonstrated that cybersecurity education for startups must be practical, founder-focused, and grounded in real experience.
By combining hands-on expertise with an accessible format, the initiative helped founders and CTOs see cybersecurity not as fear – but as a strategic advantage.
