VC Due Diligence

Security and technical due diligence for investors evaluating portfolio companies

Request a Quote View all services

VC Due Diligence CONFIDENTIAL

B+

RISK RATING

What This Engagement Covers

A comprehensive assessment tailored to your environment.

When you're writing a check, security posture matters. Our VC Due Diligence service gives investors and acquirers an independent, expert assessment of a target company's security risk. We evaluate the security of their product, infrastructure, code, and practices — and translate findings into clear risk ratings and deal-level recommendations your investment committee can act on.

Our Process

What We Test & How

What We Test

Our due diligence assessment covers external attack surface and perimeter security, application security and architecture review, cloud infrastructure configuration and hardening, software supply chain and dependency risk, security policies and governance maturity, compliance posture (SOC 2, ISO 27001, HIPAA, PCI-DSS), incident history and response readiness, data handling and privacy practices, and engineering team security awareness.

Our Approach

Engagements begin with a scoping call to understand deal timeline and primary risk areas. We conduct passive and active reconnaissance, request access to relevant documentation and architecture diagrams, and run targeted security testing against agreed-upon scope. All findings are triaged and rated by business impact — not just technical severity. We deliver a confidential report to the investor with an executive summary, risk ratings by category, a deal recommendation, and a remediation roadmap the target company can act on post-close.

Deliverables

What You'll Receive

Everything included in your engagement report.

Confidential executive summary with deal-level risk rating

Security posture scorecard across 8 categories

Attack surface and vulnerability findings report

Cloud and infrastructure configuration review

Compliance gap analysis against relevant frameworks

Software supply chain and dependency risk assessment

Remediation roadmap for post-close integration

Optional: follow-up call with investment committee

Methodology

Our Testing Methodology

A structured approach to identifying and validating vulnerabilities.

Scoping call and deal timeline alignment

Passive reconnaissance and OSINT

External attack surface assessment

Application and API security review

Cloud configuration and IAM audit

Dependency and supply chain risk analysis

Policy, governance, and compliance review

Risk-rated findings report with deal recommendation

Findings

Common Vulnerabilities We Find

Typical security issues discovered during this type of engagement.

Unpatched critical vulnerabilities in production Misconfigured cloud storage exposing sensitive data No formal incident response process Missing SOC 2 or ISO 27001 compliance Third-party dependencies with known CVEs Weak access controls and no MFA enforcement No security testing history or pentest evidence Customer data handling inconsistent with stated policy

Who It's For

Ideal For

Venture capital firms evaluating Series A–C investments

Private equity firms conducting technical DD on acquisitions

Strategic acquirers assessing M&A targets

Growth equity investors with concentrated portfolio risk

LP risk committees requiring security validation

Founders preparing for investor security questionnaires

Compliance

Standards We Support

SOC 2 ISO 27001 HIPAA PCI-DSS NIST CSF GDPR

Ready to Get Started?

From $8,500

Typical engagement: 1–2 weeks

Request a Quote

More Services

Explore Other Services

Complementary security engagements for comprehensive coverage.

Why Us

Why Lorikeet Security

Certified Experts

OSCP, OSCE, CEH, GPEN certified professionals

Auditor Ready

Reports designed for compliance audits

Free Retesting

Validate fixes at no additional cost

Expert Support

Direct access to testing team during remediation