Free guides, checklists, and playbooks.
The same internal playbooks, scoping checklists, and decision frameworks we use on QUANT LAB engagements — packaged for founders, CTOs, and operations leaders making the next call on custom software, security, payments, or CRM. Every resource is written to be useful even before you talk to us. If they help, the next step is a 20-minute scoping conversation.
What free resources does QUANT LAB USA publish?
QUANT LAB USA publishes twenty-three free downloadable resources: the Build-vs-Buy Decision Playbook (25 pages), the OWASP-aligned Web App Pentest Checklist (80 items), the 6-Week Custom CRM Rollout Playbook (30 pages plus templates), MVP to Production Tech Playbook (35 pages), the Stripe Integration Checklist, the MITRE ATT&CK Maturity Worksheet, the SaaS Launch Checklist, the Vendor Security Questionnaire Template, the Software Project Estimate Worksheet, the Incident Response Plan Template, the API Design Guidelines Checklist, the SaaS Security Checklist, the Database Backup & Recovery Plan Template, the API Integration Requirements Template, the Penetration Test RFP Template, the Cloud Cost Optimization Checklist, the Code Review Checklist, the Custom CRM RFP Template, the Internal Tools Build-vs-Buy Worksheet, the LLC vs C-Corp Decision Checklist, the MITRE ATT&CK Maturity Self-Assessment, the Stripe Connect Marketplace Onboarding Template, and the Technical Due Diligence Checklist. Each targets a specific decision-maker (CTO, COO, Security Lead, Founder) and a specific decision. One-click PDF download, no paywall, just an email.
Twenty-three resources, twenty-three decisions.
Each guide targets a specific situation and a specific decision-maker. Pick the one that matches what is on your plate this quarter. If you are juggling more than one, skim the description on each card and start with the one that costs the most to get wrong.
25-page PDF playbook
The Custom Software Build-vs-Buy Decision Playbook
A 25-page playbook with 7 decision frameworks, a 5-year TCO worksheet, and a CFO memo template — for ops leaders losing the build-vs-buy argument.
For COOs, VPs of Operations, RevOps
Get the resource80-item PDF checklist
The Web App Pentest Checklist (OWASP-aligned)
An 80-item OWASP-aligned checklist for CTOs and security leads scoping a web app pentest for SOC 2, PCI, or a customer security questionnaire.
For CTOs, Security Leads, vCISOs
Get the resource30-page PDF + templates
The 6-Week Custom CRM Rollout Playbook
A 30-page playbook with week-by-week tasks, data-migration templates, and a stakeholder communications kit for ops leaders rolling out a new CRM.
For RevOps, VPs of Sales, Operations Leaders
Get the resource35-page PDF playbook
MVP to Production: The Founder's Tech Playbook
A 35-page playbook on hosting, auth, payments, observability, and analytics decisions for technical founders shipping past product-market fit.
For Founders, CTOs, Technical Co-founders
Get the resourcePre-launch PDF checklist
The Stripe Integration Checklist
A pre-launch PDF checklist covering dunning, SCA, webhook resilience, idempotency, and reconciliation — for SaaS teams shipping custom payment flows.
For SaaS Founders, Heads of Engineering
Get the resourceWorksheet (PDF)
MITRE ATT&CK Maturity Worksheet
A self-assessment worksheet aligning your organization's defenses to the 14 ATT&CK Enterprise tactics — with scoring, quick wins, and a board-ready summary.
For Security Leads, IT Managers, vCISOs
Get the resource60+ item PDF checklist
The SaaS Launch Checklist
A 60+ item pre-launch checklist covering technical readiness, security, billing, and legal — for founders and CTOs shipping a SaaS product to production.
For Founders, CTOs, Engineering Leads
Get the resourcePDF template, 30+ questions
The Vendor Security Questionnaire Template
A ready-to-send questionnaire covering governance, data protection, app security, infrastructure, and incident response — for teams vetting a software vendor.
For Security Leads, CTOs, Procurement
Get the resourceWorksheet (PDF)
The Software Project Estimate Worksheet
A scoping worksheet with the inputs to gather, a feature-sizing method, real cost ranges, and the risk factors that move the number — for founders and PMs pricing a build.
For Founders, Product Managers, Ops Leaders
Get the resourcePDF starter template
The Incident Response Plan Template
A starter plan with roles, severity levels, a six-step response process, and a communications plan — for CTOs and security leads who need one before they need it.
For CTOs, Security Leads, Engineering Managers
Get the resourceREST design PDF checklist
The API Design Guidelines Checklist
A REST checklist covering resource naming, versioning, authentication, consistent errors, and pagination — for engineers and tech leads shipping an API consumers will not curse.
For Engineers, Tech Leads, API Designers
Get the resourcePDF security checklist
The SaaS Security Checklist
A practical security checklist for SaaS teams — auth, tenant isolation, secrets, logging, dependencies, and backups — mapped to what SOC 2 and customer questionnaires expect.
For Founders, CTOs, Security Leads
Get the resourceEditable PDF template
The Database Backup & Recovery Plan Template
A fill-in template for documenting backup cadence, retention, restore steps, and RPO/RTO targets — so a database failure becomes a runbook instead of a panic.
For CTOs, DevOps, Engineering Leads
Get the resourcePDF requirements template
The API Integration Requirements Template
A requirements template for scoping a third-party API integration — endpoints, auth, rate limits, error handling, and webhooks — before a line of code is written.
For Product Managers, Engineers, Tech Leads
Get the resourcePDF RFP template
The Penetration Test RFP Template
A vendor-neutral RFP template for buying a pentest — scope, methodology, reporting, retest, and the questions that separate a real firm from a scan reseller.
For CTOs, Security Leads, Procurement
Get the resourcePDF checklist
The Cloud Cost Optimization Checklist
A checklist of the highest-leverage cloud savings — right-sizing, autoscaling, storage tiers, egress, and idle resources — without sacrificing reliability.
For CTOs, DevOps, Finance & Ops
Get the resourcePDF review checklist
The Code Review Checklist
A reviewer's checklist covering correctness, security, readability, tests, performance, and dependencies — so reviews catch what matters instead of bikeshedding style.
For Engineers, Tech Leads, EMs
Get the resourcePDF RFP template
The Custom CRM RFP Template (2026)
An RFP template for commissioning a custom CRM — process mapping, must-have features, integrations, data migration, and the evaluation criteria that keep vendors honest.
For RevOps, VPs of Sales, Operations Leaders
Get the resourcePDF worksheet
Internal Tools: Build-vs-Buy Worksheet
A worksheet for deciding whether to build, buy, or assemble an internal tool — scoring fit, switching cost, and total cost across a three-year horizon.
For Ops Leaders, CTOs, Founders
Get the resourcePDF checklist
LLC vs C-Corp Decision Checklist
A founder's checklist on entity choice — taxes, fundraising, equity, and admin — so you walk into a conversation with your CPA or attorney already informed. Not legal advice.
For Founders, Solo Founders
Get the resourcePDF self-assessment
MITRE ATT&CK Maturity Self-Assessment (v2)
An updated self-assessment to rate your detection and response coverage against ATT&CK tactics, with a scoring rubric and a prioritized list of the gaps to close first.
For Security Leads, SOC Managers, vCISOs
Get the resourcePDF + flow template
Stripe Connect Marketplace Onboarding Template
A template for designing marketplace seller onboarding on Stripe Connect — account types, KYC, payout schedules, and the edge cases that stall go-live.
For Marketplace Founders, Payments Engineers
Get the resourcePDF DD checklist
The Technical Due Diligence Checklist
A checklist for assessing a target's technology before an acquisition or investment — architecture, security, code quality, team, and the risks that move valuation.
For Investors, Acquirers, Technical Advisors
Get the resourceWhy we publish these
Founders and operations leaders almost never call us cold. They call us after they have lost two months to a SaaS vendor that refuses to fix a workflow bug, after a SOC 2 auditor asked them what their pentest scope was and they did not know how to answer, after a Stripe webhook silently dropped a $40,000 charge, or after a quant trader watched a notebook strategy bleed real capital because the risk layer was never built. Every one of those calls is preventable with 90 minutes of reading. That is what these resources are for.
Each one is written like an internal document, not a sales sheet. The Build-vs-Buy Playbook walks through the same 12-factor scoring framework we use when scoping a custom build. The Pentest Checklist is the actual list of questions we wish every prospect asked before signing a statement of work — see also our web application pentest service. The 6-Week CRM Rollout Playbook is the operations document we hand a client on day one of a custom CRM build. The MVP to Production Playbook is the post-PMF SaaS map we wish someone had handed us in 2019.
The Stripe Integration Checklist is built for SaaS teams shipping a custom Stripe integration and will save you a weekend of customer-support fires if you follow it. The MITRE ATT&CK Maturity Worksheet is the self-assessment we walk security leads through before scoping a MITRE ATT&CK assessment or a full penetration test. Together they cover the four conversations that come up most often in our consulting work: build vs buy, security posture, payments, and operations tooling.
None of the resources are gated by anything more than an email address. We do not ask for company size, phone number, headcount, or budget. If you want to stay anonymous and grab the PDF, your email is the only field that is actually required. If you want a follow-up from William, reply to the confirmation email or jump straight into the contact form.
Who these are for
Founders & CTOs
You shipped an MVP, you have paying customers, and the next 90 days will decide whether the product survives its first enterprise procurement cycle. Start with the MVP to Production Playbook.
RevOps & Operations Leaders
You are losing the build-vs-buy argument with your CFO or staring at a Salesforce renewal that doubled. Start with Build vs Buy and the CRM Rollout Playbook.
Security Leads & vCISOs
You are scoping a pentest, answering a customer security questionnaire, or pricing a SOC 2 audit. Start with the Pentest Checklist and the MITRE ATT&CK Worksheet.
Skip the resource — talk to the founder.
If you already know which conversation you need, book a 20-minute scoping call. William Beltz answers every booking personally — no SDR, no chatbot, no automated funnel. Read more about QUANT LAB USA or browse recent client work, pricing, or the blog.