Skip to main content
QuantLab Logo

Free guides, checklists, and playbooks.

The same internal playbooks, scoping checklists, and decision frameworks we use on QUANT LAB engagements — packaged for founders, CTOs, and operations leaders making the next call on custom software, security, payments, or CRM. Every resource is written to be useful even before you talk to us. If they help, the next step is a 20-minute scoping conversation.

One-click PDF download
15-90 minute reads
No paywall, just an email

What free resources does QUANT LAB USA publish?

QUANT LAB USA publishes twenty-three free downloadable resources: the Build-vs-Buy Decision Playbook (25 pages), the OWASP-aligned Web App Pentest Checklist (80 items), the 6-Week Custom CRM Rollout Playbook (30 pages plus templates), MVP to Production Tech Playbook (35 pages), the Stripe Integration Checklist, the MITRE ATT&CK Maturity Worksheet, the SaaS Launch Checklist, the Vendor Security Questionnaire Template, the Software Project Estimate Worksheet, the Incident Response Plan Template, the API Design Guidelines Checklist, the SaaS Security Checklist, the Database Backup & Recovery Plan Template, the API Integration Requirements Template, the Penetration Test RFP Template, the Cloud Cost Optimization Checklist, the Code Review Checklist, the Custom CRM RFP Template, the Internal Tools Build-vs-Buy Worksheet, the LLC vs C-Corp Decision Checklist, the MITRE ATT&CK Maturity Self-Assessment, the Stripe Connect Marketplace Onboarding Template, and the Technical Due Diligence Checklist. Each targets a specific decision-maker (CTO, COO, Security Lead, Founder) and a specific decision. One-click PDF download, no paywall, just an email.

Twenty-three resources, twenty-three decisions.

Each guide targets a specific situation and a specific decision-maker. Pick the one that matches what is on your plate this quarter. If you are juggling more than one, skim the description on each card and start with the one that costs the most to get wrong.

25-page PDF playbook

The Custom Software Build-vs-Buy Decision Playbook

A 25-page playbook with 7 decision frameworks, a 5-year TCO worksheet, and a CFO memo template — for ops leaders losing the build-vs-buy argument.

For COOs, VPs of Operations, RevOps

Get the resource

80-item PDF checklist

The Web App Pentest Checklist (OWASP-aligned)

An 80-item OWASP-aligned checklist for CTOs and security leads scoping a web app pentest for SOC 2, PCI, or a customer security questionnaire.

For CTOs, Security Leads, vCISOs

Get the resource

30-page PDF + templates

The 6-Week Custom CRM Rollout Playbook

A 30-page playbook with week-by-week tasks, data-migration templates, and a stakeholder communications kit for ops leaders rolling out a new CRM.

For RevOps, VPs of Sales, Operations Leaders

Get the resource

35-page PDF playbook

MVP to Production: The Founder's Tech Playbook

A 35-page playbook on hosting, auth, payments, observability, and analytics decisions for technical founders shipping past product-market fit.

For Founders, CTOs, Technical Co-founders

Get the resource

Pre-launch PDF checklist

The Stripe Integration Checklist

A pre-launch PDF checklist covering dunning, SCA, webhook resilience, idempotency, and reconciliation — for SaaS teams shipping custom payment flows.

For SaaS Founders, Heads of Engineering

Get the resource

Worksheet (PDF)

MITRE ATT&CK Maturity Worksheet

A self-assessment worksheet aligning your organization's defenses to the 14 ATT&CK Enterprise tactics — with scoring, quick wins, and a board-ready summary.

For Security Leads, IT Managers, vCISOs

Get the resource

60+ item PDF checklist

The SaaS Launch Checklist

A 60+ item pre-launch checklist covering technical readiness, security, billing, and legal — for founders and CTOs shipping a SaaS product to production.

For Founders, CTOs, Engineering Leads

Get the resource

PDF template, 30+ questions

The Vendor Security Questionnaire Template

A ready-to-send questionnaire covering governance, data protection, app security, infrastructure, and incident response — for teams vetting a software vendor.

For Security Leads, CTOs, Procurement

Get the resource

Worksheet (PDF)

The Software Project Estimate Worksheet

A scoping worksheet with the inputs to gather, a feature-sizing method, real cost ranges, and the risk factors that move the number — for founders and PMs pricing a build.

For Founders, Product Managers, Ops Leaders

Get the resource

PDF starter template

The Incident Response Plan Template

A starter plan with roles, severity levels, a six-step response process, and a communications plan — for CTOs and security leads who need one before they need it.

For CTOs, Security Leads, Engineering Managers

Get the resource

REST design PDF checklist

The API Design Guidelines Checklist

A REST checklist covering resource naming, versioning, authentication, consistent errors, and pagination — for engineers and tech leads shipping an API consumers will not curse.

For Engineers, Tech Leads, API Designers

Get the resource

PDF security checklist

The SaaS Security Checklist

A practical security checklist for SaaS teams — auth, tenant isolation, secrets, logging, dependencies, and backups — mapped to what SOC 2 and customer questionnaires expect.

For Founders, CTOs, Security Leads

Get the resource

Editable PDF template

The Database Backup & Recovery Plan Template

A fill-in template for documenting backup cadence, retention, restore steps, and RPO/RTO targets — so a database failure becomes a runbook instead of a panic.

For CTOs, DevOps, Engineering Leads

Get the resource

PDF requirements template

The API Integration Requirements Template

A requirements template for scoping a third-party API integration — endpoints, auth, rate limits, error handling, and webhooks — before a line of code is written.

For Product Managers, Engineers, Tech Leads

Get the resource

PDF RFP template

The Penetration Test RFP Template

A vendor-neutral RFP template for buying a pentest — scope, methodology, reporting, retest, and the questions that separate a real firm from a scan reseller.

For CTOs, Security Leads, Procurement

Get the resource

PDF checklist

The Cloud Cost Optimization Checklist

A checklist of the highest-leverage cloud savings — right-sizing, autoscaling, storage tiers, egress, and idle resources — without sacrificing reliability.

For CTOs, DevOps, Finance & Ops

Get the resource

PDF review checklist

The Code Review Checklist

A reviewer's checklist covering correctness, security, readability, tests, performance, and dependencies — so reviews catch what matters instead of bikeshedding style.

For Engineers, Tech Leads, EMs

Get the resource

PDF RFP template

The Custom CRM RFP Template (2026)

An RFP template for commissioning a custom CRM — process mapping, must-have features, integrations, data migration, and the evaluation criteria that keep vendors honest.

For RevOps, VPs of Sales, Operations Leaders

Get the resource

PDF worksheet

Internal Tools: Build-vs-Buy Worksheet

A worksheet for deciding whether to build, buy, or assemble an internal tool — scoring fit, switching cost, and total cost across a three-year horizon.

For Ops Leaders, CTOs, Founders

Get the resource

PDF checklist

LLC vs C-Corp Decision Checklist

A founder's checklist on entity choice — taxes, fundraising, equity, and admin — so you walk into a conversation with your CPA or attorney already informed. Not legal advice.

For Founders, Solo Founders

Get the resource

PDF self-assessment

MITRE ATT&CK Maturity Self-Assessment (v2)

An updated self-assessment to rate your detection and response coverage against ATT&CK tactics, with a scoring rubric and a prioritized list of the gaps to close first.

For Security Leads, SOC Managers, vCISOs

Get the resource

PDF + flow template

Stripe Connect Marketplace Onboarding Template

A template for designing marketplace seller onboarding on Stripe Connect — account types, KYC, payout schedules, and the edge cases that stall go-live.

For Marketplace Founders, Payments Engineers

Get the resource

PDF DD checklist

The Technical Due Diligence Checklist

A checklist for assessing a target's technology before an acquisition or investment — architecture, security, code quality, team, and the risks that move valuation.

For Investors, Acquirers, Technical Advisors

Get the resource

Why we publish these

Founders and operations leaders almost never call us cold. They call us after they have lost two months to a SaaS vendor that refuses to fix a workflow bug, after a SOC 2 auditor asked them what their pentest scope was and they did not know how to answer, after a Stripe webhook silently dropped a $40,000 charge, or after a quant trader watched a notebook strategy bleed real capital because the risk layer was never built. Every one of those calls is preventable with 90 minutes of reading. That is what these resources are for.

Each one is written like an internal document, not a sales sheet. The Build-vs-Buy Playbook walks through the same 12-factor scoring framework we use when scoping a custom build. The Pentest Checklist is the actual list of questions we wish every prospect asked before signing a statement of work — see also our web application pentest service. The 6-Week CRM Rollout Playbook is the operations document we hand a client on day one of a custom CRM build. The MVP to Production Playbook is the post-PMF SaaS map we wish someone had handed us in 2019.

The Stripe Integration Checklist is built for SaaS teams shipping a custom Stripe integration and will save you a weekend of customer-support fires if you follow it. The MITRE ATT&CK Maturity Worksheet is the self-assessment we walk security leads through before scoping a MITRE ATT&CK assessment or a full penetration test. Together they cover the four conversations that come up most often in our consulting work: build vs buy, security posture, payments, and operations tooling.

None of the resources are gated by anything more than an email address. We do not ask for company size, phone number, headcount, or budget. If you want to stay anonymous and grab the PDF, your email is the only field that is actually required. If you want a follow-up from William, reply to the confirmation email or jump straight into the contact form.

Who these are for

Founders & CTOs

You shipped an MVP, you have paying customers, and the next 90 days will decide whether the product survives its first enterprise procurement cycle. Start with the MVP to Production Playbook.

RevOps & Operations Leaders

You are losing the build-vs-buy argument with your CFO or staring at a Salesforce renewal that doubled. Start with Build vs Buy and the CRM Rollout Playbook.

Security Leads & vCISOs

You are scoping a pentest, answering a customer security questionnaire, or pricing a SOC 2 audit. Start with the Pentest Checklist and the MITRE ATT&CK Worksheet.

Skip the resource — talk to the founder.

If you already know which conversation you need, book a 20-minute scoping call. William Beltz answers every booking personally — no SDR, no chatbot, no automated funnel. Read more about QUANT LAB USA or browse recent client work, pricing, or the blog.