Freshly-launched startups don’t often have the funding for a fully formed security team, but a data breach or a privacy overreach can be deadly for a new company. That’s why Facebook security engineer Benjamin Strahs is joining TechCrunch at our D.C. meetup and pitch-off this week: he’ll offer advice to founders about how to bootstrap a secure culture at their companies.

Facebook is a social media company, not a security firm — but, considering the wealth of personal data it holds, security has to be a consideration for everything Facebook does. Facebook has rolled out encrypted messaging, secure browsing and new account authentication & recovery methods over the past few years to make sure users’ data stays safe.

Facebook also routinely tests its own systems for vulnerabilities and invites the public to do the same through its bug bounty program.

But smaller companies don’t always have the financial or engineering resources for new privacy features and security programs — which is why Strahs encourages founders to use open-source frameworks and centralize their risk so they can address it more easily.

Strahs has led education initiatives for his non-technical co-workers, teaching them how to recognize phishing schemes and other suspicious behavior. It’s not just about securing your infrastructure — you have to make sure your employees understand how to keep themselves secure and how to protect user data.

Our conversation with Strahs comes at a time when security and privacy are more urgent than ever — digital surveillance is being debated in court, massive breaches are coming to light, and privacy policy changes are spurring backlash. It will be a great discussion, and we hope you’ll join us!