A free-and-open-source (BSD 3 Clause) security checklist for anyone running (or with a vendor who’s running) a Magento 2 system themselves. Provided by security stalwart Talesh Seeparsan, who you should talk-to-slash-hire if you need any computer security work done (Magento or otherwise).
The list is pretty bonkers. Seeing everything you and your vendor probably aren’t doing is eye opening, even if you’re a security conscious sort of person. It’s a heck of a time to be running software with text fields that people type their credit card numbers into.