Efficiently writing a master thesis

This blog post shows a methodical approach for writing a master thesis and how the Lean Startup Security Website has been created. I have used the following approach to plan and schedule all tasks which were necessary for writing my master thesis.


The activity diagram on this page shows all the different activities I had to do for writing my master thesis and their relation and dependencies to each other. I have categorized all the different activities into three “Activity stages”:

  • Getting Information,
  • Implementation and
  • Writing & Documenting

to highlight the type of a certain activity. Furthermore I’ve colored the activities with different background colors to emphasize the 6 major tasks. Those main tasks are explained in more detail in the following paragraphs.


Steps for writing a master thesis

Strategy & Literature research


At first I created a mind-map (knowledge map) as you can see in the first figure. In this mind map I wrote down all the different stakeholders and topics which are related to “IT Security in Startups”. Based on this extensive mind-map I defined the procedure which resulted in the activity diagram shown on this page.

Writing a master thesis - mind map
Mind map

The abstract, research question, demarcation and objectives are also based on the initial mind map.

Literature research

The next obvious step had been an exhaustive research on all topics which I identified on the initial mind map. All of them can be assigned to the main topics Startups, IT Security and Privacy. A majority of used references are papers, white papers, industry standards, laws and IT Security and Startup books and blogs.

Writing a master thesis
Activity diagram

Master thesis (document)

The master thesis arose in parallel to the information procurement and implementation and had been adapted and redesigned if any of the two other activity stages brought new understandings. For structuring the chapters of this thesis I compared the structure of various other master theses with each other to find an easy to read construction and to ensure that a golden thread is running through my paper.


Questionnaire and Interviews

I have interviewed stakeholders from the Startup scene (CEOs, CTOs and employees) and conducted an online survey to get answers to the 2 research questions.

Because IT Security is a delicate subject to many companies I have ensured absolute non-disclosure to each interviewed person. Otherwise I would have doubt the uprightness especially of CEOs and CTOs. Therefore there will be no publication of company or person names or of single questionaries’. Instead I will publish aggregated and anonymized information.


Lean Security Methods

I have defined lean security methods in parallel to the questionnaire and surveys and the methods are also part of the master thesis. The different methods, practices and recommendations are mainly based on:

  • My experience as Startup CTO and IT Security master student
  • Common industry standards like ISO/IEC 27001, ISO/IEC 20000, ISO/IEC 22301, “BSI Grundschutz” and the BSI 100-x standards
  • EU privacy regulations and Austrian privacy law (DSG2000)
  • The “IT Sicherheitshandbuch” and “IT Risikoanalyse” documents from the Austrian Federal Economic Chamber (WKO)
  • Papers from the SANS Institute concerning Security

My goal has been to find light-weight mechanisms and methods which can be easily implemented by companies before, during and after foundation. So the methods can be used from 1-person company’s until a company size of around 20 people.


Practical Implementation

To verify the practicability and duration of the “Lean Security Methods” I’ve implemented all the measures into the Startup I work at: Rentog (https://rentog.com).

I’ve used all the findings, issues and obscurities which occured during implementation to update and enhance the Lean Security Methods. Additionally I created several templates during the implementation. These templates are available in the “Template” section.



All the defined lean security methods and recommendations and the corresponding templates are published on http://leanstartupsecurity.com. With the publication of the methods the objective “…improve the overall security level of Startups in the IT and Internet field…” is targeted. It is also possible for visitors to post comments so that I can learn from the users and that I can further improve the methods.



Writing a master thesis is not an easy tasks and takes some time. Especially research can be exhausting and sometimes you don’t even notice that you are heading in the wrong direction. For those reasons it is very helpful to have a clear plan and strategy on how to write your master thesis. I have used a simple mind-map and an activity diagram to visualize and organize everything. These techniques will allow you to stay focused during your research and will help you to better plan your tasks.