10 Questions with Shrav Mehta, Founder and CEO at Secureframe via [The Startup Founder Interview Template]. HackerNoon: What is your company in 2–5 words? Shrav Mehta: Security compliance automation software provider. Why is now the time for your company to exist? SM: Several years ago, everything to do with compliance was completely manual. There were no APIs to integrate with. If you looked at HR systems like Gusto or Rippling for example, there were no APIs to pull the data that you needed as part of the compliance process. AWS didn't have a robust suite of APIs to pull evidence. But as technology and APIs evolved, automation became much more possible in the compliance process. Over time, that allowed Secureframe to automate so much of the compliance process that it’s now about three to four times faster than it was a few years ago. What do you love about your team, and why are you the ones to solve this problem? SM: When we were first building Secureframe, many of the big auditors told us that automating compliance was not really possible. They believed that the complex and nuanced nature of compliance tasks made them unsuitable for automation. However, my team and I thought otherwise. We realized that many of the manual tasks we were doing, such as screenshotting an AWS dashboard or a GitHub repo to pull down information, could be streamlined through automation. Despite the skepticism we faced, we were convinced that with the right approach and technology, many parts of the compliance process could indeed be automated. We recognized that the belief that it couldn't be done was more of a preconceived notion rather than a fact. Drawing from our experiences at previous startups, we knew that other companies were facing similar challenges and were actively seeking automated solutions to simplify their compliance efforts. This further motivated us to develop Secureframe and provide the much-needed automation in the compliance space. If you weren’t building your startup, what would you be doing? SM: I would definitely be interested in building something in cybersecurity. Cybersecurity and AI are probably the two fastest-growing spaces in software technology today. Cyber threats will continue to evolve and get more complex. There will always be bad actors out there and you will always need good cybersecurity products and tooling to fight those bad actors. I think there are an infinite number of opportunities in cybersecurity. Secureframe is where I'm focused right now, but if I were to do anything else, I would almost certainly work on something at the intersection of cybersecurity and AI. At the moment, how do you measure success? What are your metrics? SM: Every company has one key metric that they're evaluated on. For most venture-backed companies, it's revenue-focused. For Secureframe, the number one metric we look at is ARR (annual recurring revenue). The next big one is NDR (net dollar retention), which is the number of our existing customers that are growing and expanding. Our third most important metric is NPS (net promoter score), which measures the happiness of our customers. And the fourth most important metric is CAC (customer acquisition cost) payback period. For example, if I had $1 billion to spend on marketing, I'm sure I could increase our growth rate a lot, but there would be no constraint. So, we aim to spend marketing and sales money in the most efficient way possible in order to generate more revenue. That’s one reason why CAC payback period matters, because it puts an efficiency cap on your resources. In a few sentences, what do you offer to whom? SM: Secureframe's platform helps organizations achieve and maintain compliance with standards like SOC 2, ISO 27001, HIPAA, and NIST frameworksto name a few. We automate risk assessments and monitor third-party vendors' compliance status, ensuring they adhere to necessary security and privacy standards. Our platform also streamlines internal risk management processes, including identifying vulnerabilities, implementing controls, and continuously monitoring for nonconformities. We assist companies in preparing for audits and our customers range from startups to large global enterprises, with our platform flexibly adapting to their specific compliance needs. What’s most exciting about your traction to date? SM: The thing we're really excited about is the traction we're seeing with enterprise customers. Most enterprises still have the same problems with security and compliance that they’ve always had — the process is too slow and very manual, and they need deeper levels of automation. But there are so many frameworks and regulations that they need to comply with. The problem is just much bigger than it is for smaller companies, but it’s one that Secureframe is able to solve. Where do you think your growth will be next year? SM: Our biggest growth goal is to double our revenue year-over-year. Tell us about your first paying customer and revenue expectations over the next year. SM: Our first paying customer was actually before we even had an MVP (minimum viable product) built for Secureframe. We were exploring a couple different ideas within security and I started asking people in my network if they would be interested in tools to automate some of the SOC 2 process. And a bunch of people said yes, but we didn't really know how serious they were. Our first customer called me back a month later and asked where the product was. I said, "Oh, I didn't know you were that serious about it!" So, I quit my job that week and started building the MVP for what is now Secureframe. We got the customer done with their SOC 2 and they were incredibly happy. And that was the impetus for why we decided to focus on this idea — clearly it was something people needed. We had 40+ companies on the waitlist by the time we actually had an MVP that we could utilize with all these customers. The moment we launched it, they started to pay us. Over the next year, we plan to double our revenue. What's your biggest threat? SM: I think if we don’t get ahead of it, AI could be one of the biggest threats to both software and cybersecurity. But if we get ahead of it, it will be one of the biggest opportunities. At Secureframe, we're utilizing AI where we think it'll really help our customers, which we believe is risk remediation and vendor management. We’re using it to make the whole compliance process even faster and easier. We also support a broader range of frameworks, including the NIST AI Risk Management Framework (NIST AI RMF) and ISO 42001, enabling teams to automate their compliance protocols. Get Interviewed by HackerNoon via the Startup Founder Template 10 Questions with Shrav Mehta , Founder and CEO at Secureframe via [ The Startup Founder Interview Template ]. Shrav Mehta Shrav Mehta Secureframe Secureframe The Startup Founder Interview Template HackerNoon: What is your company in 2–5 words? HackerNoon: What is your company in 2–5 words? Shrav Mehta: Security compliance automation software provider. Why is now the time for your company to exist? Why is now the time for your company to exist? SM: Several years ago, everything to do with compliance was completely manual. There were no APIs to integrate with. If you looked at HR systems like Gusto or Rippling for example, there were no APIs to pull the data that you needed as part of the compliance process. AWS didn't have a robust suite of APIs to pull evidence. But as technology and APIs evolved, automation became much more possible in the compliance process. Over time, that allowed Secureframe to automate so much of the compliance process that it’s now about three to four times faster than it was a few years ago. What do you love about your team, and why are you the ones to solve this problem? What do you love about your team, and why are you the ones to solve this problem? SM: When we were first building Secureframe, many of the big auditors told us that automating compliance was not really possible. They believed that the complex and nuanced nature of compliance tasks made them unsuitable for automation. However, my team and I thought otherwise. We realized that many of the manual tasks we were doing, such as screenshotting an AWS dashboard or a GitHub repo to pull down information, could be streamlined through automation. Despite the skepticism we faced, we were convinced that with the right approach and technology, many parts of the compliance process could indeed be automated. We recognized that the belief that it couldn't be done was more of a preconceived notion rather than a fact. Drawing from our experiences at previous startups, we knew that other companies were facing similar challenges and were actively seeking automated solutions to simplify their compliance efforts. This further motivated us to develop Secureframe and provide the much-needed automation in the compliance space. If you weren’t building your startup, what would you be doing? If you weren’t building your startup, what would you be doing? SM: I would definitely be interested in building something in cybersecurity. Cybersecurity and AI are probably the two fastest-growing spaces in software technology today. Cyber threats will continue to evolve and get more complex. There will always be bad actors out there and you will always need good cybersecurity products and tooling to fight those bad actors. I think there are an infinite number of opportunities in cybersecurity. Secureframe is where I'm focused right now, but if I were to do anything else, I would almost certainly work on something at the intersection of cybersecurity and AI. At the moment, how do you measure success? What are your metrics? At the moment, how do you measure success? What are your metrics? SM: Every company has one key metric that they're evaluated on. For most venture-backed companies, it's revenue-focused. For Secureframe, the number one metric we look at is ARR (annual recurring revenue). The next big one is NDR (net dollar retention), which is the number of our existing customers that are growing and expanding. Our third most important metric is NPS (net promoter score), which measures the happiness of our customers. And the fourth most important metric is CAC (customer acquisition cost) payback period. For example, if I had $1 billion to spend on marketing, I'm sure I could increase our growth rate a lot, but there would be no constraint. So, we aim to spend marketing and sales money in the most efficient way possible in order to generate more revenue. That’s one reason why CAC payback period matters, because it puts an efficiency cap on your resources. In a few sentences, what do you offer to whom? In a few sentences, what do you offer to whom? SM: Secureframe's platform helps organizations achieve and maintain compliance with standards like SOC 2 , ISO 27001 , HIPAA , and NIST frameworks to name a few. We automate risk assessments and monitor third-party vendors' compliance status, ensuring they adhere to necessary security and privacy standards. Our platform also streamlines internal risk management processes, including identifying vulnerabilities, implementing controls, and continuously monitoring for nonconformities. We assist companies in preparing for audits and our customers range from startups to large global enterprises, with our platform flexibly adapting to their specific compliance needs. SOC 2 ISO 27001 HIPAA NIST frameworks What’s most exciting about your traction to date? What’s most exciting about your traction to date? SM: The thing we're really excited about is the traction we're seeing with enterprise customers. Most enterprises still have the same problems with security and compliance that they’ve always had — the process is too slow and very manual, and they need deeper levels of automation. But there are so many frameworks and regulations that they need to comply with. The problem is just much bigger than it is for smaller companies, but it’s one that Secureframe is able to solve. Where do you think your growth will be next year? Where do you think your growth will be next year? SM: Our biggest growth goal is to double our revenue year-over-year. Tell us about your first paying customer and revenue expectations over the next year. Tell us about your first paying customer and revenue expectations over the next year. SM: Our first paying customer was actually before we even had an MVP (minimum viable product) built for Secureframe. We were exploring a couple different ideas within security and I started asking people in my network if they would be interested in tools to automate some of the SOC 2 process. And a bunch of people said yes, but we didn't really know how serious they were. Our first customer called me back a month later and asked where the product was. I said, "Oh, I didn't know you were that serious about it!" So, I quit my job that week and started building the MVP for what is now Secureframe. We got the customer done with their SOC 2 and they were incredibly happy. And that was the impetus for why we decided to focus on this idea — clearly it was something people needed. We had 40+ companies on the waitlist by the time we actually had an MVP that we could utilize with all these customers. The moment we launched it, they started to pay us. Over the next year, we plan to double our revenue. What's your biggest threat? What's your biggest threat? SM: I think if we don’t get ahead of it, AI could be one of the biggest threats to both software and cybersecurity. But if we get ahead of it, it will be one of the biggest opportunities. At Secureframe, we're utilizing AI where we think it'll really help our customers, which we believe is risk remediation and vendor management . We’re using it to make the whole compliance process even faster and easier. We also support a broader range of frameworks, including the NIST AI Risk Management Framework ( NIST AI RMF ) and ISO 42001 , enabling teams to automate their compliance protocols. we're utilizing AI we're utilizing AI risk remediation risk remediation vendor management vendor management NIST AI RMF NIST AI RMF ISO 42001 ISO 42001 Get Interviewed by HackerNoon via the Startup Founder Template Get Interviewed by HackerNoon via the Startup Founder Template
