Meet Craig Unger – Making Compliance Operational with Hyperproof
Today we have selected Craig Unger to take his interview. He is the CEO and Founder of Hyperproof.
First of all, how are you and your team doing in these COVID-19 times?
I want to share a quote from my end-of-year press release: While the times have been incredibly challenging, the Hyperproof team perseveres. Given all the challenges in the world around us, we are not complaining. Rather, we remain satisfied with our progress, very excited by our mission, and extremely focused on moving the company forward. We’ve also decided to make our company fully remote in 2021 — after realizing that our team can collaborate very successfully while being remote.
Tell us about you, your career, how you founded or joined this company?
Hyperproof officially started in 2018, but its story begins years ago with my work at Microsoft. In one of my roles there, I was tasked with developing Microsoft Passport, one of their largest and most critical cloud services. However, due to objections made to the claims of our service’s security, independent organizations filed a complaint with the Federal Trade Commission (FTC) to investigate the company. After almost a year, Microsoft and the FTC agreed to a set of remedies that included intense and comprehensive auditing of Passport services. These audits were so disruptive that they effectively halted all progress on our product development efforts. When I left Microsoft to co-found Azuqua, a company working in cloud and integration workflow, I was again faced with compliance challenges.
First, we were barraged by complex spreadsheets and questionnaires relating to how we designed, built, and operated our services. After filling out the 200-question reports dozens of times, our startup of about 20 employees began pursuing SOC 2 Type 1, SOC 2 Type 2, and eventually GDPR certifications—which also took a lot of dedicated time to complete. After I finished my work there, I reflected on my experience being involved in compliance work.
Whether it was a huge company like Microsoft or a startup like Azuqua, the approach to managing compliance work was the same: the team used an assortment of tools centered around emails and spreadsheets. The process was manual, error-prone, redundant, and universally reviled by our team members. It seemed clear there must be a better way. In essence, Hyperproof was born out of my experience with the same struggles many compliance and security practitioners face today.
How does your company innovate?
I value our company culture because no matter what role each person is in, we’re all thinking about our customers and how each individual can contribute to the customer experience. We like to start with customer needs and work backward. We’re also a collaborative team; we prioritize succeeding as a team and an organization over-optimizing for individual objectives.
How the Coronavirus pandemic affects your business, and how are you coping?
As a fast-growing startup, the pandemic enabled unique challenges for our team. Safety was our utmost priority, so we opted to keep everyone from coming early to the office. Then, we began to interview, hire, and onboard remotely. Since then, Hyperproof has more than doubled in size. While it was difficult to adapt initially, I was proud of how our team created new strategies to keep the company thriving virtually.
Based on the feedback of our current staff, Hyperproof’s leadership team decided to become a remote-first company, meaning that we will stay remote even after all restrictions have been lifted. To help other organizations as well, Hyperproof offered our continuous compliance software subscription at no cost.
Did you have to make difficult choices, and what are the lessons learned?
Not in particular.
What specific tools, software, and management skills are you using to navigate this crisis?
We have relied upon collaboration and remote-friendly productivity tools to keep everyone productive and facilitate 1:1 and group communication among team members: Zoom, Slack, virtual brainstorming tools—and setting expectations and norms around using these tools. We’ve leaned into being empathetic, being cognizant that our employees are dealing with potentially challenging situations at home during this time. We’ve emphasized that we want to give people the flexibility to work when and when they want.
Further, we’ve implemented new benefits to acknowledge that people are prone to burnout during this time—so we’ve started offering our employees a stipend to spend on wellness activities. We’ve also gotten our managers and our culture committee to intentionally foster a sense of belonging when team members don’t see one another face to face; we have come up with virtual events for team members to get to know one another have fun. Staying in touch with our team members; having a pulse on their evolving needs as the pandemic continues has been critical during this time.
Who are your competitors? And how do you plan to stay in the game?
ZenGRC, Vanta, Drata, LogicGate. It’s a hot space, but we are confident in our strategy and direction. Security programs, compliance programs, and risk management programs must evolve as organizations change, as threat vectors change, as an organization’s vendors change, as technology changes.
Today, compliance professionals have difficulty maintaining controls that effectively mitigate organizational risks because changes are happening fast. We want to be the best operational platform for security, risk, internal audit, and compliance professionals to do the ongoing work needed to keep their organizations safe.
The ongoing operations work (e.g., reviewing controls, collecting evidence, testing controls, working with business stakeholders to improve controls) is heavy. This is where we want to focus. The GRC market has become more crowded over time, with some of the software companies have raised a significant amount of capital in 2021. We must continuously innovate and approach all that we do by keeping customer needs, preferences, and behaviors at the center of it all.
Your final thoughts
- Spokesperson: Craig Unger
- Company: Hyperproof
- Website link: hyperproof.io
