Austin’s Journey To Simplifying Digital Compliance With Laika!

This podcast will unlock the secrets of successful SaaS businesses. INSIDEA’s Founder and CEO – Pratik Thakker, will talk to Austin Ogilvie about building Laika.

We’ll delve into the strategies and tactics that paved the way for their success. So join us as we explore the world of SaaS and learn how to unlock the potential of your own business.

You can watch the full episode on INSIDEA’s YouTube Channel as well as on Spotify. But if you are into reading more than watching, HERE YOU GO!

Pratik

Welcome to SaaS Unlocked. I’m thrilled to introduce our guest, Austin Ogilvie. Austin is the co-CEO of a compliance platform that empowers the fastest-growing companies to compete with larger organizations. Again, I cannot just introduce Austin in just two sentences. I have a great description of him because he has achieved so much in his career, with years of experience in developing and scaling successful companies. Austin has gained a wealth of knowledge and expertise in the tech industry. So today, he will share his insights and provide valuable advice on how startups can stay compliant while scaling their business with automation.

Austin is an avid Bluegrass fan and whitewater kayaker, which speaks to his diverse interests. So get ready to learn from one of the brightest minds in the industry. Please join me in giving a welcome to our esteemed guest. Welcome, Austin, to SaaS Unlocked.

Austin

You’re too kind. Thanks so much for having me. I’m excited and appreciate coming on.

PratikAustin, there is one thing I’d like to bring up. I think you launched in 2019. And in no time, you raised almost a hundred million dollars in Series C Round, right? So introduce us to Laika. Tell us the backstory about your Co-Founder. What inspired you guys to launch Laika?

AustinYeah, sure. Laika is a compliance automation platform for digital companies to monitor their security and privacy controls in real-time. And for streamlining enterprise vendor security assessments and undergoing IT audits like SOC 2 and ISO 27,001 High Trust. There’s a myriad of different digital compliance standards and Laika. Companies take charge of all of it and manage it in one place.

PratikAmazing. So tell us more about the Co-Founders. How did you meet them? Just to add a personalized element to your LinkedIn life. People would love to know your journey and how you started and became successful in just three or four years since you began.

AustinYeah, sure. So, I have two Co-Founders, Sam and Eva. Sam and I both come from enterprise software backgrounds. We previously built two different startups.

Sam’s was an InsureTech company. It was like point-of-sale insurance where you could buy a policy on a drum set at Guitar Center. My company was a data science company called yhat. And both he and I encountered these enterprise securities vendor assessments, and IT audits as enormous stumbling blocks in our prior lives as operators in our first companies.

Sam had a certain level of instinct, given that he was in the insurance world. Meeting the requirements of big retailers and insurance companies was a day-one investment he needed to make from a compliance perspective. That being said, it was a very long process trying to get through SOC 2 audits that took many months, taking engineers off of writing revenue, generating code to write information, security policies, et cetera.

That was outside a regulated space specifically. Still, as we took the product to market with bigger companies, we encountered this as a major growth obstacle later in the game.

But in both cases, he and I became very intellectually and commercially interested in this problem. The side of the vendor was Eva – totally different profile. She was a managing director at Citigroup for 20 years overseeing cybersecurity, governance, and third-party vendor risk management. Essentially the entire institutional side of the bank’s digital compliance rolled up under Eva. So she had seen the movie from the other side of the table for a long time. The bank was trying to deploy significant R&D sums of dollars and needed help with new vendors. And she was inspired by what she saw in the FinTech revolution in 2014.

She left Citigroup to start a boutique consultancy, helping these internet companies a lot. My company and Sam’s Company meet these requirements. Understand what the market expects of third-party vendors, particularly software vendors, and what regulators insist upon for the same. And we got introduced through mutual investors, well now investors, then just VC friends in late 2018. And then it was an entrepreneur’s love-at-first-sight situation, I think, for all three of us. We were going to build something together; it was a perfect team-up opportunity.

Given that Sam and I are product guys, we know how to build stuff but had yet to come to this problem from years of compliance experience ourselves. So Eva brought that to the table, and we just got going. We incorporated it in the summer of 2019 and wrote the first lines of code. So we’re coming up on four years.

PratikBeautiful success journey so far, and I hope you’ll take over the market in the next few years. Automation has been an increasingly critical component of modern business operations. So in the last four years, you know, we are seeing trends in AI and automation. How do you consider the key factors that contributed to your success?

AustinYes, there’s a lot to say about this. So there’s an old, sleepy, tired software category called GRC – Governance, Risk, and Compliance. Suppose you can imagine a compliance team at a big bank or a hospital. They sit down at their desk in the morning. GRC is the software that they’re using historically to do their job. And several evolutions, in particular AI and automation, get us excited about dramatically changing the way compliance professionals do their work. The first is the massive adoption of SaaS tools and cloud infrastructure and the API application of virtually everything.

Today you can programmatically access a lot of the metadata and any other operational data related to compliance in a way that would be only accessible manually by somebody, literally going in and reviewing and reading something. But now there is just an explosion of digital exhaust available for real-time monitoring and doing a lot of the compliance legwork as an expression of code programmatically. In contrast, you just could never have done that in the past. And that provides several benefits; first that there aren’t enough compliance professionals familiar with these digital standards, so as an industry, we need to equip those professionals that are out there with the best possible tools to do what they need to do quickly.

We also need to reduce the likelihood of errors in this domain. A lot of this stuff can be very dense or complex to a layperson or someone unfamiliar with many concepts. It feels a lot like jargon and you may not understand everything. All of that adds up to the high probability that mistakes can get made, and edge cases can happen behind the scenes that you don’t know about.

So automation is an incredible lever, in that the robot doesn’t miss things, right? If you design automated compliance checks in a way that is comprehensive, you just set it on autopilot and it’s behind the scenes, which gives a lot of peace of mind to regulators, security teams, and so forth.

Pratik Excellent. So you’ve been in the startup world for a while, right? And when you are working on a product at the very initial stage of your journey, and you are trying to get that first 1000 customers, 500 customers, whatever it is. The startup has to grow at a certain speed. 20%, 30% month-over-month growth. How can one implement automation to focus actually on the product side of things and scale in capturing the market? How do you see automation, and stay ahead in the competitive landscape that we have?

AustinWell, just generically speaking about the building of products. You want to offload all of the things that are unrelated to the intellectual property or the novel solution that you are, are trying to bring to market. For most companies, unless you’re building, say a payroll company, it’s best to work with a provider like DEAL or Rippling, or Justworks, right? Similarly, you find all kinds of interesting tech-enabled service providers that are making it a lot easier to create startups. Back-office tools like Carta and Pilot and Accounting. These are ways for the average software team to become a proper business instantaneously, turnkey, which is precisely what we’re trying to do for our customers.

With respect to digital compliance, the people that are revolutionizing, PI Pet Science in the laboratory or inventing the next Slack, or Discord chat experience or building the next Miro workflow collaboration platform – they don’t also need to be spending all of their time on all the other things that they may not be familiar with, and that certainly don’t specifically create the enterprise value as part of the solution that they’re getting out of bed every morning to work on. So finding those opportunities is huge. And the scarcest resource of all is time.

I want my engineers to think exclusively about digital compliance problems and how to solve them in elegant ways and create great experiences for our customers, specifically with respect to compliance. I don’t want them reinventing the wheel on all kinds of other stuff that isn’t core to that mission.

PratikAbsolutely. When you talk about all of these tools, let me just have a word about outsourcing. Insidea is a leader in this space in terms of helping companies outsource remote talent, and we’ve been here for a while. How do you see outsourcing impact your business growth? And specifically some tasks that cannot be automated. It requires human intervention and that task can be given to someone else. For example, it can be customer support, or it can be the other side of the business. Even development. So how do you see that fit into your automation or scaling strategies?

Austin Well for starters, we’re all Zoom children now. The pandemic sent every company into a remote-first, or, at a minimum, a hybrid, remote situation faster than would’ve occurred naturally. And I think it’s fair to say whatever relationship we all wind up having to physical offices will be different than it would’ve been 2019 and before. And that unlocks a lot of exciting opportunities for remote collaboration.

From the very beginning at Laika, we got going in the summer of 2020. My senior director of engineering, he and I have worked together for 13 or 14 years. He’s a Costa Rican guy and employee number one. He hired all the engineers for the first three and a half years. And we just knew we would be a substantially remote company. And, of course, the pandemic hit, and those of us in the United States had to change our work. But we already had committed culturally to have a substantial portion of our workforce, namely the software engineering team, mainly in Costa Rica but all over pan Latin America.

And so, from our side, we’ve just embraced hiring the right people wherever we find them. And we’ve applied that same thinking when thinking about contractors who are part-time. We work with all kinds of digital agencies on different things. And we get a lot of leverage out of that. And I’m not unique in this sort of thinking. I talk to CEOs all the time who are making very similar choices to invest in a certain way and find very talented specialist organizations to help them create leverage in things that are not core to their business.

The last thing I’ll speak to on this particular question because you mentioned automation. Specialists across all different domains are going to be increasingly equipped with very domain-specific workflow tools that are powered by AI. That could be document extraction stuff and processing data, all the way through copywriting. So the creative field overall will change. Humans, in my view, will become drivers. They’re not going to disappear.

Pratik Since we are talking about AI and chat, I asked Chat GPT – I’m going on a LinkedIn live event with Austin; here’s the topic. Can you give me 20 questions on what I can ask Austin? It came up with questions that I can ask you. If I had somebody work on it, it would take two or three days for a person to come up with questions and answers to this. Chat GPT can do it in two to three minutes, which is fantastic. I’m very bullish on AI incorporated with all of the work that we’ve been doing, so I completely agree with that point.

We have some questions from the audience. If you are listening live and want to ask questions to Austin, feel free to put them down in the chat. I’ll take the question along the way.

So Austin, from your perspective, can you list three effective tasks to automate and scale? It can be automating repetitive tasks, using some tools you mentioned, or leveraging AI, which can be very effective for scaling businesses.

Austin Document processing and data extraction have come about recently. Some of these tools are for labeling named entities and finding particular pieces of content hidden in everything from public documents in PDFs on various websites to underwriters looking at loan documents, financial statements, and stuff like that.

The tools for processing that and converting it into structured data are unbelievable. A lot of stuff will change concerning anything that involves emailing PDFs around the internet. In the creator space, for sure, there will be like you said, prompts for copywriters, which will dramatically increase their productivity.

And in our world, there’s a lot of documentation concerning vendor compliance in enterprises. So we think a lot about how we can improve the process of an enterprise procurement team—evaluating the security measures of the vendors that they trust to do business with.

Take JP Morgan, for instance. They have something like 5,000 vendors. Almost all of them are software vendors, and each must be assessed at least once yearly. And indeed, initially, part of that is a human has to read every policy these companies have, concerning securing systems. So these document extraction capabilities are front and center for us when we think about improving the process of bringing new technology into a big company like that because it’s such a time-saver.

Pratik Absolutely. Let’s talk more on the rapid scaling side. As an experienced entrepreneur, you can shed some light on how businesses can use techniques or strategies you mentioned to hyper-grow their business. Let’s say a company started with Seed Round and wants to go Series C Round in three years. From your journey, what are some things that you can share with the audience?

Austin The biggest part of the answer is you are building something that people actually want to use. There’s quite a lot of discussion in startups, venture capital, and ecosystem about product market fit. It is a phenomenon worth paying attention to because until you have a product that can be sold not just by you at an excellent task, at great expense, but by anyone, you might hire on your team. A product that a company can purchase without a great deal of customization. You aren’t even ready to answer your rapid scaling question. The first bit is, do you have a product that matches the problems elegantly that your customers have? Once you have that, you can think about which sales channels will work. Is this a product that is bought, or is this a product that is sold? Where are your customers hanging out? Are they at conferences or on Twitter? And the rapid scale question certainly depends on what it is you’re doing. We chose to start with our core audience. From 2019 to 2020 largely venture-backed digital companies, particularly FinTech, InsureTech, and digital health companies operating in a regulated space tended to come with a certain level of instinct. Compliance being essential for them, we saw the already significant tailwinds behind SaaS adoption of cloud adoption at enterprises. So they just got it and dialed up to the max.

The pandemic sent everybody home. So how do big companies adapt to that environment when they used to be all in the office? Well, you have to buy a lot more software, which really accelerated our business as a total macro adjustment where there are just vastly more risks being taken on through the mass adoption of these tools.

So our customers were underwater with respect to these assessments. Now you can’t induce a pandemic. But looking at trends like this and being able to react and adapt to them and take advantage of whatever opportunity there is with respect to the overall climate and atmosphere in the macro environment is.

Pratik There’s a question from the audience. What factors can be automated for digital compliance when enough is not enough, and digital risks are too much?

Austin So many of the digital compliance controls are bound up with people, processes, and training, and many of them are bound up with technical configurations. So concerning our customers, they log in to Laika and connect all of the tools that they use to run their company. So you’re connecting GitHub, all of your AWS products that you’re using, as well as your HR system and various tools related to how your company handles data.

And then behind the scenes, what we can do with that information is alert our customers – “Oh, one of your software engineers has pushed code and merged it into the main branch without having undergone a code review.” That’s the kind of thing that when you’re going to market with a big company or if you’re handling PHI, it’s a set of laws. You have to be doing certain things demonstrably to meet these requirements. So you can automate the process of checking that all of these activities are indeed happening, and you can automate the process of remediating many of them too. So if Laika detects some problem, it can alert your team to take action. And in some instances, it can take action itself.

Pratik When you talk about this specific topic, how does this challenge impact the operation and growth side? It could be more specific on the overall problem statement here for businesses, which leads them to face challenges on the growth side.

Austin I’ll work from an analogy or an anecdote. JP Morgan, as I said, has 5,000 vendors. If you’re trying to be one of those vendors, you’re trying to sell into that company. You should be aware that they have a very advanced risk evaluation process for vendors. They classify you. That’s the first thing they do into different risks – negligible, nominal, low, medium, high, and critical- depending on which risk tier they classify you. That will dictate what level of assessment or review they do of your technology, and that could be everything from not doing any checks at all.

If you are a food vendor, they won’t ask you to demonstrate that you have encryption standards. This doesn’t make any sense, obviously. On the other hand, if you’re deemed high-risk or critical risk, you are constantly audited by the JP security team, which is a go-to-market problem. So, yes, it’s a risk mitigation problem because that’s fundamentally why JP Morgan or any of these big companies do this. After all, they have colossal brand risk. They have enormous sums of customer data. It could be a total catastrophe if they let a particular vendor in that represents a severe technical weakness or operational weakness that opens them up to true cybersecurity risk or just bad acting by accident. So you want to be in a position not to be that company at all for reasons that are, are self-evident. But you also need to connect it to the growth question, which is if you want to be inside JP Morgan or Yale New Haven Hospital or Delta Airlines, they’re going to ask a lot of things about your security controls, your data hygiene, et cetera. So it’s both a bottom-line thing and a top-line thing for software companies.

Pratik Thank you for sharing that. As we go further into this conversation, let’s talk about the problem statement – the growth statement. Implementing this automated complex solution. What steps are involved when somebody’s looking to implement this security or compliance?