How Scott Price of A-LIGN Approaches Cybersecurity And Compliance In The New Decade

Scott Price: Cyber security we know it's going to happen, it's not the if but the when happens. You do see it continuously getting more exposure at the board level.

Dave Knox: I'm your host, Dave Knox. This is Predicting the Turn, a show that helps business leaders meet their industry's inevitable disruption head on. Welcome to another episode of Predicting the Turn. Today I sit down with Scott Price, the founder and CEO of A- LIGN, Scott welcome to the show.

Scott Price: Thanks for having me, Dave.

Dave Knox: Awesome, I want to dive in starting right with what A- LIGN is. Can you tell the audience a little bit about the company?

Scott Price: Yeah, I think it really hearkens back to why the name A- LIGN, our focus is to look at companies, where they're going from a strategic perspective, those growth targets usually tie in some type of compliance objective they need to have. A-LIGN's focus is helping those companies comply with different regulatory and information security standards globally.

Dave Knox: I really love your journey that you've been on as an entrepreneur and I think it's one that's really inspirational to a lot of folks. Can you tell a little bit about that journey and where you led to today?

Scott Price: Yeah, it's been a journey with a lot of mistakes and a little bit of success but a lot of mistakes. I started my career at Arthur Andersen, quickly saw the fact that financial audit was not the end all, be all in that technology in the late 90s was coming about. I focused on auditing security around technology controls, clearly Enron occurred, Andersen went under in 2002. I was 26 years old and started my first company, focused on doing these type of audits, told everyone I was in my 30s because who picks up a 26 year old to do this when you're inaudible. That was a great journey. I grew that company until 2009 to about 11 million in revenue and saw there was a broader aspect to this, there wasn't just going to be one standard on security but healthcare, dealing with the federal government, dealing with private card information, PCI, things of that nature. I started A-LIGN to really broaden the horizons in 2009 and now we just, I guess celebrated our 10 years in 2019.

Dave Knox: I want to dive in a little bit more about that change that you've seen. Audits were a thing you used to just have to do and it was just required every year. Today you have cyber security and compliance and all of these changes. What do you think that's doing to the world of business over the last decade of how compliance has changed?

Scott Price: I think compliance really allows businesses to trust each other. I talk about the fact of what we do allows businesses to trust and respect each other. They want to be able to trust businesses back and forth of sharing data and us as consumers, we want to make sure our companies respect the data that we give to them. A- LIGN's focus on having a very broad framework of how we attack those from a security controls perspective, I think really adds value to our clients because they see the fact that they can either raise funds, do business with a new company, move upstream or really just improve their business because let's face it, having great cyber security controls in place is going to mitigate risk and make your company more successful.

Dave Knox: On that note, you've seen security really change over the last decade where it went from something that happened behind the scenes to something that's often making headlines.

Scott Price: Yeah.

Dave Knox: What is the state of security as we kind of enter the next decade?

Scott Price: I still think everyone talks about it's moved from behind the scenes to the board room and it's become a board room discussion. Security is still not the place where we say okay, if we have a dollar to spend on sales and marketing or we have a dollar to spend on security, we're going to choose security. We're going to consistently choose growth metrics and growth dollars over the fact that these are things that could happen. Let's face it, with cyber security we know it's going to happen, it's not the if but the when happens. You do see it continuously getting more exposure at the board level. I hopefully see the dollars will come about more and more as fines incur, people lose major customers, you lose a supplier because of the fact that you've influenced their cyber security environment.

Dave Knox: There's really two sides to every coin then. When you think about this value of investing a dollar in security or a dollar in sales and marketing, how you decide how you separate those two and divide them up?

Scott Price: Well clearly we're biased as the cyber security provider but we feel that the ability to spend dollars to demonstrate compliance with cyber security regulations or improve the business, really will allow sales and marketing to drive further. We found that 66% of our client base is taking some type of series a funding or greater. They've done that within 160 days of hiring us. We've seen the fact that they will get the funding and then want to move up market so they'll need to build these security controls in place or they'll be looking for the funding and they'll want to make sure that they have the best security controls as they go through due diligence. So many private equity and strategic buyers are part of due diligence, are looking at the compliance framework. It's becoming a bigger, bigger issue I think as you see deals happen.

Dave Knox: Is there a way to kind of measure an ROI then when you think about security?

Scott Price: I think the ROI is more if you don't do something. You have to do it. People continuously underestimate the risk of bad things happening. I go back to Big Short, the movie Big Short and they talk about those two guys. They always, they got great investments because people don't think that bad things are going to happen. They always undervalue it. I think it's hard to put a dollar exactly on what the ROI is. I think it's more along the lines of how it drives the sales and marketing aspect which you can put a dollar on that. I think it's easier to measure the growth than to measure the penalty.

Dave Knox: We mostly think of compliance and security as an IT responsibility which you know they definitely are. It sounds like what you're saying is it's moving closer to being something the CEO needs to care about, the CFO, the marketing, the sales team. How do you think about that role of cyber security and security as a whole becoming more horizontal versus vertical?

Scott Price: There's an often used phrase that they say cyber security is a team sport. It really is. We see the fact that sales and marketing is continuing to look at their competition and to say, hey when we look at our company our competitors have these types of certifications, these assessments performed. We need to do the same thing to be able to compete in the marketplace with them. We see it happening more and more driven by sales and marketing and then it becomes a responsibility of implementation maybe of IT or operations. We're seeing more and more the driver inaudible part of sales and marketing process that we were speaking about earlier. I think that allows it to have some more visibility and not just in the closet with IT.

Dave Knox: On the flip side of those are all where you have nice organizations built and functions and everything else, you mentioned that a lot of people you worked with have been ones that raised series a, high growth, young entrepreneurs, founder driven. As a founder yourself, how do you coach and think about entrepreneurs engaging with security early on and planning ahead versus reacting?

Scott Price: I think your point of planning ahead versus reacting, when you're in a start up mode you don't have time to go back and redo code, redo processes and procedures. You want to build those controls that are required for these cyber security regulations into the code, into your processes because you're moving so fast. We really get excited when a CEO calls us of a start up and he or she is engaged with us before they've even been asked for the audit or the assessment, before they've even building their application they just have this idea, that's where we can have the most impact because it's not going back and retooling a process or figuring out, you have this process a in here, we need to come in and retool that and it doesn't even look like the same process anymore, instead let's understand what works for you all at this stage and you all can grow into that process as well. For us, the value that we get derived of interacting with what we call start up Steve and that buyer persona is really fascinating for us.

Dave Knox: Talent is a big part of Predicting the Turn. As we talk about talent, I wanted to mention one of our sponsors, Hunt Club. Imagine the power of the best marketers in the world helping you to find your next marketing leader. That's the power of Hunt Club. Hunt Club is a new category of talent company that powers the network of experts, connectors and business leaders to help you find the best talent. Let's face it, recruiting hasn't changed with the times. Hunt Club is changing the recruiting game by leveraging technology and crowd source referrals to find you the best people possible for your company. Stop paying job boards that don't work or recruiting firms that recycle the same active candidates. Partner with Hunt Club. With that, start up Steve as you call it, what are you finding is that founder that's asking that? It is maybe more of a technical founder that understands this, is it a business founder, what are you finding?

Scott Price: It's typically a founder that came from a large company that he or she had to go through that process at their larger company and to retool their processes, it really bogged their teams down. They recall that. That's the whole thing about aligning a strategy where the compliance objectives are going. One of the reasons why when the start up Steve calls in and they're focused on this sort of the front end, it's usually because they had to retool their process as a larger company before and they remember that pain. They want to instead partner with us early on to be able to not have to experience that pain.

Dave Knox: That's from people that have experienced the pain. What about those that haven't? How do you get that I'm going to change the world, I'm building this great product and you get them to think ahead, what are you telling them of the why and the how?

Scott Price: I think the biggest thing is to try to relate to them of where their objectives are and how we can fit into that and get them there sooner. They want to be able to get to market, they want to be able to acquire new customers and for us to be able to tell them if we partner now, we'll be able to do that with you in a much easier format, take you to market quicker and be able to achieve whether it is this series a or b or later rounds that they're looking to do, I think that's the thing that we're able to talk about is from the experience of our 24, 000 clients, most of them that started out in this SMB market as a start up, that we're able to go with our experience and share some clients with them, even share some references so they can understand why it's so important to do at the start up phase rather than building processes and having to retreat.

Dave Knox: That's awesome. I want to talk a little bit about the journey you've been on as an entrepreneur. We started and you talked about going to Arthur Andersen, at 26 starting your first company and now you've got a company with A- LIGN that has over 2, 400 clients. What have you learned as kind of the lesson that you wish your 26 year old self had known when you started that first company?

Scott Price: I think the biggest thing that I've learned is I wish I would have focused more on how to be a good leader and be a CEO and invest in our people early on. I think I constantly hear you've built this great company in A-LIGN, we don't sell a widget, we don't sell a car. We sell our people being experts in their industry and being able to go out and interact with our clients. We've invested tremendously over the last few years, as we received our investment from FTB in our people, with training and also in our technology. Those are some of the things that I wish maybe I had done earlier and maybe raised some capital earlier, be able to do that because we've seen the dividends of that pay off, that it's something that I wish we had done, the acquisition with FTB in 2018. If we had performed that in 2014 we might be 10 times where we're at now.

Dave Knox: There's a concept I have it's called continuous beta and it's all around the fact that companies and people always need to be changing and evolving because the game is going to be changing that you're playing. How do you think about that in your professional life when you're sitting at the edge of cyber security, something that's moving so fast, how do you stay ahead of where things are going and develop?

Scott Price: We have four values and one of our four values is innovate constantly because we firmly believe that our clients want us to innovate and be on top of what we're doing because they've chosen us as their trusted provider to be able to do that. I think the interesting thing is for someone that wants to grow and be pushed to the limit, this is the best feel. This is what I love to do is constantly learning about new attack techniques that hackers are trying to do. The great thing is the hackers get worse every day and we have to get better to be able to support our clients. Standards change every day because cyber security threats change every day. This is probably one of the most interesting industries that allows us to have these constant changes, to keep it interesting. People don't say I've been pigeon holed in a certain standard. That standard is constantly evolving. Our client's risk is constantly evolving, the technology behind what they're doing is evolving. This makes this very interesting and I always say we don't sell black and white TV's, we're in cyber security it's constantly evolving.

Dave Knox: On that innovate constantly being one of those core values, how do you get that double sided of innovating constantly for yourself as a person and employee but then also getting the company to innovate constantly?

Scott Price: For me personally the innovation is how I continue to lead the company, make sure everyone understands our vision, everyone is rowing the boat in the same direction at the same pace. That is my focus to inspire the employees here to want to innovate constantly. How do we ensure that we're innovating constantly at the right, on the right things? Due to the fact that by trade I'm a CPA, I'm an accountant so numbers matter. When you think about innovation you want to innovate things that have the greatest return for us. The greatest return for our clients, it's going to either help with employee retention, client retention, allow us to provide more assurance to our clients to inaudible work or allow our employees to be able to complete their work in a more efficient manner. When we tie these ROI metrics around the innovation projects that we're looking at, it allows us to have a priority order around them. I think that's the thing that I want to provide an environment and grow as a leader where people understand the vision of the company, they understand how their innovation can help drive that vision and then my job is to ensure that we're using our resources wisely of people and dollars to accomplish what we need to most, is the innovation and be able to prioritize that through ROI is the metric that we go after.

Dave Knox: One of the places and things that I love about A- LIGN as a company is you built this company in Tampa and Tampa, Florida sometimes isn't thought about as a start up hotbed. You're helping to change that. Why did you choose to build such a leading edge company not in a San Francisco or in a New York or a Boston but in an emerging ecosystem?

Scott Price: I think Tampa is a great place to raise a family. I grew up in Clearwater. Coming back here, I think again as sort of the founder ego that you believe you can build anything if you put enough grit behind it and enough passion for it, I think it's this perseverance that the CEO's around here in the Tampa area feel. Maybe it's a little bit of a chip on our shoulder and I get constantly asked don't we want be like Austin or Atlanta and I say no, I want to be the best Tampa. We're a unique ecosystem as you outlined. For us to be able to be the best Tampa is what we're driving for. We do have great resources here but then we have the ability to attract resources from outside the state and then how do we have the right infrastructure here to keep them where they don't go back to Chicago or New York or Boston but they want to stay in Tampa because they feel the tie to Tampa, not just a tie to A- LIGN.

Dave Knox: Love it, well it's always a pleasure sitting down with you Scott. Thank you for taking the time and congrats on everything you've built with A-LIGN.

Scott Price: Thanks so much Dave, I enjoyed it.

Dave Knox: Thanks so much for listening. If you like the show hit that rating and make sure to subscribe so you don't miss a single episode. For more resources, head over to Predicting to Turn dot com.