Why SMEs need strong security and compliance now more than ever

27 Apr 2023

Paulo Rodriguez. Image: Vanta

Paulo Rodriguez, head of international at Vanta, discusses the importance of having strong security and compliance in the SME landscape.

Paulo Rodriguez is head of international at Vanta, a company specialising in automated security and compliance. After spending the first 10 years of his career in technical roles, mostly in cybersecurity, Rodriguez pivoted to sales and joined Google in 2011 to help build the presales team of the then nascent cloud business.

In his current role at Vanta, Rodriguez is responsible for building the international team, helping companies build better security programmes, and automate and streamline their compliance efforts.

We help businesses get and stay compliant by automating the collection, then continuously monitoring their systems and tools to improve and demonstrate the overall security and compliance posture.”

‘It is always easier to deliver to a plan that you built than one that is given to you without an explanation’

What are the biggest challenges facing your sector and how are you tackling them?

SMBs [small and medium businesses] and scale-ups are bearing the brunt of the economic challenge, having fewer reserves to draw on than enterprises. To succeed through a volatile and unpredictable situation, they must focus on becoming strong and agile through enhancing their security and compliance controls.

At Vanta, we tackle this challenge by helping companies achieve and maintain compliance faster with less spend and effort.

With strong security and compliance, SMBs are better able to withstand cybersecurity threats, which the UK’s National Cyber Security Centre class as “the most significant threat facing citizens and small businesses” in its Annual Review 2022.

Reaching and maintaining a strong security posture and relevant regulatory compliance ‘de-risks’ the business, and is part of creating efficiencies that streamline operations, saving staff time and money on the bottom line.

What are the key sector opportunities you’re capitalising on?

Digitisation is accelerating and security and compliance are growing more complex. Every company has a strong regulatory, legal and commercial need for security and compliance, with loss of trust being extremely costly. With regulatory bodies regularly updating and creating further regulation in reaction to social and technological pressures, more digital organisations increasingly fall under their mandate. Each one will, for compliance as well as for stability, reliability and profitability, require surety in their own security and compliance, and the ability to prove it to third parties.

As a result, Vanta is growing fast among SaaS innovators who need to enhance and prove their security and compliance status to their enterprise customers – and shorten sales cycles. In 2022, we nearly doubled its customer base and we now serve over 5,000 companies across 58 countries, while expanding our global footprint with offices in Australia, Ireland and the US.

What set you on the road to where you are now?

It has been a long and winding path, but a rewarding one. I focused on engineering roles for the first 10 years of my career before moving into sales, and subsequently focusing on executive advisory of go-to-market strategy and sales/product alignment.

Roles at Amazon and Google followed, but it was at Dropbox where I really grew. I built the pre-sales function in 12 months, overseeing hyper growth and expanding the team tenfold. I worked on getting the sales and product teams aligned and ended up managing the go-to-market strategy for Dropbox Business globally.

After my second career sabbatical, I reconnected with Christina Cacioppo, CEO and co-founder at Vanta, and started working with the company from October 2021, formally joining in April 2022. It was a great opportunity to go back to my cybersecurity origins after so many years working on horizontal products.

What’s the biggest risk you’ve ever taken?

I thought it was a really big risk at the time, not so much in hindsight, when I took a sabbatical in 2010. The whole world was suffering from one of the biggest economic downturns in generations, and I decided to take time off work. In reality, it allowed me to understand that I had been managing my career the wrong way, focusing on roles rather than the environment. I started looking for companies that shared my way of working – and that was a game changer for me.

What one work skill do you wish you had?

Attention to detail. I am somebody that can get things from 0-90pc, but I am not as good at, and don’t enjoy, the last 10pc. I am very conscious of that, so I either focus on projects that get things started from scratch, or surround myself with people that have those skills, so that we make a strong team.

How do you get the best out of your team?

I think two things are critical:

Strategically, the whole team is involved in defining the medium and long-term strategy. We work as a team in building the best strategy possible. We have an incredibly diverse team, and I could not even dream of coming up with some of the ideas they produce. At the end of the day, I make the final call, that is my job, and I am held accountable to it, but it is the team who makes the biggest contribution. It is always easier to deliver to a plan that you built as opposed to one that is given to you without an explanation.

Tactically, I encourage the team to be creative about how to get to the objective and give them as much air cover as I can to allow them to get there. But I also set a really high bar and hold people accountable to it. When you join a start-up like Vanta, you want to push yourself and make an impact – that is how you grow.

Have you noticed a diversity problem in your sector?

I have never been in a great company that was not diverse. I think in technology we are very conscious about diversity in all its aspects and the value that it adds to our teams. Personally, I constantly keep challenging my own biases all the time and try to take action where I can. I think we have come a long way, but society is still way behind in certain challenging areas.

What books have you read that you would recommend?

Designing Your Life by Bill Burnett and Dave Evans – a great guide to figuring out what you want to do when you grow up! Also, The Way We Are Working Isn’t Working by Catherine McCarthy, Jean Gomes and Tony Schwartz has taught me how to manage my energy more efficiently by changing small habits. Finally, Legacy by James Kerr, which talks about the leadership lessons we can learn from the All Blacks. It brings together two of my passions: rugby and company culture.

What are the essential tools and resources that get you through the working week?

Google Calendar. There’s always a member of my team awake and working during the week, so synchronous coordination is critical. A good calendar hygiene supported by Clockwise keeps me sane. I do the same at home so I know when it is my time to cook or do chores.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.