As cybersecurity breaches rise, so too do regulatory compliance demands on companies. As a result, cybersecurity compliance is a quickly-growing market driven by the proliferating volume and complexity of cyberattacks, as well as an increasing amount of data, cloud applications and business process outsourcing. To help manage a vast array of cybersecurity and compliance needs, many companies are looking for cost-effective, technology-powered solutions that enable them meet the most stringent privacy and compliance mandates.
A-LIGN is a cybersecurity and compliance solutions provider that helps companies address regulatory compliance and business security needs. Based in Tampa with roughly 4,000 customers and 650 employees globally, A-LIGN provides tech-enabled services through its A-SCEND platform, including compliance assessments, audits, cybersecurity testing, and risk and privacy analysis.
As part of FTV’s long history of successfully scaling companies in the risk, security and compliance space, we identified A-LIGN and invested $54.5 million in the company in 2018, followed by a subsequent investment in the company, alongside new investor Warburg Pincus, in 2021.
We sat down with A-LIGN Founder and CEO Scott Price to talk about the role of compliance in a complex cybersecurity environment. Scott shares insights on what companies need in cybersecurity and risk management, as well as how he built the company’s culture with an emphasis on innovation, transparency and leadership development.
QUESTION 1
You founded A-LIGN in 2009. What problem were you trying to solve?
I wanted to start a company broadly focused on cybersecurity risk and putting the controls in place to prevent unauthorized access threats. I called it A-LIGN for a very specific reason: I would perform an audit of a company against a specific industry standard, but inevitably a few months later a customer would call back to say they were entering a new industry vertical and thus needed to re-audit a lot of the same data to comply with new standards. So I thought: Can’t we align a company’s strategic objectives with their compliance objectives so we can perform one audit and build over time to make it a more efficient process that can save time and money? To this day, we continue to be laser-focused on not only offering quality services for a competitive fee, but also providing our services in an efficient manner, allowing our customers to focus on generating value for their own company.
QUESTION 2
For nearly a decade, you bootstrapped the company. Why did you decide to take outside funding in 2018, and how has FTV been a valuable partner?
The nature of being bootstrapped from day one has meant a more conservative approach to how we spend our time and financial resources and continues to infuse a sense of purpose into how we run the company.
In 2018 A-LIGN was profitable and growing very well, so we didn’t need an investment to keep doing what we were doing. However, I realized that taking outside investment from FTV would give us credibility and validation in the market, in addition to affording us tremendous opportunities to grow and scale. FTV brought experience and expertise and could open doors to new customers, which has been transformational for me personally and for A-LIGN’s growth.
FTV did a great job of giving me the skills to grow as a CEO. They had experience with board development and helped us attract the right talent, including bringing on a CFO and CRO. Once I asked Brad Bernstein to make an introduction to one of his contacts who was a top prospect for A-LIGN; he did so immediately, and as a result we won the contract. FTV offers far more than lip service; they are committed to our success.
QUESTION 3
What are your customer’s biggest pain points in terms of cybersecurity compliance, and how does the A-SCEND platform address them?
Companies today process and hold tons of customer data and they tell their customers how they’re operating their controls, but customers are understandably wary, given all the breaches they see out there. We audit companies’ cybersecurity controls against an industry standard such as SOC 1, SOC 2, or ISO, empowering them to instill confidence and tell their customers: “You can trust us when we say we’re encrypting your data because a third party has verified it.” This way, when there is a breach — which is a matter of when, not if — their customers know exactly how they will respond.
Our A-SCEND platform allows an organization to gather its data in a very time-efficient way. Most companies have multiple compliance standards they have to adhere to. Our software de-duplicates the requests, so there’s only one request for multiple standards. We test one time and can produce many reports. Companies can also see how close they are to fulfilling additional standards they may want to audit against in the future, and they can receive auditor comments in real time. If they went through a SOC1 or PCI assessment, and they want to get into healthcare, they can see that they are 72% of the way there with the standards they already have in place.
QUESTION 4
As a technology-enabled services company, how does A-LIGN serve clients’ specific needs and what role does technology play?
Many of our clients have basically been told by a prospect or existing customer that they need to undergo this audit and don’t understand the audit or process. We provide education on how to get ready for it and recommendations on implementing controls for gaps. We ultimately hold their hand through the process so that they end up with an accurate report that they can proudly share with their customers. We also developed our own internal technology, which allows our clients to delegate the pulling of data from a global basis down to individuals and approve the data before we see it so customers have a workflow for gathering their data.
QUESTION 5
You established a Leadership Academy to help A-LIGN employees develop their leadership skills and abilities. What drove you to do this, and how has that impacted the company’s culture?
Our company’s four values are: 1) Commit to quality, 2) Be all in, 3) Do the right thing, always, and 4) Innovate constantly. To support these values, in 2019, I proposed to my board that we needed a leadership coach and dedicated curriculum to reduce attrition, increase retention and make A-LIGN more attractive for recruitment. I knew our employees wanted leadership skills to grow personally and professionally, so we decided to create our Leadership Academy even though it would reduce our EBITDA.
Now in 2024, we have an Emerging Leaders Program, a Leadership Academy and then a Master’s Academy for people who have graduated from Leadership Academy. Since inception, over 300 employees have attended one of our leadership programs, and these programs have been integral in supporting our culture of continuous improvement and innovation while also developing our leaders across all levels.
QUESTION 6
How important is innovation for A-LIGN internally as a company value?
We are highly focused on the “innovate constantly” value. We want employees’ opinions and ideas, and we want our employees to feel motivated. Once you understand why we do something and how we do it, let’s improve on the how. The worst thing you can hear is that “we’ve always done it that way, so we need to keep doing it that way.” Our leadership style is understanding why we do something, and then figuring out a better way.