Blog Posts

Our Story: How a Security Questionnaire Changed the Trajectory of a Startup

Our Story: How a Security Questionnaire Changed the Trajectory of a Startup

When the security questionnaire landed in Laird Wilton‘s inbox, he felt sick to his stomach. He scrolled down the long list of detailed information security questions. His team at a growing SaaS startup could easily stumble in their responses here.

Laird’s team had to give satisfactory answers about their security policies during the vendor auditing stage of the sales process. If they couldn’t, he knew it would unravel the six-figure deal he was trying to close. 

At the time, Laird was the CRO at a small startup based in Nova Scotia. They had customers around the globe, and their SaaS product was quickly gaining rave reviews within their target market. Their startup had traction, opening the door to opportunities with several Fortune 500 brands. These kinds of enterprise customers would be huge wins for the scrappy startup team. 

Laird could see this would be an enormous roadblock that could end their hopes of landing enterprise-level clients.

The Security Questionnaire 

Laird immediately looped in his CEO, Darren Gallop. To close this deal, they would need to devote their own time, plus their CTO’s, to complete the vendor questionnaire with accurate, comprehensive answers. 

The prospective customer sending this security questionnaire examined the security posture of every vendor that did business with them. With the reputation as a Fortune 500 brand on the line, the customer wouldn’t take chances using a B2B service that couldn’t demonstrate adequate security standards. With data breaches hitting the headlines every week, top brands wanted to see if their vendors considered the security and privacy of customer data as a high priority. 

Despite their best efforts, responding to the customer’s detailed security standards became a lengthy and stressful process for the startup. Eventually, the largest deal in the company’s history fell through the cracks. 

Having lost that six-figure deal, Darren and Laird began a costly process to bring their startup into compliance with strict security standards. They didn’t want to lose the next big deal with an enterprise-level customer. They tried using spreadsheets to organize their infosec program and track policies. Later, they engaged consultants and worked to implement information security best practices. Ultimately, they learned that the available solutions for infosec management came up short for what they wanted.

The same year, their startup hit the same hurdle of exhaustive security audits from other prospects in their sales pipeline. They managed to close one of the enterprise-level deals. First, they’d had to demonstrate an information security program that satisfied the customer. That sale took eight months to close, with the audits and security requirements significantly slowing down the deal and costing the startup. 

Investing in Security Policies & Procedures 

Darren, the CEO, became obsessed with embedding data security into their SaaS product and building a security-aware culture among his employees. He engaged consultants, updated their policies and procedures, and looked for a tool that would track the implementation of their security program.

However, the tools he wanted didn’t exist. His team considered trying to build the needed tools internally. But doing that would take developers away from their product roadmap.

Darren and Laird continued thinking over what they could have done differently and why they’d lost that six-figure deal. They suspected if this kind of loss had happened to them, it must be an issue for other small to medium-sized businesses. After some market research, they saw an opportunity for an all-in-one information security solution. 

Inspired by this, and with an acquisition deal now within sight for Darren’s successful 10-year-old startup, the two co-founded a new startup: Carbide.

A Complete InfoSec Program for SaaS Companies

After organizing a team of experienced developers and information security experts, Carbide has created tools and strategies built to help businesses protect their data and technology. Today, Carbide is an information security and privacy compliance management system for businesses selling to large enterprises. 

“We knew the process was flawed and we knew we had a solution,” Darren says. “Our platform checks all the boxes required for efficiently developing and managing a strong and modern information security strategy.” 

The Carbide web app uses industry-leading best practices to assemble information security policies and create implementation tasks. Darren and Laird have led the team to develop an affordable product that makes policy adherence easy, even for fast-moving startups. With Carbide as your command center, you get access to the tools, resources, and advisors your business needs.

The top priority for Carbide is providing businesses with peace of mind. You need to know your customer data is safe and your sales won’t hit security roadblocks.

“Operating securely shouldn’t come as a cost to productivity or take away our love for what we do. We’re committed to delivering information security tools and resources that enable teams to protect data, reduce risk, and win business,” Laird says. 

To this day, Laird wants to make sure other executives getting security questionnaires in their inbox have answers to close the deal.