RegScale is a company that frees organizations from manual paper-based processes through its continuous compliance automation software. Pulse 2.0 interviewed Anil Karmel, co-founder and CEO, and Travis Howerton, co-founder and CTO, to learn more.
Background Of The Founders
Karmel and Howerton spent over a decade working in the U.S. Nuclear Weapons Program where they personally felt the pain of the problem being solved at RegScale.
Anil Karmel: “I worked at Los Alamos National Laboratory and led the design and implementation of their cloud and collaboration platforms. On that journey, I had to write compliance artifacts for these systems in Word documents and Excel spreadsheets that were instantly out of date the moment they were created. We thought, there HAS to be a better way.”
Travis Howerton: “I spent over 20 years in executive roles across US Nuclear Weapons programs where I served as the first Chief Technology Officer (CTO) in the National Nuclear Security Administration (NNSA)—this is where I met my co-founder, Anil. Later, I served as Deputy Director of IT for Oak Ridge National Laboratory (ORNL) and also supported digital transformation globally for Bechtel Corporation. Currently, I lead the R&D division of RegScale located in the University of TN Research Park in Knoxville, TN.”
Formation Of RegScale
How did the idea for RegScale come together?
RegScale launched in November 2021 based on the experiences of its founders while doing services work in C2 Labs, a digital transformation services company. They recognized the challenge faced by organizations of all sizes when it comes to compliance attestation. The company founders realized that a cultural shift was needed to embrace real-time compliance and secured a $1.5 million early capital investment to scale the vision. From the start, their focus has been to help organizations mitigate risk and bring compliance into the modern era.
Favorite Memory
What has been your favorite memory working for RegScale?
Anil Karmel: “It’s so rewarding to see the look on prospective customers’ faces when they see RegScale and instantly realize the value proposition we bring to the table. One prospect said, ‘I had an idea for a solution to this problem and if I were to build it, it would look like this’ and they moved quickly into a Proof-of-Concept and procurement.”
Travis Howerton: “The ability to hire and build a world-class R&D team from scratch that is aligned to our ideal company culture has been very rewarding. Every team member was carefully selected based on their skills, abilities, and how their personality integrated into the overall team.”
Challenges Faced
What are some of the challenges you faced in building the company, and has the current macroeconomic climate affected the company?
Anil Karmel: “The current macroeconomic conditions are actually a tailwind for our company as compliance is the one thing heavily regulated organizations can’t choose NOT to do. Usually, compliance is the one area of the budget that is untouched and by bringing RegScale to the table, efficiencies and cost savings can be realized by the business to be redirected into other areas for strategic investment.”
Travis Howerton: “At launch, our biggest issue was getting in front of customers due to COVID restrictions and everyone working remotely. That forced us to get creative in our marketing and sales approach until the world opened back up again.”
Core Products
What are RegScale’s core products and features?
Travis Howerton: “RegScale is an API-centric platform that was purpose-built by practitioners for practitioners. It’s the world’s first real-time Governance, Risk, and Compliance (GRC) platform, and it bridges the divide between security and compliance by outputting audit-ready documentation on demand. It has been thoughtfully designed to integrate with existing security tools and to automate ticket creations to keep compliance paperwork continuously up to date.”
The core features include:
– Self-updating paperwork by integrating with continuous monitoring
– Ability to output automated reports in any format (such as NIST, CMMC, and others)
– Purpose built to reduce the cost and to accelerate the schedule for achieving FedRAMP
– Compliance as Code using NIST (National Institute of Standards and Technology) OSCAL (Open Security Controls Assessment Language)
– 30+ purpose-built modules as an ERP for Compliance
Evolution Of RegScale’s Technology
How has RegScale’s technology evolved since launching?
Travis Howerton: “Since launching, we have added 2,000 features with 20+ real-time integrations and support for 40+ different regulations out of the box. The RegScale Community Edition – a free-to-use platform that provides small to midsize businesses with the tools they need to meet compliance obligations – has crossed 300,000 downloads worldwide.
RegScale isn’t just building software: it’s leading a movement to reimagine compliance. We have secured two patents for our core platform, including our Time Travel system, to visualize changes over time and layered multitenancy to support the largest and most complex customer use cases.”
Significant Milestones
What have been some of RegScale’s most significant milestones?
Anil Karmel: “My co-founder and I have been fortunate to recruit a world class leadership team replete with our CRO, Eric Erston, who ran the Archer GRC business while at RSA to our CISO, Larry Whiteside Jr., who is a respected thought leader and world class community builder to our CFO Michael Needel who recently led the successful exit of a security startup.”
“Our recent 5.0 launch brought a large number of new features and functionality including Dark Mode, Bring Your Own Identity, an improved assessment system, and our new Evidence Locker. We continue to iterate rapidly on the product to deliver cutting edge features for our customers.”
“In our first year of business alone, we marked significant milestones, including closing a $20M Series A funding round with SYN Ventures, SineWave Ventures, Virginia Innovation Partnership Corporation, and SecureOctane.”
“We also acquired GovReady, an open-source Compliance-as-Code technology company, to further RegScale’s position as a leading NIST OSCAL-enabled GRC platform.”
Customers
Who are some of RegScale’s customers?
Travis Howerton: “RegScale’s customer base includes government agencies and commercial organizations across financial services and technology companies. Customer examples include the U.S. Navy, U.S. Air Force, U.S. Department of Energy, U.S. Department of Homeland Security, Centers for Medicare & Medicaid Services, Johnson Controls Federal Systems, Inc., Oak Ridge National Laboratory, Chipotle Mexican Grill, SentinalOne and Raytheon Technologies.”
Funding And Other Metrics
Are you able to discuss funding and other metrics?
Anil Karmel: “Since November of 2021 when our company was founded with a $1.5M early funding round, RegScale has closed a $20M Series A round in August 2022 led by SYN Ventures with participation from Sinewave Ventures, Virginia Venture Partners and several strategics. As of April 2023, we have over 300,000 downloads of our free Community Edition and over two dozen Enterprise Edition customers including the U.S. Navy, Oak Ridge National Laboratory, and SentinelOne.”
Total Addressable Market
What total addressable market (TAM) size is RegScale pursuing?
Anil Karmel: “The heavily fragmented global compliance market has a TAM of $40.8B growing to $134.8B by 2028 at a CAGR of 14%. Numerous point solutions exist in the market to solve individual challenges. Our platform serves as an ERP for compliance, effectively bridging the divide between security and compliance in the world’s first real-time GRC.”
“Today, we are heavily focused on growth in government (Federal, State, and Local), financial services, healthcare, and the energy sector.”
Differentiation From The Competition
What differentiates RegScale from its competition?
Travis Howerton: “RegScale is purpose-built to digitize, automate, transform, and scale the compliance program while simultaneously reducing risk, cost, and time. Our clients can reduce costs by 30% or more and reduce paperwork by 70% or more.”
The key differences include:
Freemium: RegScale’s Community Edition (CE) is completely free to use with no restrictions, delivering rapid time-to-value with the ability to purchase a license key to unlock Enterprise Edition (EE) features. CE lowers the entry barriers and serves as an opportunity to drive quick Proof of Concepts, with the ability to upconvert to the Enterprise Edition.
Time to Value: Deploys anywhere in under an hour, whether it’s from air-gapped networks, on-premises data centers, or hyper-scale cloud environments. This allows RegScale customers to realize value measured in weeks as opposed to legacy approaches that promise outcomes that take years if ever, to materialize.
Multi-Tenancy within a Single Install: Allows large organizations to support multiple compliance use cases with a single RegScale install/purchase. This approach enables true consolidation in compliance tools and makes it an appreciating asset as more organizations adopt the solution while base costs remain fixed.
Portability: It is easy to get data both in and out of RegScale as a new compliance system of record. This approach makes integration simple and fast. In addition, customers can easily visualize their data in external analytics systems such as PowerBI.
Universal: Using a Natural Language Processing (NLP) driven approach, the system is optimized to support any regulation and is able to parse and digitize unstructured regulations, making them portable.
Future Company Goals
What are some of RegScale’s future company goals?
Anil Karmel: “We’re not just selling software, we’re leading a movement. In the software development world, there was a lot of latency and manual processes between software development and software deployment. As such, Development Operations (DevOps) was born which evolved into Development Security Operations (DevSecOps) to incorporate security early in the process. With all that said, compliance is still being done after the fact, so my co-founder Travis came up with this idea to bring the principles of DevOps to Compliance and wrote a Compliance Manifesto mirroring the Agile Manifesto. We came up with a definition of this movement as Regulatory Operations (RegOps) and are on a mission to drive cultural transformation coupled with tooling to reimagine the compliance industry that hasn’t seen innovation in decades.”
