Aayush Shares How they Grew Scrut Automation to $100000 MRR in Just 12 Months
Aayush Ghosh Choudhury is the founder of Scrut Automation - A risk observability and compliance automation SaaS platform.

Tell us about your product and what inspired you to start it?

Scrut Automation is a risk observability and compliance automation platform built to simplify information security monitoring for cloud-native companies. We help early-stage and growth-stage companies across the globe establish robust information security processes through our smartGRC platform. Our platform enables companies to build infosec controls unique to their risk posture, and comply with 21 industry standards, like SOC 2, ISO 27001, GDPR etc, with minimal friction. With Scrut, our customers reduce manual effort in managing infosec processes by up to 70%, accelerate compliance audits by 5X, and get real-time visibility into their security posture.
While building an AI-powered supplier collaboration platform that required SOC 2 and ISO 27001 compliance to meet the enterprise requirements for deal closures, we experienced problems. Compliance took away a significant amount of time and resources from the company, which were to be utilised for developing customer-centric products and features. This proved to be the turning point that made us realise the importance of compliance automation. This hassle-filled experience led us to launch Scrut Automation with one goal in mind – simplifying information security for cloud-native organisations.

How long did it take you to acquire your first 50 customers, and what was your growth strategy?

We acquired our first 50 customers within 6 months of starting up. The early 10 customers were customers from our own networks - who trusted us and trusted our solution. They served as design partners - with their help, we sharpened our product and the value proposition. The next 40 - we continued to scale - tapping our own networks, getting references from the VC ecosystem, referrals from our existing customer base, along with cold outbound outreach across emails. Significant changes in the sector such as increasing data breaches, evolving cybercrime landscape, new regulations and evolving standards made it mandatory for companies to be compliant. The journey from then has been rapid - we went from 50 customers to 220 customers within the next 6 months, expanded across 11 countries, 4 continents, and 6 verticals, grew the team from 20 to 65.

Which technology stack are you using and what challenges and limitations does it pose?

AWS, Github, JSon, Node.JS, React.JS - no pain points as of now

What are some of the most essential tools that you use for your business?

AWS, Github, Jira, Hubspot, Rocketlane, Slack

What have been some of the biggest insights you've gained since starting your entrepreneurial journey?

One learning we have - is solve for a persona. For example what Hubspot did for mid-market CMOs. They realized a similar problem - heavyweight products like Salesforce, Adobe, SAP are expensive and difficult to use for mid-market CMOs, while lightweight product like Freshworks, Zoho, Sage are ineffective for their use cases, rendering this persona in a ‘zone of confusion’ They picked this persona - decided to solve their problems end-to-end. They anchored their entire ecosystem on this persona - features they built, marketplace they developed, tools they integrated with and partners they onboarded. This helped it become the behemoth that it is right now, almost a sole choice for all mid-market customers.
We are seeing a similar problem cropping up for mid-market CISOs.
Most tools in the security space are often built for large enterprises, rendering them complex to use for smaller organisations. Alongside this, tool fatigue and acronym fatigue also weigh heavily on them, with CISOs and CTOs struggling to understand the overlapping use cases, burning a significant number of dollars, yet at the same time, being unable to get a full understanding of their information security posture.
On the other hand - there are tools that exist for SMBs - like Vanta, Drata, Secureframe, which are meant to solve for only compliance and nothing more, which makes them inadequate for mid-market CISOs and CTOs due to the lack of breadth and depth for comprehensive security monitoring.
We aim to become the one-stop-shop for information security monitoring for mid-market CISOs - and all our endevors are anchored on empowering this segment.
The Hard Thing About Hard Things, by Ben Horowitz
Atomic Habits, by James Clear
Shoe Dog, by Phil Knight
Scale or Die, by Dave Rogenmoser

Join 500+ Makers for Research-Backed Ideas to Build Profitable Products in a Supportive Community

Get Access to 1000+ validated Ideas, data, insights & analysis for 100+ SaaS niches with implementation guides!

Become a Pro Member & Start Building Now!