On this episode of Forbes Talks, Forbes Associate Edited Alex York talks with CEO and Cofounder of Secfix Fabiola Munguia.
Munguia discusses her background, inspired by her entrepreneurial parents and witnessing cybersecurity trends at university. She started by selling ethical hacking services and then pivoted to building SEC Fix due to client demand for ISO 27,001 certification assistance.
Munguia predicts that AI will increasingly automate workflows and be used to collect and document evidence for compliance. Most of SEC Fix's clients are European startups in information technology, and the company has secured $4.2 million in funding.
Subscribe to FORBES: https://www.youtube.com/user/Forbes?sub_confirmation=1
Fuel your success with Forbes. Gain unlimited access to premium journalism, including breaking news, groundbreaking in-depth reported stories, daily digests and more. Plus, members get a front-row seat at members-only events with leading thinkers and doers, access to premium video that can help you get ahead, an ad-light experience, early access to select products including NFT drops and more:
https://account.forbes.com/membership/?utm_source=youtube&utm_medium=display&utm_campaign=growth_non-sub_paid_subscribe_ytdescript
Stay Connected
Forbes newsletters: https://newsletters.editorial.forbes.com
Forbes on Facebook: http://fb.com/forbes
Forbes Video on Twitter: http://www.twitter.com/forbes
Forbes Video on Instagram: http://instagram.com/forbes
More From Forbes: http://forbes.com
Forbes covers the intersection of entrepreneurship, wealth, technology, business and lifestyle with a focus on people and success.
Munguia discusses her background, inspired by her entrepreneurial parents and witnessing cybersecurity trends at university. She started by selling ethical hacking services and then pivoted to building SEC Fix due to client demand for ISO 27,001 certification assistance.
Munguia predicts that AI will increasingly automate workflows and be used to collect and document evidence for compliance. Most of SEC Fix's clients are European startups in information technology, and the company has secured $4.2 million in funding.
Subscribe to FORBES: https://www.youtube.com/user/Forbes?sub_confirmation=1
Fuel your success with Forbes. Gain unlimited access to premium journalism, including breaking news, groundbreaking in-depth reported stories, daily digests and more. Plus, members get a front-row seat at members-only events with leading thinkers and doers, access to premium video that can help you get ahead, an ad-light experience, early access to select products including NFT drops and more:
https://account.forbes.com/membership/?utm_source=youtube&utm_medium=display&utm_campaign=growth_non-sub_paid_subscribe_ytdescript
Stay Connected
Forbes newsletters: https://newsletters.editorial.forbes.com
Forbes on Facebook: http://fb.com/forbes
Forbes Video on Twitter: http://www.twitter.com/forbes
Forbes Video on Instagram: http://instagram.com/forbes
More From Forbes: http://forbes.com
Forbes covers the intersection of entrepreneurship, wealth, technology, business and lifestyle with a focus on people and success.
Category
🛠️
LifestyleTranscript
00:00in the end, we're all connected. So if someone gets hacked, it could impact also their vendors
00:06or their set of customers that they have as well.
00:13Hi, everyone. We are here with Fabiola Munguia, the co-founder of SecFix. Thank you so much for
00:18joining me today. Yeah, thank you for inviting me. I'm very excited to be here. So I'm super
00:22excited to talk about what you are building. You're in the cybersecurity space, very deep tech. Can
00:27you walk me through in like 30 seconds, just a brief rundown of who you are and what you're
00:31building today? Yeah, sure. So basically, yeah, I'm Fabiola, the co-founder. I have actually two
00:37other co-founders. And what we built is actually we automate compliance for startups and SMBs.
00:44So basically, we help them to do this like hassle-free and easy instead of them spending like
00:5018 months to finish all of their compliance burden. So normally, they would do like a lot of Excel
00:56sheets and Word documents to really show that they're trustworthy to their partners. And with
01:01us, they can actually automate that at a fraction of the time and also a fraction of the cost as
01:06well. How did you get into the space in the first place? Well, actually, it started at the university.
01:13Like my father, my parents are actually both entrepreneurs. I always wanted to build something
01:18like from scratch, so to say. But then at the university, I actually saw that there were like
01:23this trends in cybersecurity, like a lot of cyber attacks and also, you know, data breaches.
01:30So I actually had another company before where I was like pretty much selling ethical hacking
01:35services. Like, you know, being from the hacker's perspective, how would you actually simulate a
01:40hacking attack? And a lot of my clients actually said like, hey, are you actually building something
01:45also for ISO 27001 certification? We need to show that to our partners that we're trustworthy and they
01:52want it actually now so we can close a bigger deal with them. And I've seen that it takes a lot of time
01:59to get that. Like, do you have some ideas on how we can build it faster? And then we just kind of like
02:04thought about it. It was like, hmm, actually, why don't we just try to build that ourselves and help
02:10these little companies automate a lot of those processes? Right. Yeah. With parents as entrepreneurs,
02:17what about their experience inspired you to build something of your own? Were you not turned off by
02:22like the challenges of being an entrepreneur as well? Yeah, I would say like if I'm being honest,
02:28in the beginning, I mean, when I was little and I was looking at my parents, I was like,
02:33this is tough. Like, I really thought like, I mean, there are a lot, it's like a roller coaster,
02:38you know, like they had a lot of like ups and downs. But I really liked like the journey that
02:44they had, like, you know, the experience that they get and how much they can actually also
02:49like really learn from that, that really kind of like stuck in me. So I was like, really just,
02:56I just wanted to try things out. Yeah. And I didn't want to go directly into a corporate job
03:01just because I knew like I can do that later. But right now I'm just, I'm young. I just finished
03:06university. So maybe I will just try it out, see if it works. And actually, so I'm still doing this.
03:13So you're inspired by the journey. I love it. Speaking of that, though, like you mentioned,
03:17you had another company at first, you kind of pivoted into what SecFix now, you know, delivers
03:21to clients. When you are talking to clients, pitching why you are the right fit for them,
03:26what do you tell them? What really are you offering like on a step by step basis today?
03:30Yeah, so that's a really good question. So basically, I would say like the main things that
03:34they're normally looking into getting into this, especially because it's cybersecurity is a very
03:40trusted partner. And since our customer profile is small companies, they don't really have a lot
03:46of resources. So they're looking for someone who can actually, you know, take that burden away from
03:52them. So I think both the automation part of the platform is one thing, but at the same time that
03:58they feel that they're handholded during the whole journey, especially because like, I really like
04:04laugh a little bit about that. But a lot of our clients, they think it's like they need to pass
04:09a test or something. It's like they even tell me like in the calls, like I'm a little bit nervous
04:15about the test or about the exam. I'm like, it's not an exam. Don't worry about it. It's actually
04:18just an audit. Right. But yeah, they actually just want to have like this, you know, personal support
04:23as well. So both the automation and the support are the things that they're looking into and having
04:29a trusted partner for a long term is actually something that can help them as well. Yep.
04:34Yeah. And from the other side as well, like they want to grow as well. They want to, you know,
04:39just not do ISO. They want to do GDPR and they need to do this too. If they want to go to the US,
04:43they need to do SOC too. So actually that opens a lot of like different things that they actually need
04:49to do and it's more complex. So just having a partner and a platform that can scale with them
04:55and help them grow their business, that's actually what they want in a provider basically.
05:00Definitely. How does AI come into play? I think that, you know, obviously as you're talking about
05:05these former cybersecurity threats that you had experienced that kind of inspired this
05:09and just so much of the changing tech ecosystem, AI is a huge part of that. How is that impacting what
05:15you're building? Yeah. I mean, I think like lately, especially lately, this has been like a lot lately,
05:21like there's a lot of different things that you can see already in the market. And I think the main
05:27part of AI is like, how can you actually use that to automate workflows? Like I don't think it will,
05:34it will be able to actually like automate everything, but I think you can actually use that to create
05:40different things. For example, right now, one of the main things that we're doing is that we
05:44created a virtual chief information security officer assistant. So basically, you know, we have our
05:51team of compliance experts, right? But they also want to have like direct communication or just kind
05:58of like get their own know-how without needing to wait for a person. So basically, we have this
06:04assistant that we created with AI and actually gives them responses of things that they need to do
06:09on the platform or when they're actually like working on a specific topic and they're like,
06:13hey, what are the best tools that I can use to create this process or this, you know, security
06:19process right now in my company, like basically can give them recommendation on that. So that's
06:25just one little use case. But there are so many things that you can now do with AI that will
06:30definitely change how the industry and also how this specific compliance and GRC market is growing.
06:37Is there anything in terms of AI that you are looking out for? I mean, I feel like we hear about
06:43all the time, like the dangers of AI, especially when it comes to cybersecurity threats or different,
06:47you know, fakes online or different things that we have to kind of suss out. Like, is this a legit
06:52piece of information that I'm receiving? How are you thinking about that as you are working on these
06:57compliance and cybersecurity conversations? Yeah. So basically, that's actually something that is
07:02turning as well. Like there's also this AI act that is coming. So it's also something that they will
07:07need to do in the future, especially a lot of companies that have been pretty much built with
07:12LLM. They all will need to get compliant with that. So right now, it's good that, for example,
07:17if they have already created like their basis of security with ISO 27001 or with SOC 2, for them,
07:24it will be also easier to kind of like transition to other requirements and regulations that are needed
07:29for this AI, you know, like specific field. So yeah, I guess like in the end, it's just about like
07:37understanding like what can you actually do in terms of AI and also trying to document that and show
07:44that to your team as well on what's allowed and what's not allowed. You know, not sharing specific
07:50privacy, private information or, you know, making sure that they know the guidelines of what they
07:56actually can do. That's also important. And part of the things that we at SecFix are also building
08:01to help our clients, you know, get more clarity right now, because it's still very, you know,
08:07in its infancy and it's growing very fast. Yes, it is very new and it is changing so quickly.
08:12What are some of the predictions you have about the future of how AI is going to impact what you're
08:16doing and what your, you know, clients are offering? Yeah. So I think the main things that are going to
08:22change is that the way how we actually like collaborate with AI right now. So I guess right
08:29now it's more us being kind of like receptive on getting information from, you know, chatbots,
08:35from ChatGPT or from different parts. But in the future, I think it will be easier for specific
08:41workflows that you can create in the company to actually like already give specific instructions
08:47of what you want to give to, you know, basically to build that evidence. Like for example, if you're
08:54thinking about compliance, there are specific things that you will need to do. Like sometimes
09:00you need to create a specific meeting or specific evidence for the audit, right? And right now it's
09:08pretty much still done manually. But a lot of those things could be actually like already being set
09:13that you can get, collect this information, like join in a meeting, then the AI can actually write
09:19all of that information for you and then being completely uploaded on the platform, for example.
09:24That totally makes sense. And you mentioned too, that some of your clients are expanding to different
09:28markets, like, you know, expanding to the US or other sorts of things. Where are the majority of
09:32your clients coming at you from today? Yeah. So most of them are from Europe, like since we're like
09:38basically pretty much based in Europe. All of them are from from there. And most of them are expanding
09:45either within the European Union or actually like to the US market. That's basically what I've seen in
09:52most of the trends. But yeah, I would say right now we're mainly focusing on the DAG region, like in
09:58Germany, Austria, Switzerland, but also UK and Europe have come kind of like into play as well.
10:04And what different industries are these clients coming from? From actually, I would say most of
10:09them are startups like information technology, like they're building either their own software,
10:15like different spaces, like since most of them actually meet this specific standard for getting
10:22bigger deals and, you know, pretty much like setting up the tone that they're trustworthy.
10:27It's actually like industry agnostic. But I would say information technology or, you know,
10:33software development is the one that we see the most. Yeah, definitely. You have 4.2 million in
10:38funding, correct? What was that journey like to get investors on board? Yeah, that's a really
10:44interesting question. I would say, I mean, it's definitely challenging, especially because I'm
10:51actually not from Europe, you know, like my roots are in El Salvador. And I actually needed to build my
10:58whole network to get where I am. So I would say it was like a rollercoaster of itself, like already
11:06being an entrepreneur is a rollercoaster. But, you know, you're in it for the journey.
11:10Racing around, it's tough. But I would say the main things that I learned is that the network is
11:16super important. The network that you've built in the country that you are, that's definitely what's
11:21going to help you kind of like bring that social proof that you need for your company to make sure
11:27that people can actually believe as well in your company. And the second one is actually the team
11:32that you want to have, like basically having like a good, you know, pretty much like founding team
11:38with different skill sets. That's actually what actually was helpful to be able to raise a good
11:45round, especially because I was like focused more in like the business side. And my co-founder was
11:51focused more on the technical side. And we have a third co-founder that has information security
11:55expertise and has been actually had the problem for 12 years of actually creating all of these
12:01things manually. So it was like a good, good team that could actually execute that.
12:05How did you guys decide besides just having different expertise that you came from that you
12:10guys were going to be good co-founders together? Because that's a very specific relationship to build
12:14with people. You're in it then for the long haul with them. So what characteristics made sense
12:17for you guys about each other that made the partnership work?
12:21Yeah. I mean, I guess it's in the end, it's always like a gut feeling, like, you know,
12:26you know, if you can click with someone or not. But I would say if you're looking for a co-founder,
12:33normally what you would like to see if they have like the same values as you have,
12:37if they have like the same ethical, you know, like how they work, like how they actually like
12:43express themselves and what they want to build, they have these inspirations as you want them,
12:48then actually like this is a good, a good fit. And the most important thing is that you actually
12:53have already done something with them. Like, for example, with my co-founder, we actually had
12:58another university project that we were working with. And then the third person that joined,
13:03my third co-founder joined actually later. And we actually worked with him, like we knew him from
13:09the Munich network. So we feel like, hey, let's just start working together. Let's see if it fits.
13:13And then you kind of like, we just clicked and it worked.
13:15Definitely. When you are talking with your co-founders, a lot of this, I'm sure, is about
13:19like what the vision you have for the future is and making sure that aligns with each other.
13:23What is that vision today? What are you guys excited about building?
13:27Yeah, well, I would say like our vision in the end is to actually like become the European leader
13:32in compliance and automation. Like this is actually what we've dreamed about since we started
13:37the whole company. And we're actually in a really good pace building that foundation to get there.
13:43But I would say in the end, from that part, what we also are super excited about is actually just
13:51building a really, really good company with great values and with great people. And especially like
13:57completely remote, like we're 100% remote. We're based in different countries and we're so diverse.
14:01Like everyone is from all around the world. And I think just like leaving that impact to people
14:07and especially to my team, that they can see that if you're, you know, a woman or if you're a female
14:13founder, you can actually make it in this kind of industry. That's really nice. And the same goes
14:18with my co-founders. Like they're also not from, you know, Europe or from Germany. So putting that
14:23footprint in Europe is actually like one of the biggest impacts that we want to live.
14:27What has the Munich startup space looked like? How would you describe kind of that environment
14:32that you're in? It's actually a really nice environment. Like you have, like since I studied
14:38at the Technical University of Munich, I had a lot of like different activities or different,
14:44you know, pretty much events where you could go like hackathons and meet people. So they do have
14:50like very, very good, a very good structure of startups and a really good startup hub as well.
14:56So I would say like also this foundation of the Munich startup helped us a lot to build our,
15:03you know, pretty much to set everything for success, especially because of the network,
15:08but also the support that we got. Like we got into accelerator programs. We did also some smaller,
15:14you know, pretty much like events or projects of the university as well. And for recruiting and
15:20hiring, you have also the support of the university. So it's actually goes really well altogether.
15:25Yep. To build that network that you, that has been so critical for you guys.
15:28Yeah.
15:28What are some of the biggest misconceptions about the cybersecurity space? Do you think?
15:34I would say one of the biggest ones is basically you think when there's a hacking attack
15:40happening, that there was some kind of flaw in like, you know, I don't know, like the software
15:45or the system, but most of the time it's actually like human error. So I would say that's actually
15:52one of the main things that would cause a hacking attack. It's because, you know, we as humans,
15:58we're just a little bit clumsy sometimes, I would say. So that's one of the reasons why when I talk to
16:03my clients, I always say like, Hey, make sure that you build up this cybersecurity culture as well in
16:09your team that, you know, employees don't get upset when they're getting onboarded and they need to do
16:15a security awareness training, you know, and they are just thinking like, Oh, I just want to get done
16:19with this, but rather like really make sure that they understand the impact that they as humans are
16:25having for your company and also for other companies, because in the end, we're all connected,
16:30you know? So if someone gets hacked, it could impact also their vendors or their, you know,
16:36set of customers that they have as well.
16:38What would you say are your predictions for the future of the cybersecurity space that how AI and
16:43new technologies are infiltrating? What are you kind of looking out for in the next couple of years?
16:49Well, I would say obviously with AI, there will be more investment into the
16:55vulnerability scanning and also into spaces of compliance, like basically pretty much what
17:01we started like two to three years ago now has kind of like picked up the pace. So now you see like
17:08before, like let's say two years ago, when I was talking to people, to customers, I actually still
17:15needed to educate them why ISO 2001 was important. And now they basically just come to me and say like,
17:21you don't need to tell me why it's important. I know I need it. I just know, how can I get it?
17:26Right. You know? So I think in the next couple of years, it's going to be even more important,
17:30not only to have one standard, but actually like that you can, as a company, set up a good roadmap
17:36of things that you want to achieve to create trust for your partners and for your business. So
17:42pretty much compliance, doing vulnerability scanning, making sure that you have our, you know,
17:47pretty much setting up all of your security best practices in the company. That's going to be
17:53something that will take on more and more work. And especially if there are more AI tools available
17:58for that, that's going to make it easier and, you know, less expensive because right now it's still
18:04very expensive to create all of this, especially for small businesses. They cannot, you know, as of now,
18:11actually like afford a lot of these tools. Right. The last question I have for you,
18:16as you're working with small businesses, emerging startups, what is your biggest piece of advice for
18:21things they should look out for or steps that they should take to make sure that they are compliant
18:24and kind of looking out for all these things that are changing? Yeah. So I would say don't over
18:30complicate it. As a small business, like one of the things that I always see when they come to me and
18:36they're feel overwhelmed, especially like in the first, you know, I'm still doing like the sales
18:40part because I love to talk to my customers. I like to talk to my prospects and they feel that
18:46they don't know where to start. So sometimes they just try to kind of like, you know, just pretty
18:52much set that everything up way too complex. Like all of their processors are made for enterprises
18:58and not for small companies. So that would be like my first advice to make sure that they try to keep
19:05it simple and lean. And that's, for example, what we try to do with them. Like we kind of like give
19:10them that guidance. And secondly, to not wait too long. It's like going to the doctor. Like when you
19:16go to the doctor, you don't want to go there when something bad is already happening or happened,
19:22but rather the other way around, you want to make sure that you can prevent this. And that's why I tell
19:27my clients, like some of them, they just come to me and say like, Hey, I need this, but maybe in six
19:33months. And then two months later, they just come back and say like, Hey, I either lost a deal or I'm
19:39about to, you know, sign a deal with a bigger enterprise. And they're asking me about this.
19:44Can you help me get this faster? And it's a little bit already too late. So it would be better if they
19:49actually already think about it and not wait too long. Definitely be proactive about it. Yeah. Well,
19:54thank you so much for joining me. This was so fun to talk about all that you are building and so much
19:59is changing. So thank you for walking me through all that today. Thank you.