Interview with Shanmugavel Sankaran, founder of FixNix – The Entrepreneur who sold his house

Shanmugavel Sankaran has previously worked with Microsoft and IBM in a variety of information security and compliance management positions. Now Sankaran is the Chief Nixer – the founder of FixNix Inc for the last 8 years, a cloud-based Governance Risk and Compliance (GRC) company. Apart from the GRC suite FixNix has analytics products that span across five major risk assessment components across different domains: audit management, Risk management, asset management, business resiliency, disaster recovery, policy management, incident management, board governance, privacy governance.

In his interview, Sankaran shared us the moments from his biography, company history, and his personal life. 

• Mr. Sankaran, do you remember how and when did you start taking interest in computers and cyber security?

I started during my Microsoft days. I was a Database Administrator at Microsoft and I ran the Web Application Security Team for Microsoft, and afterward, I had a lot of interesting things to do at Microsoft. And then I worked with IBM. I had a couple of interesting goals managing cybersecurity architecture and a few other things for a ecommerce platform as their CISO. It’s been an interesting journey.

• Do you remember when did the first idea that led to the creation of the company FixNix come up?

During my IBM days, I was trying to solve a couple of problems. There were a lot of opportunities with respect to web application security. And I saw that governance risk and compliance also was very important problems. I thought, okay, these are two problems I should seriously look at. So, when I became a kind of a start-up guy after quitting IBM, I went to act as a chief information security officer for a brief period. I was trying to procure a GRC for them. I couldn’t buy are the sub 50 thousand dollar price point. It was a good interesting opportunity to “jump ship” and build.

• What have been some of your biggest challenges?

I think entrepreneurship is a roller coaster. People usually tell capital is the issue but now, after running the company for eight years, I understood the capital is okay: one of the issues, not always the issue. So, I figured out the product-market fit is the issue. It’s about time. You need to first to ship someone some version and then subsequently go to Market again. You keep building it until the Market said that it’s the perfect solution. So you keep doing that. For me, it was one interesting thing I found in entrepreneurship, which is very exciting stuff compared to Microsoft and IBM.

• How did you get funding for your business? How did you find investors? 

I started out of India. It was a bootstrapped company in the initial days subsequently Incorporated in the US and then became a US Corporation.

So, the initial days as we know it’s a lot of trouble. I mortgaged my house to raise debt from the government of India. The initial first capital was 150 thousand dollars. Subsequently, we got some capital from friends in North America Europe USA, etc. So I think that helped the company scale.

But it was only after three years, I went to raise some money.  We raised now to a million dollars. We have 30+ investors. 

• In your profile on Linkedin, you described yourself as “the entrepreneur who sold his house”? Why did you do it? 

Yes, finally, I sold my house and infuse a quarter-million-dollar in the company when he raced around. Now, this house officially got the titled the Entrepreneur who  sold his house.

 • Your Headquarters Location is in California. Why did you choose the US?

The cybersecurity ecosystem is very matured in the US. We considered the optimal outcome that we can get for all of our existing stakeholders of the investors. It was the primary reason to have US headquarter. We have a subsidiary in India already and also in Canada and Singapore.

• On your website, you said: “I am extremely grateful to my Nixers”. Who are these Nixers? 

I actually always called myself a Chief Nixer the initial days because I always feel that we are all in this together. There are problems that we are nixing, nix means destroy or eradicate. We wanted to nix eradicate compliance issues through the process platform. 

So, I always called myself a Chief Nixer and all called all my colleagues Co Nixers. We have had to now almost more than 500 people who traveled with us through a journey for eight years. We had a fantabulous amount of engineering Talent which came and helped us.

Now we have twenty+ Engineers who helped us at this point in time and we are our engineering predominantly engineering-driven organization.

I have one person whom I want to call this is my life partner, Kayalvizhi. She was not a co-founder into the initialization, one of my friends was supposed to be a co-founder. She became co-founder by no choice because he didn’t come but join me when we moved here to set up a shop in Chennai.

And then subsequently she was an engineer so she came to help me at one point of time to help me organize a team and a bunch of things. Then she helped me for a couple of iterations and then subsequently after we got some Capital, we got some external help,  then she took a back seat again because kids were growing. We have two nice demanding daughters Hasini & Nila.

But after again the restructure exercise post we went through a troublesome time she came back to help. I’m very fortunate to have her as a co-founder because I think the greatest privilege I can have to go all it happened because of her.

• FixNix has launched Polytechnic university. Is there an opportunity for talented people to enter this university for free? 

I think the university model that we had it’s a very globally proven Internship model. I think we have been consistently doing this for almost the past eight years. So, during that time we trained more than 300+ Engineers. The primary thing that we do, we try to make them a good full-stack engineer.

And we don’t mind which college they come from what graduation state they have. We have a lot of people from rural India. Sure, education is free with stipend.

• Do you provide work for students of this university in your company?

Yes, we convert close to 30% of the people to full-time employment. They have opportunities to work with us. From my point of view, we hire more than what we need. But we make sure that we take a lot of interns because we take care that these people can go after work somewhere else. We want to help the people, young talents. I strongly believe in young talent because I started as a young talented in Microsoft. I’m very fortunate and grateful to Microsoft when I gained over there with the gave the opportunity as a young graduate, so I still want to pay it forward and help people to have the same access to get exposed to modern technologies and agile programming practices and then modern web application security practices by working on a Cutting Edge technology company like us.

• What is the distinctive feature of your company from others on the market?

Eight years before when I made the statement “We want to be the salesforce of GRC everybody laughed at us, nobody believed that this will become reality. We are Pioneer in this industry and nowadays the whole industry acknowledges that we are the first ones who discovered this business model very deeply.

• FixNix was incorporated exactly 8 years ago (November 2012). How has your product changed over the years?

We had just a couple of products in the initial days such as audit management, risk management audit and compliance. But now we have got to all the different processes as products in the GRC platform. We have also got the AI technology kind of Predictive Analytics. We have got blockchain Whistleblower, a regulatory risk data in 3D, technology products on which we have collaborated with the large Global Banks. So, we certainly believe we have gone a little far ahead of the competition. My opinion is that we have set up a very great example for the whole industry is what I believe.

• What’s your research/product that makes you especially proud?

I’m really fingers crossed at the looking forward to the blockchain Whistleblower. So in fact, we tried incorporating that as a separate company. The start of this year was the only plan to raise more capital for that and then scaled further as with a separate engineering team and executive team, but we are just trying to hold on because of Covid-19. So hopefully I think are we may get back to work by 2021 again. 

Blockchain business has huge potential. In Blockchain Whistleblower employees can speak up without worried about retaliation and in a very very fair manner. Organizations will be able to change their culture and then their environment social and governance (ESG) indice because of this.

• Blockchain is the future?

Of course. As a cyber security person, I believe it’s one of the Modern data encryption at the transport layers. So it’s going to be the future.

• What do you think is the greatest achievement/award of your company that makes you especially proud?

We are really proud of RegTech 21 because we got selected as a top 21 amongst global competition who have raised $250m in capital.

• What do you think, why many companies save on their security?

Yesterday I gave an interview to a leading media of South India about egregore malware. I think investing in cybersecurity is like taking insurance. Until we die we don’t know the use of insurance. People cannot die every day to make sure that really have the benefit of the insurance. People may not be able to see anything immediately, but when they get Malware or some attack they start to care.

Covid-19 is the best thing that happened for cybersecurity. Everybody now able to understand the need for business continuity, Disaster Recovery, VPN, antivirus, and nobody is safe.

• In recent years many leaks from Russian banks have occurred, and fraudulent schemes using social engineering have increased in Russia. According to your professional vision, which products from FixNix you can recommend that can solve the problem in Russian banks?

We have 12 different products. They are very useful for the bank’s because it’s an entire end-to-end suite for cybersecurity. If it’s a small bank, it can very well start the compliance audit risk. Then they can go about Asset Management business, risk management, and then the policy, a lot of those things: right resiliency, business resiliency.

So I think we would be very glad in case of the Russian banks are open to engaging the player, make headquartered in the US, operating out of India. So we will be very glad to help them. What they need to do is just contact us on FixNix.co 

• What are your future plans? What is your 10-year goal for the business?

I think if everything goes right, I think we have a lot of prospects of opportunity to become a billion dollar company making hundreds of Millions of Dollars in Revenue. So, there’s a huge opportunity. But there is going to be competition but I think we as a Pioneer have some competitive advantage. So just to keep putting fingers crossed and waiting.

• You are not only a successful businessman, but you are also a writer; you have written a book  JUMP-STRAPS. 26 secrets to bootstrap your business. Can you share more details on this book?

Yeah, so I think I’m a great believer in bootstrapping. Bootstrapping the company means you either build the product with the customer found itself or you whatever the small capital have, deploy, and scale the company. So I wrote a book around four years ago. So where are 26 different aspects of bootstrapping. It’s available on Amazon. So, anybody can take a look and then express upon the feedback.

• If you had a crystal ball – what do you think will be the biggest change in cyber security industry this year? 

I think the biggest change in cybersecurity is about culture. Previously the cultured part was missing, people were not talking about security then they start talking about security through committees subcommittees Etc. Things will be in better shape.

• What is your advice for new startupers?

Focus on the problem statement, keep investing more time on validating. Don’t always think that capital is the only issue because you didn’t look upon the product Market fit. You need to go to the market keep talking to a lot of people. Do proper market research.

Spend a lot of time on the personal study is the only recommendation I have got for people.

• What qualities do you think are necessary to work in cyber security field?

Every cybersecurity person should have attention to detail. Okay, you are sitting at a table, that’s a small corner which is broken. Don’t leave it broken. Try to understand why it’s broken and try to understand the reasoning behind it, how it might have happened a separate. When you become a cybersecurity person, you will become a cybersecurity person for life, not only professionally.

• Is there anything else you’d like to share with our readers?

The one thing I want to share about is mindfulness. Now there are covid-19, stress, anxiety depression. All of us are going through all the tough times, so try to follow mindfulness. There are courses, books around it. It’s about physical health & focusing on breathing and a few other things. It’s about the mind. So focus on your mind, first is the body and then the mind. With respect to mind try to do yoga or a few other activities. Try to create a schedule for 1 hour in the morning or in the evening. Even if it’s possible try to do even half an hour. You can combine some of your walkings along with business calls. Please try to create a schedule for becoming mindful. That’s it. That’s the only request I have for everybody.