Wolverines in Tech — Natasja Nielsen, co-founder of Secureframe
Wolverines in Tech is proud to have Natasja Nielsen, CSE ’15 who is currently the founder and CTO at Secureframe, a company that helps organizations automate and maintain SOC 2 and ISO 27001 compliance, was recently featured in Techcrunch and raised $4.5M from the likes of Base10 Partners, Gradient Ventures, Village Global, and Soma Capital, among others. At Michigan, Natasja was part of the team that started MHacks and Shift, a creator space on campus.
Secureframe is actively hiring.
Interested in being a part of the Wolverines in Tech community? Sign up here
Let’s start with, what is SOC 2 compliance and why are you spending your life trying to solve it?
SOC 2 is a security compliance certification that verifies that a company upholds a certain level of data security. SOC 2 (and other certifications, like ISO 27001) is essentially a long checklist that covers different aspects of data security, like organizational structure and information access controls. For example, what access do each of your employees have to all the different services and systems that you use? Who has access to your AWS instances?
When a B2B company wants to sell their services to another company, the potential client will often come back to the company and say, “We’re excited to use your service, but we want to make sure our data (and our customers’ data) is safe with you.” These clients will ask if the company is SOC 2 compliant, and if not, will provide their own security questionnaire for the company to fill out. These questionnaires can be several hundred questions long, and end up taking up a lot of engineering and leadership team members’ time, while also blocking the sales team.
Companies typically wait as long as possible to get the certification because it is traditionally a time-intensive and expensive process. Usually, the company will hire a consultant or auditor to come in and manually gather evidence. We’re automating a lot of that process, and in doing that, are able to get companies compliant more quickly and also more affordable, and make it something that even really tiny startups can do.
Some of our customers are two or three person teams. The idea of getting a SOC 2 certification for a team of that size, even two years ago, was unheard of.
Was this something you experienced in a previous workplace and you realized that you could automate a lot of it?
I personally did not, but my co-founder did. I was at Amazon for a long time before this, and at a big company like Amazon, compliance is far removed from your average day to day activities, unless you are in a security-related role. Amazon has entire organizations to manage security compliance.
My co-founder, Shrav, has worked at a handful of startups over his career and has gone through this process a couple of times at previous companies. He comes from a sales and marketing background and got to experience first-hand the frustration of a sales pipeline blocked by compliance certification.
When looking at my co-founder’s experience through the lens of my own background in automation, the need for something like what we’re building at Secureframe was kind of a no brainer.
You mentioned you were working at Amazon. Was starting a company something that you were thinking about?
Definitely, I had always wanted to start a company. During college, I consulted for a handful of startups, interned at a startup one summer, and then spent another summer interning at Amazon. I fully expected to go into a startup right after college, and start something eventually. But my time interning at Amazon taught me that there was so much more to software development than I had realized. I wanted to learn how to do things well, at scale, before eventually starting a company of my own.
What kind of work did you do at Amazon?
When I first started at Amazon after college, I was in AWS, working on networking infrastructure and automating operations in the data centers. I didn’t love the networking side of it, but I really liked the hardware and automation aspects of the work, so I later transferred to Lab126, which is Amazon’s hardware research lab.
There, I worked on the Alexa devices for a few years, helping to launch a bunch of the new devices (the ones with screens and a Zigbee radio built-in) and working on a lot of new smart home automation features.
In my spare time, I was studying software architecture docs. There are a lot of great resources within Amazon on different types of web architecture, because so much of the Internet is built off of AWS.
I eventually left Amazon to work at a robotic farming startup, and later returned to work on stealth hardware projects.
Backpedalling to your experiences at Michigan, you mentioned that you founded Shift and were around when MHacks started. How was your experience at Michigan, especially around the extracurriculars?
While I was at Michigan, startup culture wasn’t mainstream like it is now. The college hackathon scene wasn’t really a thing yet either — PennApps had been going on for a bit, but it wasn’t like PennApps as we know it today.
But, Michigan has had a really incredible entrepreneurial community for years, and there was a student group called MPowered that I was a part of whose entire mission was to spread the entrepreneurial spirit on campus and get more students into startups. We ran a bunch of events each year, like 1000 Pitches, a campus-wide pitch competition where students would pitch their company ideas, and Startup Career Fair, an annual career fair with startups from all over the country. We would run around campus giving out t-shirts and trying to convince our fellow students to start companies. Everyone became obsessed with t-shirt design for a while, it was a lot of fun.
We went to PennApps a few times (and later other hackathons), and after one of those trips, a handful of us started MHacks. That first one exploded overnight, with students attending from tons of different colleges, and was a huge hit. In a lot of ways, it felt like starting a company — we had definitely jumped off that proverbial startup cliff and were assembling the plane on the way down. Total chaos, incredible learning experience.
Do you have any stories of how you have leveraged your Michigan connection?
Not off the top of my head, but a lot of the people from that community are still really good friends, and many live in the Bay Area now. Four of my closest friends are from that squad and we have a little quarantine pod going. Erik (Erik Torenberg) and I became good friends at Michigan and he is an investor in our company. One of our other investors is also a Michigan alumnus.
This interview is part of our weekly Wolverines in Tech series. If you’d like to be a part of the broader community, please fill out this form
