From SQL Injection to Compliance Automation in Cybersecurity with Andrew Plato

In this episode of Behind the Shield, Jason Shropshire sits down with cybersecurity founder, author, and industry veteran Andrew Plato for a candid, wide-ranging conversation on what it really takes to build and scale a cybersecurity company. Andrew shares his journey from accidentally discovering one of the earliest SQL injection vulnerabilities in the 90s to founding and growing a cybersecurity company over 26 years and ultimately exiting after building a successful compliance automation platform. Along the way, he breaks down the hard-earned lessons that most founders learn the hard way, covering everything from business model pivots and scaling challenges to sales strategy and the evolution of compliance in cloud environments. This episode goes beyond technical security talk and dives into the mindset shifts that separate successful companies from the rest. From why “compliance is miserable” and how automation changed the game, to why customers do not buy products but instead buy pain relief, Andrew offers unfiltered insights that apply to startups, established companies, and anyone navigating today’s cybersecurity landscape. Whether you are a founder, operator, or part of a growing security team, this conversation will challenge how you think about building, selling, and delivering cybersecurity solutions in a rapidly evolving market. Chapters: 0:09 Introduction and Welcome 0:59 Andrew's Early Career and SQL Injection Discovery 3:01 Starting a Security Company 5:44 Compliance Automation and AWS Collaboration 10:49 Managed Security and Automation Insights 33:15 The Founder's Dilemma and Business Growth 52:31 Sales Strategies and Credibility Selling 61:21 Closing Remarks What You'll Learn: • How one of the earliest SQL injection discoveries helped spark a cybersecurity career • The reality of building and pivoting a company over decades • Why compliance has historically been “miserable” and how automation is changing that • The origin and evolution of compliance automation platforms • Why moving customers into standardized environments accelerates security and scalability • The shift from hourly consulting to scalable, subscription-based models • Why customers do not buy products but instead buy pain relief • How to position cybersecurity as removing business barriers, not adding them • The concept of opportunity barriers and how compliance impacts revenue • Why traditional sales approaches like cold calling and product pitching no longer work • The importance of credibility over product features in modern cybersecurity sales • How startups can compete against larger, established players • The biggest mistakes founders make and how to avoid them • Why understanding your customer’s pain is the foundation of growth • How automation and AI are accelerating the future of security and compliance Guest Links: Andrew Plato-   / andrewplato   The Founder's User Manual (Book)- https://www.amazon.com/dp/B0CZXP7TNF/... Company- https://zenaciti.com/ InfusionPoints Links: Jason Shropshire-   / shrop     / infusionpoints   https://infusionpoints.com/ InfusionPoints & AWS: InfusionPoints is proud to be an Amazon Web Services Premier Tier Services Partner, supporting organizations in building, managing, and defending secure cloud environments. About Us: InfusionPoints is a trusted cybersecurity, cloud engineering, and compliance partner helping organizations Build, Manage, and Defend secure, mission-ready environments in highly regulated markets. We specialize in FedRAMP, FedRAMP 20x, DoD, and enterprise security frameworks, supporting organizations from initial authorization through continuous monitoring and optimization. Our team brings deep technical expertise and real-world operational insight to every engagement. Through our independent, security-first approach, we integrate people, processes, and technology to deliver scalable, compliant, and resilient solutions. From strategy and architecture to operations and defense, we help customers move faster without sacrificing security.