In this episode of Behind the Shield, Jason Shropshire sits down with cybersecurity founder, author, and industry veteran Andrew Plato for a candid, wide-ranging conversation on what it really takes to build and scale a cybersecurity company.

Andrew shares his journey from accidentally discovering one of the earliest SQL injection vulnerabilities in the 90s to founding and growing a cybersecurity company over 26 years and ultimately exiting after building a successful compliance automation platform. Along the way, he breaks down the hard-earned lessons that most founders learn the hard way, covering everything from business model pivots and scaling challenges to sales strategy and the evolution of compliance in cloud environments.

This episode goes beyond technical security talk and dives into the mindset shifts that separate successful companies from the rest. From why “compliance is miserable” and how automation changed the game, to why customers do not buy products but instead buy pain relief, Andrew offers unfiltered insights that apply to startups, established companies, and anyone navigating today’s cybersecurity landscape.

Whether you are a founder, operator, or part of a growing security team, this conversation will challenge how you think about building, selling, and delivering cybersecurity solutions in a rapidly evolving market.

Chapters:
0:09 Introduction and Welcome
0:59 Andrew's Early Career and SQL Injection Discovery
3:01 Starting a Security Company
5:44 Compliance Automation and AWS Collaboration
10:49 Managed Security and Automation Insights
33:15 The Founder's Dilemma and Business Growth
52:31 Sales Strategies and Credibility Selling
61:21 Closing Remarks

What You'll Learn:
• How one of the earliest SQL injection discoveries helped spark a cybersecurity career
• The reality of building and pivoting a company over decades
• Why compliance has historically been “miserable” and how automation is changing that
• The origin and evolution of compliance automation platforms
• Why moving customers into standardized environments accelerates security and scalability
• The shift from hourly consulting to scalable, subscription-based models
• Why customers do not buy products but instead buy pain relief
• How to position cybersecurity as removing business barriers, not adding them
• The concept of opportunity barriers and how compliance impacts revenue
• Why traditional sales approaches like cold calling and product pitching no longer work
• The importance of credibility over product features in modern cybersecurity sales
• How startups can compete against larger, established players
• The biggest mistakes founders make and how to avoid them
• Why understanding your customer’s pain is the foundation of growth
• How automation and AI are accelerating the future of security and compliance

Guest Links:
Andrew Plato- https://www.linkedin.com/in/andrewplato/
The Founder's User Manual (Book)- https://www.amazon.com/dp/B0CZXP7TNF/ref=tsm_1_fb_lk
Company- https://zenaciti.com/

InfusionPoints Links:
Jason Shropshire- https://www.linkedin.com/in/shrop/
https://www.linkedin.com/company/infusionpoints/
https://infusionpoints.com/

About Us:
InfusionPoints is a trusted cybersecurity, cloud engineering, and compliance partner helping organizations Build, Manage, and Defend secure, mission-ready environments in highly regulated markets.
We specialize in FedRAMP, FedRAMP 20x, DoD, and enterprise security frameworks, supporting organizations from initial authorization through continuous monitoring and optimization. Our team brings deep technical expertise and real-world operational insight to every e