C2 Labs spins out RegScale as separate, product development company
By Tom Ballard, Chief Alliance Officer, PYA
Roughly two and one-half years after teaming-up to drive growth at C2 Labs, a digital transformation services company, Anil Karmel and Travis Howerton announced yesterday that they are spinning out the product development component and its inaugural product named Atlasity into a new company.
Named RegScale, the new venture is focused on delivering continuous compliance automation for highly regulated public and private sector entities, and the two Co-Founders are focusing their full attention on the new venture. Karmel, who is based in Washington, DC, will serve as Chief Executive Officer, while Howerton will serve as Chief Technology Officer leading the R&D team in the Innovation North Building at the University of Tennessee Research Park.
Craig Thomas, a former Chief Information Security Officer at the Y-12 National Security Complex in Oak Ridge and the Pantex Plant in Amarillo, TX, assumes the role of President of C2 Labs. He joined the company in October 2018.
Concurrent with yesterday’s announcement of the spinout was a second one that celebrated a $1.5 million early funding round with participation from Virginia Innovation Partnership Corporation (formerly the Center for Innovative Technology), New Dominion Angels, and several strategic investors, along with significant customer traction. (EDITOR’S NOTE: Ironically, also in today’s edition at this link is the announcement of the rebranding of the Center for Innovative Technology.)
“It took a ton of time splitting-up into two companies, but we are both now positioned to grow and scale separately which will allow each company to focus on its unique vision and strategy,” Howerton told us recently ahead of the pending official announcement. He’s a well-known and well-respected executive in the information technology and cybersecurity space, having held very senior positions at Oak Ridge National Laboratory, Consolidated Nuclear Security, and the National Nuclear Security Administration.
In terms of the opportunity for RegScale, Howerton told us that “the security world has caught-up with baking security into everything, but compliance has not, and it remains manual and after the fact. With RegScale, we can help our clients have a repeatable approach to all of their compliance needs (cyber, human resources, environmental, etc.) while keeping their cost basis flat, making us an appreciating asset over time as costs continue to reduce via automation.”
He added, “Meeting compliance obligations has traditionally been a manual, time consuming, and expensive process. We are bringing the principles of DevOps to compliance to solve the most difficult compliance headaches that companies face and help them transition their manual, static compliance documentation and processes into a dynamic, automated, and collaborative platform. The cybersecurity industry has been heavily focused on the concept of ‘shifting left’ security to make cybersecurity real-time, continuous, and complete, which positions compliance as the new bottleneck in the digital transformation process. This new funding will allow us to scale up and ‘shift left’ compliance to accelerate innovation, reduce risk, and lower the costs of manual compliance documentation, which our customers are demanding.”
In an earlier interview, Howerton cited four distinct advantages of RegScale: (1) digitizing everything; (2) plugging RegScale into security and compliance tools a client already has to increase their value; (3) reducing the costs associated with supporting multiple audits; and (4) scaling end-to-end, initially for cybersecurity but also areas like human resources and safety.
“Our customers are seeing real results by implementing RegScale, from saving $500,000 per year on their cyber insurance premiums to processing over 70 CMMC system security plans within a few months,” Karmel said. “One customer was able to dynamically report their state of compliance in real time in Tableau by integrating RegScale with Wiz.io, bringing in cloud compliance findings and marrying them against manual assessments of compliance controls. This allowed them to continuously meet their compliance obligations and update their documentation in real time.”
RegScale has seen more than 5,000 downloads of its freemium “Community Edition” and has signed on five major customers for its “Enterprise Edition” platform. Early customers include the U.S. Air Force, U.S. Department of Homeland Security, a Fortune 500 financial services company, and Johnson Controls Federal Systems, which is using RegScale to manage compliance to the Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) standard.
Howerton says the new funding will be used to: (1) validate RegScale’s customer acquisition strategy and metrics as it prepares for a Series A round in 2022; (2) patent certain parts of its methodology; (3) enhance its existing UI (user interface); and (4) improve/automate its quality assurance processes.
“We have achieved product market fit,” he says. “We know we can scale and we have validated the business model. At this point in our company’s journey, the focus is on repeatable strategies and costs for customer acquisition as we bring RegScale to the broader government, financial services, and energy sector markets.”