Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know.
ByteChek Founder AJ Yawn Brings Discipline to Everything He Does
Security Pro File: The former Army captain, whose security startup is on an upward trajectory, works hard to "make compliance suck less."
AJ Yawn does not look like a man who works 15 or 16 hours a day. He does not look like a man who, as of March, had worked seven days a week without a day off for exactly two years. Despite the grueling pace, Yawn, CEO of cybersecurity compliance startup ByteChek, does not look haggard or sound exhausted. Rather, he is young, fit, and photogenic, and he is laser-focused on changing how companies handle compliance.
The toil is paying off, too. ByteChek, which Yawn founded in 2020, raised over $3 million this winter during its seed round of investing, and it has grown its clientele by 40%.
His secret? It comes down to the two subjects that crop up over and over in conversation with Yawn: keen attention to mental health and discipline.
Prioritizing Mental Health
"Take breaks," he recommends. "Don't check your phone or email for the first hour of the day. [Instead], meditate, work out, read, clear your mind for the day. Then no phone an hour before bed. Holistic medicine, restorative sleep."
The other side of this coin, of course, is an iron discipline. "I don't do half work," Yawn says. "I work like a lion: a weeklong hunt, then complete rest. My team knows that when I take breaks, they're breaks — no phone, no email."
It's hard to imagine a digital, COVID-era work environment that doesn't rely on "half work," usually under the name of "multitasking."
Note, though, that ByteChek's mission is itself a form of multitasking. "ByteChek wants to build a world where companies can quickly build trust with customers, prospects, and investors without having to jump through hoops and months of time," Yawn says. This means a single integrated solution for SOC 2, HIPAA, and ISO 27001.
Historically, compliance solutions have been protracted, painfully analog affairs. A company had to hire a CPA firm that billed by the hour and farmed out the testing to various project managers, who oversaw a slow, manual check. Fees would pile up as the project dragged on. ByteChek's compliance platform exists to make such firms unnecessary.
In other words, ByteChek exists to "make compliance suck less," Yawn says.
Changing How Compliance Works
At the heart of the company is its proprietary internal testing tool, built largely by Yawn himself, that checks risk management and other functions through a client's cloud environment through custom logic and AI. This eliminates the need for an external auditor.
Compliance and information security are different functions with different standards, but organizations can use compliance to show what security measures are in place. "[Your auditor] might only need to see a sample of databases to see if they're properly encrypted," Yawn says. "Compliance isn't about being right 100% of the time, like infosec is. It's about, 'Are the processes in place to make sure this control works?'"
Don't take that to mean that the company is sloppy. ByteChek uses the American Institute of Certified Public Accountants (AICPA) SOC 2 standard. In fact, AICPA selected ByteChek for its infosec Startup Accelerator, giving Yawn and his team key mentorship and exposure, as well as a $25,000 investment. The company's rigor, in other words, is high.
Bringing a Disciplined Team Approach
Yawn never expected to be a startup CEO. He expected to be a career officer in the United States Army. After ROTC and a basketball career at Florida State University, Yawn enrolled in the Army Signal Corps, where he made captain. (The Signal Corps handles Army communications, including digital communications.) He was deployed for 18 months of his six years in the Army, including nine months in Jordan along the Syrian border. The Signal Corps was a comfortable fit for him. His father had been a Marine, and he himself had been a tinkerer as a child, fixing computers and taking apart robots. The physical discipline and team politics of basketball also transferred well to his military career.
It was in the Signal Corps that Yawn began to realize the massive importance of compliance testing. All the work was manual, and Yawn's every attempt at instituting any basic automation was held up by the Army bureaucracy's creeping pace. When he left the Army so he could be home when his first son was born, he went to work at cybersecurity firm Coalfire as a principal consultant. By around 2018, with about 500 SOC 2 examinations under his belt, Yawn began to consider starting his own company: "I wanted to bring software to this problem."
All of this prior experience went into his vision for a new startup. Courage, an appetite for risk, and a soldier's sense of leading on the job all undergird ByteChek's operations. Perhaps ironically, Yawn's military experience also gave him a strong sense of empathy. His philosophy is proudly "people first," and that applies to his clients as much as to his eight staffers, his investors, and others.
"We forget about the human behind whatever the task is," he says. "They might be tired. They might have kids."
Besides, he adds, "Security's a team sport. You can't grow a company if people don't want to work there!"
"We had a situation recently where a CISO needed help with a customer or investor – with a third party," Yawn shares. "He was struggling to communicate the value of compliance testing to them. I saw that he was stressed about their upcoming meeting, so I asked if I could join him on the call" as backup.
It had only cost Yawn an hour, and it made no difference to ByteChek's bottom line, but people-first means people-first, and Yawn, ever the officer, is proud of his word.
Of course, the other side of that coin is discipline. No one at ByteChek is required to work a fixed number of hours, but Yawn exhorts his team to do "deep work" — "to block their calendar, turn off Slack notifications, email, etc., and just lock in."
"Focus is a superpower," he says. "We encourage an elite level of focus at ByteChek."
Translating Relationships to Investors
Another major concern for Yawn is diversity, not only in compliance but in tech finance. "If you don't look like 98% of your competitors," says Yawn, who is Black, "it will be an uphill battle to get funding. I realized [during the first rounds of investment for ByteChek] I was wasting time explaining who I was."
Yawn, who never made a cold call during these early rounds — instead relying exclusively on his ability to network — eventually got introductions to Black angel investors, who took a chance on him. "I had a money target, not a threshold for Black investors," he says, "but I'm having so much more success with investors who look like me."
For Yawn, investment is a relationship, and while he's adamant that Black investment outfits are not charities, he does see them as mentors for a new generation of female and minority tech entrepreneurs.
It's sorely needed. "There's a 3 million job shortage in tech right now. We're not going to fill it by hiring just white males," he says. The fact that leadership in tech and compliance is almost exclusively white and male worries him. But overall, he's optimistic. The $3 million he raised in two months was overwhelmingly from Black investors.
In his words, "We got us."
PERSONALITY BYTES
What's the No. 1 secret to your success? "I meditate every day. Mental health is so important. Forget your business plan — are your mentals OK? If we can create an army of employees concerned with mental health, our results will be better."
If you weren't in compliance, what would you be doing? "Something in leadership, maybe in sports. I'd probably be either coaching basketball or still in the Army."
Your favorite thing to do outside of work? "Spending time with my kids. It's humbling: They don't care about ByteChek. They want to build Legos and run in the park. Other than that, a friend of mine has a boat, and sometimes I'll go out on the water and bring my work with me. You can't not have fun on a boat."
Something your colleagues would be surprised to know about you? "I'm terrified of birds. Seriously. I saw the movie 'The Birds' as a kid — it shook me."
About the Author
You May Also Like
DevSecOps/AWS
Oct 17, 2024Social Engineering: New Tricks, New Threats, New Defenses
Oct 23, 202410 Emerging Vulnerabilities Every Enterprise Should Know
Oct 30, 2024Simplify Data Security with Automation
Oct 31, 2024