Episode Transcript
[00:00:00] Speaker A: I make partnership in multiplier. Every client that we run our program, they really like to referral. Hey, I know Lucas, Lucas do this. And not just me, the another guy from my team, for example, Victor, Rachel and the guys in every conversation building this kind of approach to be more secure and trust the environment.
[00:00:27] Speaker B: Welcome to the AI Advantage, where modern leaders decode the future of tech. Hi, I'm Solomon Williams, founder of Solonox. So here it's no noise, no hype every week. Sometimes it's just me and sometimes it's the brightest minds in tech breaking down what it really takes to grow smarter with AI and automation. Let's dive in.
Welcome to the AI Advantage. I'm your host, Solomon Williams. We have a special guest today, we have Lucas Galvala. He's the CEO and the founder Open Cybersecurity. He is a pioneer in trust management across Latam. You know, he has over a decade of experience in the governance and the risk and the compliance factor. So Lucas, so much, thank you for, so much for taking the time. Can you tell us our audience a little bit about yourself on the side?
[00:01:16] Speaker A: Hey Salomon, thank you for having me. So, yeah, I'm Lucas Galvan, founder of Open Cybersecurity. It's a Brazilian and US Company right now working with a lot of clients here in Brazil across Latin America. And now we are getting clients in United States. And yes, you are like a key genta partner here in Latin America. My mission is simple. Growth is like not a overhead. It's growth through bringing us great compliance like sub 2 ISO to Brazil, Mexico. I'm seeing a lot of countries with automation that removes friction and accelerates sales.
[00:01:59] Speaker B: And so it's so interesting. So what brought you through to really wanting to go forward with Open Cybersecurity like on this side?
[00:02:07] Speaker A: Great. Yeah. I spent a decade in cybersecurity laying into discomfort and saw the same blocker everywhere. First I started open cybersecurity to prove this way because the name open, it means the same like I really believes that open cybersecurity could be more accessible, could be more easy and we can educate our prospects or clients and is like eco led a growth partnership.
[00:02:40] Speaker B: And then, you know, I'm curious on like, so tell us a little bit about like on Bata. I don't, I only know a little bit about. So how does it, how did it come about with you working with Batan, like with the open cyber security? Like what's your end goal in providing for the trust management to the side?
[00:02:57] Speaker A: Perfect. So I started working with Venta like almost three years ago. So I've partnered with Venta is the first access in the website just to try and help a client with a demand in SOC 2 certification. So I run the project 10 years ago and this project is was totally manual work spreadsheets a lot of manual job. So asking in Google provided good research. I just localized the Vanta like the first platforms. Then I scheduled a demo. It was very very fast. In the same way the same week we start like a co selling so what does they mean? I the first of all I it was necessary bring a solution to my clients in the same opportunity Vanta looks for me and tell me hey Lucas, can you help me to run our first deal in in Brazil across Latin America. And I said okay perfect. I'm totally open to working with you guys. And we partner with Vienta because yeah basically founders we started studying ldts saw truth like a blocking growth and the mission in open cybersecurity is handle strategy in local delivery, you know. So Venta could automate swap to ISO gdpr any framework that you need to run centralized controls, speedy security questionnaires, improve readiness. So together we cut time to trust, reduce the audit and we help close enterprise deal faster across not just Brazil, across all the world.
[00:04:45] Speaker B: And then on the side man, because I know it's so interesting on you know what led you to really reframe like because I've seen sometimes in your in your post what will lead you to reframe cyber security from control to. I know you see a lot on trust and how is like how does that shape you now on the leadership side in the company vision Because I've seen that and that's such a unique approach of how you've gone about from cybersecurity is all about again as you said like control compliance. But now you've shifted to trust. And I really love like to kind of hear more about that on your leadership side as well.
[00:05:19] Speaker A: Yeah, I agree.
So I reframe security today I saw the deals styled not for features but for a lack of confidence. So trust became the lever for their revenue. So so we moved from checklist to proof. Making SoC2 ISO, DDPR and LGPD specifically here in Brazil is like a sale asset embedded early. So as leader I optimize for time to trust not to time to ticket ensuring cycle time to evidence winning race type limits. And yeah AI give us leverage. It's to automate audit and cash nary so humans focus on customers outcomes. Yeah but it is Not a partnership. Like I'm not just translating and then running and easing the things. So we have a lot of pressure because this one made us sharpen presence and do local partnerships. That's the trust playbook. Now I'm scaling globally.
[00:06:25] Speaker B: Yeah. And then it's so interesting. I love that man. On just on as you shifting over to like getting further, further over bringing that from the US side and building on those partnerships. Like what has. What have you seen worked well with open security and with your partnership with Phantom. Like what are you. The main thing is what would you like to see on your goal? Like as open security, as in Bantam as a. As a goal, what would you look to see by the end of the year?
[00:06:53] Speaker A: Yeah. So what worked? So embedded trust early sell with compliance in local presence. So the tactics automated swap to a nice event. We could optimize our job because it's a MSSP company, but not one more. It's so boring. Open one more company to run MSSP program and but okay. I was thinking how this partnership could optimize my business, my client and accelerate the growth in the event the way. So it's not a easy mission, but it's okay. It works, you know.
[00:07:38] Speaker B: Right. And you know, it's. I'm just curious on. You know, because on as you said like now is kind of coming in as a leader for open securities. You're working with so many different clients. I know you. I know you said you have one upcoming now that you're really working and moving on in the right direction.
Like what as a leader now as kind of moving through and having these higher calls with other C suite. What have you learned and what do you think that you could pass down to others that are small businesses trying to scale? Like what would be your suggestions and your advice to them on that?
[00:08:15] Speaker A: Yeah. So working as a leader, working a lot of clients. So my best prioritizations is like hey, so you are building trust early. And okay, it could be for example a startup company running this program. And I try to explain the vision and the facility to implement it. Some basic controls in security programs in some SaaS companies I know I have like a hybrid type of the clients. Yeah. The almost is more software as a service company. But I have local industry, you know, like healthcare. They produced Met Command. So I have a kind of clients that produce like machines in here in Brazil. So my real lesson here is to simplify the stack of the technology and how can they improve day by day. Because Venta is a platform that you have easily path to run. You need to do this, do this. You need to plug your platform and yeah AI optimize a lot of work. But my real lesson is to it cleans the vision that the all the leaders in these companies like Sisos managers and the last one is show and measure. How can Roy could be rent less late understand?
Because it's like a culture. I lead with empathy. I'm showing a lot of time in person and I make partnership in multiplier. Every client that we run our program they really like to referral. Hey, I know Lucas Lucas do this. And not just me, the another guy from my team for example, Victor, Rachel and the guys in every conversation building this kind of approach to be more secure and trust the environment, you know.
[00:10:16] Speaker B: Yeah. And I think as you mentioned like it speed. The business is at the speed of trust as you mentioned and on that side with partnerships and even with myself seeing it as. As a founder working with. With customers. It's really about building that trust, working with and putting that integrity of your business of you know, what's the benefit for yourself? Is what can I provide as a value as a benefit and moving through with that, with integrity for that. And I think that's very key. And I eventually nowadays as you mentioned with A.I. yes, it's good. The tools are great. You know, it works out all of these outcomes, but it focuses more on the human element and building again on that trust. So I love that side because specifically even with open securities you focus on that from control to trust. So you know, I already love that with that partnership. So you know what lessons you think that connect with Latem? Like what. What are the lessons that you've used that connect with Latem when you grow to your US partnerships? Does that make sense on the question?
[00:11:20] Speaker A: Yes, totally. It's totally connected with our reality. So three lessons in Latam way to growth is the first trust first. Yes. We are building community. So the name from this community is like a trust community. It runs in. Runs in cycle. We have in this community the Venta guys.
So I love the guys from Vanta I It's like a. A good name like my Vanta nerds because they prove always in every time they want to help us. So I think it's the first lesson build a strong relationship with the. With the vendor. You know. So just to have a. A good perception. I work every day a lot running a lot of deals with a salesperson from Venta. Her name is Constance Bridion and I work with Constance John Kelly and she leads me in this way proofing and proving that we are building here like a trust management systems and like a teaching every leadership and to hey venta could facilitate your way.
So but it's not easy because we sometimes have lack of the communication not with the vanta guys, but with the clients. It's like a trilingual connection. So I start the program saying hey Solomon, how are you? So it's in Brazil it means.
So in the same way is like in afternoon I need to change the pilot's to Spanish in the afternoon. The night it needs to be in English in return.
So it's not easy. But we are building a lot of playbooks to facilitate this way. So I'm making easy consolidated tools orchestration and I'm really using AI like a go to market strategy to facilitate all the job.
So it's possible I'm investing automating the go to market strategy. But I'm totally human focused. I'm very very. I have a precocation like this. I like your AI, but I love humans more.
[00:13:43] Speaker B: Right. And so do you feel like that's a key part in what you do and how you go about with building these partnerships? When you bring this category into Brazil, you know, Mexico, like is that something you heavily utilize to help build that gap?
[00:13:58] Speaker A: Yes.
So it's. It's really.
It's really like.
How can I say it helps bridge the gap. So we localize the playbooks. But honestly it's not easy way. So in Brazil specifically in all Latin America, the trust management is a new thing in cause of this. Yes.
You don't know about this?
[00:14:25] Speaker B: No. Educate me.
[00:14:26] Speaker A: Yes, yes. It's my first job here. Try educate every lead, every person.
So yeah, you have like cybersecurity risk management in cyber. But the new category is trust management and every guy what does it mean? So I tried to explain. Hey guys. Easy management interests in proof into revenue.
So we will need to connect your regulatory system. You need centralizer control in the same type. You need the audit.
It's a mission, you know.
[00:15:04] Speaker B: Right. And then with that mission and so what you have, what wins have you had for open security. And then with your partnership at that prove the model like what wins that prove the model that works. And you know why? Why? It's just the start on that.
[00:15:19] Speaker A: Yeah, it's a start big wins. It's start time to trust by months. For example sales cycle that during like a six month on one year. So we are closing this one faster like in the same day. So the first stock ISO wins a lot of deals in Brazil and Mexico.
So now you have a deal in Republica Dominicana. It was in Santo Domingo. And the same lesson, reduce the all the lack of the communication and show to the client. That's the first conversation. Understand the pain points and bring this one to reality, you know. And yeah, the Venta platform is an easy way.
Yeah. We have humor here to prove this one dilemma. Oh yeah, yeah. Do you know human?
[00:16:09] Speaker B: I don't. I don't know too much on it. What is that? The culture symbol? Like what does it mean?
[00:16:14] Speaker A: Yeah, yeah. So yeah, she's. She's a mascot from. From Banta. So I stayed in New York City three weeks ago to.
To stay with more closer with these things being localized, like strategic and critical partners here. So Yuma is the personification of this ecosystem. And Yuma is very strong. Yuma can cross continents. Yuma can show and be like an animal. It's an animal that have like a strongest in ourselves. You know, I like. Is that my stuff? Yeah, I know.
[00:16:57] Speaker B: I like that, man. And.
[00:16:58] Speaker A: And then just to understand, just to understand. I bring Sock too.
[00:17:03] Speaker B: That's the way to go.
[00:17:05] Speaker A: Yeah. It's not just a certification. It's not just a pair of shoes. Because in the GRC team need to stay closer every day. It need be comfortable. It'd be easy, you know.
[00:17:19] Speaker B: Right. So I. And that's. That's a good point that you brought up. Like where. Where do you see like the trend of what you're seeing with Latent, with the open, with the compliance and with how AI is coming in. Where do you see in the next couple years like the trends that we're going through and how.
What is your idea of how to ride that wave and to be ahead of any bottlenecks or any stop gaps, Especially now that you're moving this in and now that you're adding this trust category into Latin America.
[00:17:51] Speaker A: Yeah. So I think we. We are like in a resident. You know, the buyers want to proof and Roy not pilot. So the trends. So I think it's like a AI tool consolidation, like a new rev ops model. I think you asked me something like this. Right. Do you understand more? Yeah. So tire automation limits and every time platforms must be right. My playbook is easy. So embarrass early sell with compliance. Simplify all these steps and measure everything. Keep human front and center.
Like a future in marketing and strategy. Something like this.
This wave isn't optional. It's already reshaping how we build, how we sell and we grow and there is not a checkbox. It's highly like a gyne of growth. You know.
[00:18:47] Speaker B: So with that with being that you know, trusting the focal point. What have you seen that's what has been like the most frustrating thing on helping companies adopt this trust management as is that always is it building that and helping them to educate them on that. Where has that been for you?
[00:19:03] Speaker A: Yeah. So honestly the big frustration is like the a lot of tools is sprawled in like a silhouette Dashboards that don't talk to the reality. It is lowest auditing. It won't work to sales teams. It's not optimized same cycles from the client. But honestly I is very, very easy to fix.
[00:19:26] Speaker B: Right.
[00:19:26] Speaker A: Consolidated stacks, automated evidence align the guys in the sales item. Security is like a time to trust as the core KPI.
[00:19:34] Speaker B: Right. And I think that's like. That's one of the key is the. The biggest factors into that is again it just goes back again to trust and it goes back on that side. So I love it. And. And then from this side you know think I've mentioned it beforehand. But you know I think like the audience would love to really like what is it like that you want to really folks to know and want to move forward on like what you want them to understand on trust management on what exactly on open security is and that you what you want to provide in the whole as moving forward.
[00:20:08] Speaker A: Perfect. Yeah. It's a mission to answer you. But honestly I think every human had a mission when we born. So like the trust is a growth model, not an overhead. No the trust management it means so proof be faster. And so open cybersecurity brings new kind of thing in the country bring. It's totally now aligned with A +EU United States alignment and the outcomes. And so I really believe is a reduction of a lot of tools A real keep humans in the front of center but bring education bring more conscience consciousness in the cybersecurity. So trust isn't a checkbox but cybersecurity want to be the compliance early and want to redefine the cybersecurity program.
[00:21:04] Speaker B: And then where if people wanted to learn more about open security your journey Lucas. Where can they find you where they learn more.
[00:21:12] Speaker A: Yeah. So I really want to invite you to guys access open cybersecurity.com my website.
So I really want to be very very comfortable with you so you can join our new community. Maybe I will deploy this one just in the next next week is a new community named Trust Community. So I have a Podcast too. The name is Professor Venta so you can localize me and I have a local interview sometimes I. I run some interviews in television here in Brazil and so I really want the guys invite the guys to hear your podcast too. My next episode is here.
[00:21:59] Speaker B: I would. I'd love to have it. I'll make sure to have this in and have the audience look over to put in the link man. And. And you know before we go I want to. I always ask my other guests these questions is you know Lucas, if you had like a magic wand, if you could have AI do anything on this regard to help you know with the business, what would you use it for? If you could you wave a magic wand.
[00:22:19] Speaker A: So can you explain me that bit.
[00:22:21] Speaker B: More do so and so you know normally it's kind of like a wish list as and having it is you know with AI coming forward, you know everybody utilize who know up we talked about. But if there was any bottleneck, if there was anything that you want to improve on anything off it for breathing yourself personally or for what you could do with open security, open cybersecurity, what would you use a for if AI had no restrictions, if it could just wave the magic mod and do that, what would you do it for?
[00:22:53] Speaker A: Perfect. Yeah. The first way I. I mean AI is a superpower but not a replacement. Not the hype but it gives human leverage. It removes friction, you know so AI is a like I'm using this one my clients is using so to autocollect the evidence from your stack to map SOC2 ISO A in real time and autocomplete security questionnaires with verified controls and zero copy answers. It's real answer. It's not the last evidence that your auditor collect one year ago it was collected five minutes ago. You know, so you don't need to do the wrong information and wrong and do mistakes in auditing. But AI could provide like a plus graph still the gaps honor deadlines and it really facilitates the multilingual support because we are proofing this. We have the original policies. It was made in English so it's easy to adaptate to Brazil, Mexico. If you want we can do in Mandarin. You know it's like a Q2 to sprawl in unifying GRC universe in you and workspace.
[00:24:13] Speaker B: Got it. I love it man. And so you know Lucas, thanks again for being a guest on the show. We'd love to have you. And then for the. For the audience down below, I'll make sure to look over. You can follow Lucas on the podcast below in his journey. I'll have that over. Lucas will look forward to working with you next time. Love to have you in on a future episode to just see where Open Security has done and like your your your growth and what you've done on the in the Latin American community on that side.
[00:24:41] Speaker A: Yes, we are just in starting this way. Solomon, thank you so much to close and bring the reality of our market to real try to understand or keep p point and if you stayed in Brazil sometime you just need to call me because I'm human. I like to stay in front and build trust relationships. Thank you so much.
[00:25:05] Speaker B: Thank you Lucas. We'll see you next time on the show. Thanks for so much for listening. Yeah, thanks for tuning in to the AI advantage. If this episode sparked an idea, share it with your network.
Subscribe for more no club conversations on how smart tech drives real outcomes. And if you're ready to future proof your business, let's connect at solonox. Net.
