Craig Unger

CEO and Founder

Favorite book

"The Scarlet Letter"

Company:

Hyperproof

Follow the guest

Listen Here

Conversation
Highlights

From FTC Crisis to Category Creation: How Hyperproof’s Craig Unger is Reimagining Enterprise Compliance

Sometimes the most compelling startup ideas emerge from moments of crisis. For Craig Unger, that moment came during his tenure leading Microsoft’s authentication systems, when an FTC audit exposed the glaring gaps in enterprise compliance tooling. Today, as founder and CEO of Hyperproof, he’s transforming how organizations approach compliance—and challenging long-held assumptions about trust and transparency along the way.

In a recent episode of Category Visionaries, Craig shared how a regulatory crisis sparked his journey to pioneer a new category in compliance operations. During his time at Microsoft managing authentication services for Xbox and Office 365, his team faced potential fines of “a million dollars user a day” with “100 million unique users a month.” The stakes were astronomical, but the tools were primitive: “I had to do these really very deep audits, very little tooling help or infrastructure and of course I was really just a product person at that time. I didn’t know anything about compliance and so it was a very scary time for me because one error could really be very impactful to the company.”

This experience planted the seeds for what would become Hyperproof. As Craig explains, “Every workload at some point when it becomes important, serious and very high value will evolve out of a spreadsheet.” He saw compliance following the same evolutionary path that security had traced years before—from a specialized function to an organization-wide imperative.

The Art of Category Creation Rather than trying to dominate an existing market, Craig is pursuing the more nuanced challenge of category creation. “I think our goal is to create a new category, a different way of thinking about it,” he explains. But he’s pragmatic about the journey: “At the end of the day, I think people will end up looking at it as an evolution of what previously before was GRC.”

This balanced approach to category positioning reflects a deeper understanding of how markets evolve. While Hyperproof is pioneering what they call “compliance operations,” Craig recognizes that radical change often comes through evolution rather than revolution.

Unconventional Paths to Market Education One of Craig’s most interesting tactical insights involves his approach to analyst relations. Instead of pursuing traditional (and expensive) analyst coverage, he advocates for a more targeted strategy: “When you’re a smaller company, it’s more beneficial to build relationships with smaller analysts, folks who work individually, they tend to have more unique viewpoints and they can kind of bring you into more unique situations.”

This approach extends to how Hyperproof educates the market about their new category. Craig draws parallels to the evolution of security practices: “Compliance is following the historical track of security where it started. Also as a small group of people, they may do penetration tests and send reports to the board and then you think your organization is secure.” Breaking this mindset requires demonstrating how “everybody has a role to play” in modern compliance.

The Discipline of Customer Focus Perhaps Craig’s most valuable insight for founders involves maintaining strict discipline around ideal customer profile (ICP) during early growth. “There’s a natural tension between taking on all comers in the beginning because you want to make revenue. And then you may create obligations for yourself to support customers outside of your ICP that really isn’t helpful to you.” His advice? “Try to lock in on your key customer, one that you can keep and expand and do that as fast as possible. It’s probably better to grow revenue slightly slower in order to do that.”

This focus has paid off—Hyperproof has been “growing at least two x a year for a number of years” while maintaining strong customer satisfaction and expansion metrics.

Reimagining Trust Through Technology Craig’s vision extends beyond just modernizing compliance tooling. He’s pushing for a fundamental shift in how organizations think about trust and transparency. “The compliance and security world hasn’t really adjusted to that. In other words, they’re still laboring under the belief that in order to do well in the market, everybody that they serve needs to be convinced that they’re perfect and they don’t make mistakes.”

Instead, Craig advocates for “the normalization of and now is the likelihood of human error that’s going to happen, but it allows them to kind of build trust in those situations where it’s kind of most tense because a mistake might have been made.” It’s a radical reimagining of how technology can facilitate trust between organizations and their stakeholders.

For B2B founders, Craig’s journey offers valuable lessons in category creation, market education, and maintaining focus while pursuing an ambitious vision. Sometimes the biggest opportunities come not from building a better mousetrap, but from fundamentally reimagining how we solve critical business challenges.

Actionable
Takeaways

Connect Compliance to Risk Reduction for Strategic Relevance:

Craig emphasizes the importance of elevating the compliance conversation beyond a box-checking exercise to a strategic imperative. Hyperproof positions its platform as a way to measurably reduce organizational risk, not just meet audit requirements. Founders in regulated or security-sensitive verticals can apply this lesson by clearly linking their solution to mitigating existential business risk, gaining greater executive buy-in and budget.

Take a Customer-Centric Approach to Category Creation:

While existing analysts may group Hyperproof with GRC or IRM tools, the company aspires to establish a new category around compliance operations. Craig realizes this will be an evolution, keeping Hyperproof aligned to customer needs. Founders pursuing category creation should adopt a similar customer-centric approach - maintaining flexibility in their narrative while persistently evangelizing their vision.

Focus on the Right Customers to Drive Efficient Growth:

A key lesson from Hyperproof's journey to product-market fit is the discipline to focus on ideal customer profiles (ICPs) early on. While tempting to chase any revenue when starting out, Craig advises a more targeted approach. He suggests foregoing some growth to build a solid base of customers that can expand over time. Founders should define their ICP early and stay focused, as catering to the wrong customers can distract product development and increase churn.

Adapt to Intersecting Stakeholders in Enterprise Sales:

Selling compliance solutions in the enterprise often starts with engaging the CISO but frequently expands to compliance officers, security analysts, legal teams and engineering leaders. Craig highlights the importance of understanding each persona's objectives and crafting relevant value propositions. Founders selling to large organizations must embrace this complexity, tailoring their approach to each stakeholder while maintaining consistent positioning.

Recognize Market Education as an Ongoing GTM Requirement:

Driving adoption of a new solution category often requires active market education. Craig identifies the need to build awareness of compliance as a continuous, organization-wide process as a key GTM challenge. He views it as an industry-wide shift, similar to the evolution of security from an isolated team to a pervasive concern. Founders pioneering new approaches should budget for market education in their GTM plans and commit to evangelizing patiently.