Finding Product-Market Fit After 3 Years of Failed Ideas
Building Sprinto: From Failed SaaS Ideas to AI-First Compliance
概览
This episode features Girish Redikar, founder of Sprinto, in conversation with Omar Khan about the long path from failed recruiting-product experiments to building an eight-figure ARR compliance SaaS company.
The discussion contrasts Girish’s first startup journey with RecruiterBox, where he and his co-founder spent years learning, coding, and searching for traction, with Sprinto, where they applied a more deliberate validation process before writing code.
A central theme is that “boring” compliance problems can be valuable when demand already exists, but productizing a service-heavy workflow requires deep operational understanding. The episode also explores how AI is reshaping compliance from three directions: product automation, customer governance needs, and new external security threats.
分段落总结
[00:02] Episode Setup
[事实] Omar introduces the show as a SaaS podcast focused on founders building and growing SaaS in the AI era.
[事实] Girish Redikar is introduced as a founder who sold his first SaaS company and grew his second company to eight figures in ARR with more than 3,000 customers.
[事实] Omar frames Girish’s first journey as one that included years of building products nobody wanted and teaching himself to code at age 28.
[02:04] What Sprinto Does
[事实] Girish describes Sprinto as an autonomous trust platform.
[事实] Sprinto helps companies prove they have the right safeguards in place for security, privacy, compliance, and trust with customers, partners, and regulators.
[事实] Girish says Sprinto serves more than 3,000 customers across 70 countries, has eight figures in ARR, and has about 350 remote employees.
[事实] Omar notes that Sprinto has raised about $30 million to $32 million, which Girish confirms.
[03:38] The RecruiterBox Backstory
[事实] Before Sprinto, Girish built RecruiterBox, a bootstrapped SaaS company in recruiting.
[事实] Girish says he and his co-founder initially did not know much about building software companies or businesses.
[事实] They taught themselves programming because they could not afford to hire programmers.
[事实] Their early recruiting ideas included a job search engine and a resume-to-job-description matching product using machine learning.
[05:11] Why Early Ideas Failed
[事实] Girish says the job search idea ran into the problem that many jobs had no public digital footprint.
[事实] He estimates that only about 30% of jobs had a public digital footprint, while the rest existed in private communications or closed channels.
[事实] The resume-matching technology worked, but they were not able to turn it into a successful business.
[事实] RecruiterBox eventually became a hiring CRM that helped companies manage recruiting activity in one place.
[08:08] Persistence Through Years Without Traction
[事实] Omar says Girish and his co-founder spent two to three years trying different ideas before RecruiterBox worked.
[事实] Girish says that period was hard both financially and mentally.
[事实] He describes their persistence as either stubbornness or determination, depending on how the story is viewed afterward.
[事实] Girish says having a co-founder and family support helped them keep going.
[10:05] The First Strong Signal
[事实] Girish says the first version of RecruiterBox launched before Stripe was available to them.
[事实] Customers had to pay through PayPal, after which RecruiterBox would manually add credits that were deducted daily.
[事实] Girish says the payment process was very poor, but customers still went through it.
[推测] Customers tolerating a painful payment flow became an early signal that RecruiterBox was solving a real problem.
[12:24] RecruiterBox Scale and Sale
[事实] Girish says he cannot disclose the exact revenue number because of contract restrictions.
[事实] He says RecruiterBox had more than 2,500 customers, was in single-digit millions of ARR, and was adding more than 100 customers per month.
[事实] Girish says they sold the business because it had become comfortable and was not growing toward their original ambition of becoming the default way companies hired.
[事实] He says they found a buyer they believed could scale the business better, and they also believed they had another startup in them.
[15:29] Where Sprinto Came From
[事实] Girish says Sprinto was one of several ideas considered after selling RecruiterBox.
[事实] The idea came partly from RecruiterBox’s own experience moving upmarket and being asked for SOC 2 reports, ISO certificates, and security questionnaires.
[事实] RecruiterBox eventually hired consultants and spent months and tens of thousands of dollars to complete the process.
[事实] Girish saw compliance as an intersection of a boring, unsexy problem that was still valuable.
[17:13] Validation Before Code
[事实] Girish says The Mom Test influenced how he thought about validating ideas.
[事实] He and his co-founder decided they would not write a line of code until they had validated that the idea was valuable.
[事实] They tested ideas one at a time, spending a few weeks on each through mockups and conversations.
[推测] This was a deliberate contrast with their earlier startup experience, where they had built more before proving demand.
[19:25] Learning From Customer Conversations
[事实] Girish says there was no perfectly clear sign that Sprinto would work.
[事实] He says talking to around 20 people helped crystallize what customers cared about, why they might pay, and how urgent the pain was.
[事实] One rejected idea was a WordPress competitor, which they liked but felt they were not the right founders to build because it required developer evangelism.
[事实] Girish emphasizes founder-product fit alongside product-market fit.
[21:50] Sprinto’s Early Interviews
[事实] Girish says they did between 15 and 20 conversations for Sprinto before moving forward.
[事实] Omar frames Sprinto’s key challenge as turning a consulting service into a product.
[事实] Girish says the problem was not finding customers as much as productizing a workflow that was traditionally delivered through consultants.
[22:12] Why They Did Not Start With a Simple MVP
[事实] Girish says the common advice at the time was to launch an MVP quickly.
[事实] He says Sprinto made a counterintuitive choice because they did not want to build a services company.
[事实] The main risk they wanted to eliminate was whether the compliance process could be productized enough.
[事实] Girish distinguishes product risk, where the question is whether something can be built, from market risk, where the question is whether it can be taken to market.
[26:19] Using Audits to Build the Product
[事实] Girish says auditors were the key stakeholder because they ultimately issue SOC 2 reports and ISO certificates.
[事实] Sprinto repeatedly went to auditors asking for SOC 2 reports while building the product behind the scenes.
[事实] The first audit was manual, the second involved spreadsheets, the third had some product, and by around the tenth audit they had the process well understood.
[事实] By the time Sprinto approached its first beta customer, the team had confidence because they knew what auditors looked for.
[27:40] Productizing the Black Box
[事实] Omar clarifies that Sprinto was paying auditors repeatedly to understand the audit process, not merely interviewing people about it.
[事实] Girish says the auditor only cares about receiving what they need, regardless of whether the company uses a product-based or services-based process.
[事实] Sprinto’s internal test was how much of the work inside the “black box” could be automated while still producing what auditors required.
[推测] This approach gave Sprinto a deeper process map than ordinary discovery interviews would have provided.
[29:00] Early Sprinto Traction
[事实] Omar says Sprinto landed around 30 to 40 customers within months of launching.
[事实] Girish explains his go-to-market model as distinguishing between harvesting existing demand and creating or exposing demand.
[事实] Sprinto was in a category where demand already existed, because founders were already asking about compliance in founder groups, VC networks, consultant channels, and Google searches.
[事实] Sprinto’s job was to appear where buyers were already looking for answers.
[31:28] Initial Go-To-Market Channels
[事实] Sprinto made itself present in founder networks, Slack groups, WhatsApp groups, and other communities where founders asked operational questions.
[事实] Sprinto joined VC perk programs and offered discounts to startups affiliated with those VCs.
[事实] Google search, ads, and later SEO became important because CTOs and founders searched for help with SOC 2, ISO, and security questionnaires.
[推测] Sprinto’s early GTM worked because it matched an urgent, already articulated buying moment.
[33:00] Trial and Error in Customer Acquisition
[事实] Girish says Sprinto tried around 20 things and that 17 did not work.
[事实] He says advisory-firm partnerships looked logical on paper but did not work in the early days.
[事实] Startup conferences also did not work early, though they became useful later in a different context.
[事实] Girish says there is no guaranteed playbook and founders have to try multiple channels.
[35:41] Knowing When to Move On
[事实] Girish says he does not have a formula for how long to test a channel.
[事实] He distinguishes between a channel completely falling flat and a channel that might work with adjustments.
[事实] He says startups often double down on whatever starts working because they have to choose where to spend limited energy.
[推测] Some channels may have been abandoned not because they could never work, but because other channels showed faster promise.
[37:51] Channel Maturity Periods
[事实] Girish says different acquisition channels have different maturity periods.
[事实] He compares AdWords to opening a tap, because experiments can show results quickly.
[事实] Partnerships may require months of investment before producing results.
[事实] He says some channels should be started early even if their benefits will only appear later.
[39:33] AI’s Three Impacts on Sprinto
[事实] Girish says AI affects Sprinto from three directions.
[事实] First, Sprinto itself is becoming more AI-first by making its product more autonomous.
[事实] Second, Sprinto’s customers are becoming AI-first internally, which changes governance, risk, and compliance needs.
[事实] Third, AI creates new external security and privacy threats, including more sophisticated social engineering, phishing, and AI-based attacks.
[40:37] Software Working for the User
[事实] Girish says software has long required humans to feed it data and then retrieve that data in nicer forms.
[事实] He believes AI can move software toward working for humans rather than humans working for software.
[事实] Sprinto wants to be at the frontier of this shift.
[推测] For Sprinto, autonomy is not only a product feature but part of a broader view of where software is heading.
[41:32] AI Governance as a Customer Problem
[事实] Girish says customers now run more internal business processes on AI.
[事实] This means GRC programs must manage not only people, systems, servers, and software, but also agents and AI-related entities.
[事实] He says CISOs increasingly care about ensuring internal AI is safe, secure, and well governed.
[43:00] New External AI Threats
[事实] Girish says businesses must protect themselves from AI-enabled attacks outside the organization.
[事实] He specifically names social engineering, phishing, and sophisticated AI-based attacks.
[事实] He describes the combined effects of AI on product, customers, and external threats as a compounding trifecta.
[推测] AI is expanding the compliance category by creating new risks that did not previously exist at the same scale.
[44:01] Guardrails for AI in Compliance
[事实] Omar asks how Sprinto prevents AI failures from causing customers to fail audits.
[事实] Girish says audit-critical facts must remain deterministic.
[事实] Examples include whether a database was encrypted, whether access was revoked after an employee left, and whether the action happened within a required SLA.
[事实] Girish says those yes-or-no facts should continue to be handled as deterministic system-of-record data.
[45:27] Where AI Can Help Safely
[事实] Girish says AI can improve the work that happens around deterministic audit facts.
[事实] He gives the example of AI reading contracts to identify commitments such as product SLAs that should become part of the compliance program.
[事实] He says commitments may come from contracts, cybersecurity insurance, risk programs, policies, or frameworks.
[事实] He also describes an AI agent that can help remediate issues, such as encrypting a database, while an engineer supervises.
[48:26] Lightning Round Lessons
[事实] Girish says he disagrees with most generic startup advice because advice often loses the context behind it.
[事实] He recommends The Mom Test, especially for builders, because building is getting cheaper and choosing the right thing to build is increasingly important.
[事实] His productivity habit is deliberately blocking time for deep work every day.
[事实] A future idea he is interested in is truly personalized education, enabled by AI.
[50:32] Personal Notes and Closing
[事实] Girish says he taught himself programming when starting his first company and wrote his first real line of code at age 28.
[事实] He says he is interested in applying mass production techniques to software and understanding how AI changes software creation.
[事实] Omar closes by directing listeners to Sprinto’s website and Girish’s email.
播客点评/总结
[推测] The episode is most valuable for SaaS founders who are trying to understand how to validate a business before building too much product. Girish’s comparison between RecruiterBox and Sprinto makes the lesson concrete rather than abstract.
[推测] The strongest part of the conversation is the audit-productization story. Instead of only interviewing customers, Sprinto repeatedly went through real audits to understand the hidden workflow, which offers a useful model for founders tackling service-heavy industries.
[推测] The limitation is that the episode does not deeply quantify Sprinto’s economics, pricing, or exact early conversion metrics, so listeners looking for a tactical financial breakdown may want more detail.
[推测] This is a strong episode for technical founders, bootstrapped founders considering a second act, and SaaS teams exploring AI’s impact on compliance, governance, and go-to-market strategy.