When I joined BrightMove as Chief Operating Officer in 2022, I knew that achieving enterprise-grade security certification would be critical to our growth. But I didn’t anticipate just how transformative this journey would be—not just for our company, but for me personally as a leader.
Why I Made SOC 2 a Priority
As we scaled our AI-powered recruitment platform, I kept hearing the same refrain from enterprise prospects: “Can you provide your SOC 2 report?” We were losing deals, slowing down sales cycles, and spending countless hours on redundant security questionnaires. But beyond the business case, I felt a deep responsibility to protect our customers’ data with the rigor it deserved.
That’s when I decided to make SOC 2 compliance my mission.
Drawing on Healthcare’s Regulatory Rigor
This wasn’t my first rodeo with complex compliance frameworks. My previous roles in healthcare technology—at McKesson, one of the largest pharmaceutical distributors in the world, and GHX, a leading healthcare supply chain technology provider—gave me invaluable experience operating in heavily regulated environments.
At McKesson, I worked within frameworks governed by HIPAA, FDA regulations, and stringent data security requirements. When you’re responsible for technology that touches 33% of all prescription drugs consumed in the United States, security and compliance aren’t optional—they’re existential. I learned firsthand how to balance innovation with control, how to document processes that can withstand regulatory scrutiny, and how to build teams that think security-first.
My time at Clearsense deepened this expertise as I built technical and security teams from the ground up for a healthcare data analytics startup. There, I learned that enterprise customers don’t just want to see your compliance certifications—they want to understand the rigor behind them. I led the foundation and formation of the company’s first security program and it’s security posture based on the NIST framework. This experience shaped my approach to security: it’s not about checking boxes, it’s about building trustworthy systems.
That healthcare background proved invaluable when I took on SOC 2 at BrightMove. I understood the NIST frameworks that underpin many of these standards. I knew how to think about risk management, incident response, and continuous monitoring. I’d already lived through the discipline of maintaining comprehensive documentation and evidence collection. While recruitment technology operates under different regulatory requirements than healthcare, the principles of protecting sensitive data remain universal.
Rolling Up My Sleeves
This wasn’t a project I could simply delegate. I immersed myself in researching compliance solutions, ultimately identifying Vanta as the partner that could help us automate evidence collection while building a sustainable security foundation. I campaigned internally, making the case to our leadership team that this investment would pay dividends in customer trust, operational efficiency, and market access.
Then came the hard work. I rolled up my sleeves and personally developed much of our policy framework—crafting documentation around access controls, incident response, data management, and vendor risk management. Late nights were spent reviewing control requirements, mapping our existing processes, and identifying gaps we needed to address.
The Impact of Achievement
In 2025, we achieved our first SOC 2 Type I certification with zero exceptions—a testament to the thoroughness of our preparation. This wasn’t just about checking a compliance box; it fundamentally transformed how we operate.
The benefits have been tangible:
Security reviews that once took weeks now take days. Enterprise doors that were previously closed are now open. Our team operates with security-first thinking baked into every decision. Most importantly, our customers trust us with their most sensitive data—and that trust is backed by third-party validation.
Lessons from the Journey
Start earlier than you think you need to. Building secure procedures and infrastructure takes time, and retrofitting security is far more painful than building it in from the start.
Compliance is continuous, not a destination. Achieving SOC 2 was a milestone, but maintaining our security posture requires ongoing commitment and vigilance.
The right partners make all the difference. Vanta provided the guidance and automation we needed, while Advantage Partners delivered a seamless audit experience.
Focus on culture, not just controls. The most effective security programs are the ones where every team member understands their role in protecting customer data.
What This Means for Our Future
SOC 2 compliance has unlocked access to the enterprise market segment we always knew we could serve. It’s accelerated our sales cycles, differentiated us from competitors, and given our customers peace of mind. But perhaps most importantly, it’s established a foundation of operational excellence that will serve us well as we continue to scale.
This journey reinforced something I’ve always believed: the hardest problems are worth solving personally. By diving deep into the details, I didn’t just help BrightMove achieve compliance—I built expertise that will benefit every future initiative I lead.
To anyone considering SOC 2 compliance: don’t wait. The investment you make today in security and trust will compound over time. And when you do embark on this journey, don’t be afraid to get your hands dirty. The insights you gain from doing the work yourself are invaluable.
If you’re navigating your own compliance journey and want to connect, feel free to reach out. I’m always happy to share lessons learned and help others avoid the pitfalls I encountered along the way.