S2E12: Getting Customers to Pay Before You Code | Pukar Hamal (SecurityPal AI)

When enterprise deals die at the finish line because of a 200-page security questionnaire, you know there's a billion-dollar problem hiding in plain sight. SecurityPal founder Pukar Hamal turned that pain into a service-as-software business that hit $2 million in revenue before building any actual software.

The Pain That Creates Billion-Dollar Markets

Picture this: you're about to close the deal that changes your company's trajectory. The champagne is ready. Then boom - instead of DocuSign, you get 200 pages of security questionnaires:

"We were like ready to pop champagne bottles. And so, you know, we got hit with this, what is this? It's like hieroglyphics, you know, like, do I have barbed wire around my data center?"

Pukar's insight was if startups can't afford armies of lawyers to fill out paperwork, only big companies with resources will win enterprise deals:

"My like fundamental realization was if companies have to fill out a bunch of paperwork before they close a deal and they don't have the resources to do that, then all the big companies are gonna win, because they do have the resources."

Service-as-Software: The $2M Validation Hack

Instead of building software first, Pukar started with pure service. A prospect asked if he could just fill out their security questionnaire:

"And I hadn't even incorporated the company. And the person was like, send me an invoice. I'm like, what is an invoice? I went on like Stripe Atlas and incorporated the company. So I had a company that wanted an invoice before I even incorporated it."

While working a consulting day job, he'd stay up all night filling out compliance forms:

"So at night I'd fill out these questionnaires and I had a customer send me a question. I'll be like, I need this back tomorrow morning, East coast time. Stay up all night. I fill it out. I send it at 3 a.m. They got the deal done."

The magic was in the positioning - customers didn't want software, they wanted outcomes:

"Yeah, so in the beginning, we didn't even have software. I was building this off of Google Sheets and Airtable dashboards. People would be like, when are we going to get a login? I was like, why do you need to log in? You have a form that needs to be filled out, and you want it filled out."

This approach generated nearly $2 million before any real software:

"We were well over a million, almost a two million before we even like built any software."

Complexity-Based Pricing Beats Per-Seat Models

SecurityPal charges based on complexity rather than user seats - questionnaire difficulty, product lines, regions, and SLA requirements:

"I fundamentally anchored our pricing based on complexity. It's like how complex is your problem as it relates to security reviews and security questionnaires?"

Want same-day turnaround? That costs more:

"So I would say like the vectors for pricing for us are quantity of work. And then the SLA, right? So do you want it done same day? Or are you okay with like three, five days?"

His pricing philosophy is refreshingly practical:

"Biggest piece of advice from pricing standpoint that I can give anybody is like your pricing is going to change, forget about perfecting it today."

AI Agents Won't Replace Premium Service

While the industry rushes toward AI automation, Pukar sees the premium market wanting hyper-personalized service:

"My friends that have it told me, you call them, you get a real person and like they're hell bent on figuring out how to help you solve your problem. And like that premium experience, it's like hard to really like get that through like AI agents."

The Bootstrap Mentality That Scales

Pukar's advice cuts through Silicon Valley hype:

"If you really believe in something, you're really passionate about it, and you want a certain version of the world to be created, and you will literally eat ramen and work out of the corner of your apartment, you don't need to raise capital. You just need one customer to believe in you."

The key insight:

"You don't need to deliver for that customer, the perfect version of the product, you just need to deliver value. And you need to get that customer to say that you've delivered them value. You got to get paid."

His brutal reality check:

"But by the way, if you're not getting paid, it doesn't exist. It's just basically feel good conversations that are happening."

Companies Mentioned: SecurityPalTalentBinTeamableDriftAirtableFigmaVantaCraft VenturesStripe Atlas

See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.