Ramkumar Sundarakalatharan on Reimagining Compliance for a Borderless Digital World

From hardware circuits to high-level compliance automation, Ramkumar Sundarakalatharan’s journey across engineering domains reads like a master class in adaptability, vision, and purpose-driven innovation. With over 20 years of experience spanning embedded systems, software development, architecture, and leadership roles, Ramkumar today helms Zerberus Technologies, a UK-headquartered startup simplifying compliance for high-velocity SaaS teams. In this interview, he reflects on his career arc, the gaps he saw first-hand, and how those learnings now fuel his mission to build faster, safer software ecosystems.

Let’s start with your professional journey. How did it all begin?

I started in the trenches of embedded systems — real low-level stuff. One of my proudest early projects was designing a telemetry unit for wind turbines and offshore platforms. The goal? Enable predictive maintenance and fault monitoring long before the term “IIoT” became mainstream.

What made it exciting was the constraint — we had to deliver real-time sensor insights with just 4KB of ROM and 128 bytes of RAM. That experience taught me the value of efficiency, clarity, and designing for failure scenarios. These lessons still shape how I build software and systems today.

But I was always drawn to abstraction and scale. Over time, I transitioned into software engineering — starting with systems programming and gradually moving into full-stack web and API development. This transition wasn’t just technical; it was strategic. I wanted to build systems that solved problems at scale, not just at the hardware-software boundary.

What was the next phase — when did leadership and architecture come into the picture?

As I grew more fluent in software systems, I moved into architectural and program leadership roles.

At EasyOdds in London, I led the buildout of a low-latency betting odds aggregation system with sub-150ms roundtrip TTL latency, much like a trading platform that syndicates price quotes from multiple vendors in real-time. It was a complex, high-performance engineering challenge and a valuable lesson in distributed systems design.

Later, I joined the Hinduja Group of Companies, where I worked on critical national infrastructure projects blending IT and OT systems. I headed the Architecture Centre of Excellence (CoE) and led transformative initiatives including:

• The design and implementation of BRTS (Bus Rapid Transit Systems) in three African countries: Congo, Ghana, and Senegal.
• A cutting-edge inbound logistics automation platform for Renault-Nissan, which streamlined factory supply chain operations in real-time.

These experiences gave me deep exposure to high-stakes engineering across sectors and continents.

Eventually, the startup bug bit me again, and I joined Zarget, a marketing tech startup. That was followed by a pivotal move to Itilite, where I built the product and engineering team from scratch. We scaled from zero to a platform used by hundreds of corporates across four continents, with security, scalability, and business alignment at the core.

I’ve led product launches from zero to scale, worked closely with legal and compliance teams, and implemented ISO 27001, SOC 2, and GDPR controls at multiple organisations. That’s when I began to deeply understand how fragmented and inefficient the compliance process really was—especially for high-growth startups.

When did you first realise this was a systemic problem, not just an organisational issue?

I kept seeing the same problem in startup after startup: founders scrambling for enterprise deals, only to hit a wall when procurement asked for compliance certifications. Security was often retrofitted, not embedded. And engineering teams — already stretched thin — had to stop feature delivery to handle audits, fill spreadsheets, and manage vendor risk.

I was also advising early-stage startups on product and security decisions. In parallel, I worked with VC firms on technical due diligence for their portfolios. Seeing the issue from both sides — startups struggling to scale securely, and investors grappling with risk exposure — made it clear that compliance was the unspoken bottleneck. That’s when it really clicked — so many visionary founders were burning their most precious fuel — time and engineering bandwidth — only to realise there was a roadblock in the middle of the runway: compliance.

I also saw that this wasn’t limited to one domain. Whether it was fintech, healthtech, or edtech, startups were wasting precious engineering hours on manual compliance tasks that could have been automated. That's when the seed for Zerberus was planted.

Why is compliance important to Startups and SMBs who are building and selling across borders in a digital era?

Because today, trust isn’t local — it’s global. Whether you’re a startup selling in Europe, an SMB servicing clients in North America, or a product-led business expanding into Southeast Asia, your buyers expect you to meet their region’s compliance standards from day one.

It’s no longer enough to say "we’re secure." You have to prove it — across GDPR, SOC 2, ISO 27001, HIPAA, Cyber Essentials, and now even AI compliance standards. And the earlier you start, the more it compounds.

If your sales process is blocked by a security questionnaire, if your procurement cycle is stalled waiting for documentation, or if you’re losing deals because your compliance posture doesn’t match the buyer's minimum bar — that's not a technical problem, that’s a growth problem. Zerberus exists to eliminate that friction and turn security from a gatekeeper into a growth enabler.

Tell us more about Zerberus Technologies — what exactly are you solving?

Zerberus is a third-generation cybersecurity and compliance automation suite, purpose-built for today’s high-velocity SaaS companies. While most vendors automate compliance by digitising spreadsheets and adding workflows, we’ve taken a radically different approach.

We embed real security into your development pipelines and operational workflows, not just your documentation layer. Zerberus plugs directly into your existing ecosystem — AWS, Azure, GCP, GitHub, GitLab, Okta, OneLogin, O365, GSuite, Jira, Asana — you name it — and integrates seamlessly without requiring major rewrites or process overhauls.

Our core innovation lies in how we automate your "Statement of Applicability"— tailoring it to your company’s size, sector, risk appetite, and geography— and then mapping it to real, enforceable controls. These aren’t static lists. These are live, auditable control mechanisms tied to your actual stack.

Our differentiator? Two words: Just-in-Time provisioning and One-Click Remediation™. When Zerberus detects a missing control, it doesn’t just raise a ticket — it provisions the fix, applies the patch, logs the action, and cleans up afterward if required. All within the bounds of your environment, with full audit traceability.

In short, we don’t just track risk — we eliminate it at source, accelerating compliance from a blocker into a business advantage.

That sounds interesting, what are those — Just-in-Time provisioning and One-Click Remediation?

These two capabilities are the result of over two years of focused R&D and one of the main reasons we stayed in stealth mode for so long — they represent our core IP, with both technologies currently in the patent pipeline.

Just-in-Time (JIT) provisioning is our proprietary method of providing "Just Enough Privilege" to the right identity at the right moment to fix a specific misconfiguration or control failure. What's unique is that it does so without ever elevating the privileges of the currently logged-in user or using long-lived tokens in our environment. This radically reduces the attack surface while solving the problem precisely and securely.

One-Click Remediation™, on the other hand, is our intelligent response engine. It applies the patch or mitigation based on recommendations from a proprietary ML model trained on breach data spanning over 14 years. This enables us to predict control failures before they occur and recommend the most effective fix.

Importantly, we recognise that the same problem can look different for different companies. An open S3 bucket in a Fintech firm may need encryption and access control, whereas in a Healthtech organisation, it may require data lifecycle policy changes and logging. Our model understands these nuances and adapts the response accordingly.

Together, these technologies help us bring context, intelligence, and speed to security automation in a way that’s never been done before.

What leadership principles have guided you through this journey?

Three things:

1. Empathy for builders – I’ve been an engineer. I know what slows us down and what helps us ship. Everything I build honours that.
2. Security as a business enabler – Not just a checkbox. Real compliance builds trust, accelerates sales, and attracts better talent.
3. Velocity with integrity – You can move fast and still build right. Zerberus proves that every day.

What's next for you and Zerberus?

We’re open-sourcing the core engine behind our Trace-AI offering — ZSBOM (Zerberus Software Bill of Materials), designed to bring visibility and integrity to modern software supply chains. This move wasn’t made lightly. But in light of recent funding cuts to vital US cybersecurity infrastructure like the MITRE Corporation and the CVE database, we believe transparency can’t be left to the stewardship of any single government or entity. If we expect resilience from others, we must demonstrate it ourselves.

Zerberus was built with this mindset from day one. As any engineer will tell you, "two is one, one is none"—we've always designed with redundancy and decentralisation in mind.

Meanwhile, we’re doubling down on Compl-AI and Remed-AI by expanding support for more compliance frameworks and prebuilt integrations. Our roadmap includes global standards such as NIST AI RMF, and we’re actively working with forward-thinking startups across the UK, EU, and US as design partners on an upcoming AI compliance framework tailored for European regulations.

It’s a pivotal moment — for Zerberus and for me personally. We’re shaping the next generation of compliance automation, and doing it in partnership with the builders who will define tomorrow’s tech landscape.

“There are times, sir, when men of good conscience cannot blindly follow orders.” That line stayed with me. Security isn't about obeying a checklist—it's about understanding context, purpose, and responsibility. At Zerberus, we don't build systems to pass audits—we build them to defend principles, even when it’s inconvenient.

— Ramkumar Sundarakalatharan