BREAKING — COMPYL CLOSES $12M SERIES A LED BY VENTURE GUIDES — BOJOUKHA: "WE'RE ENTERING A PHASE OF FOCUSED EXPANSION" — COMPLIANCE COPILOT SLATED FOR LATE 2025 — CUSTOMER BASE DOUBLED TWO YEARS RUNNING — TOTAL FUNDING NOW $13.7M —
Founder · Compyl · New York

Stas Bojoukha

Spent twenty years being the person a company calls when its security posture is a question mark. Then he stopped answering the call and built the answer instead.

Stas Bojoukha, founder and CEO of Compyl
Bojoukha, who once wired school networks as a teenager, now wires enterprise risk data into one screen.
By the numbers

The Compyl File

$13.7M
Total funding raised
$12M
Series A, June 2025
2020
Year Compyl was founded
57
Employees at Compyl
6
Security certifications held
2x
Customer base growth, two years running
Profile

The CISO Who Got Tired of Guessing

Stas Bojoukha runs Compyl out of an office on Irving Place in Manhattan, three blocks from Union Square, where fifty-seven employees build software meant to answer a question he spent two decades failing to answer cleanly: what, exactly, is our risk right now. Not a slide deck answer. Not a quarterly answer. An answer you can point to.

He came to this the slow way. Before Compyl, Bojoukha was a Chief Information Security Officer, three times over, at organizations spanning banking, real estate and energy trading - Rabobank, Cushman & Wakefield, SEFE Marketing & Trading. Each stop handed him the same job under a different letterhead: manage a security team, keep the auditors satisfied, and when a board member asked "are we exposed," give an answer that wasn't a shrug dressed up in jargon. He carries six certifications for the trouble - CISSP, CISA, CISM, GSEC, CEH, ISO 27001 Lead Auditor - the full alphabet of a profession built on proving you know what you're doing on paper, which is its own kind of irony for a man whose whole thesis is that paper compliance isn't enough.

"Existing approaches were not just outdated but inherently flawed. These approaches caused inefficiencies, blind spots." — Stas Bojoukha, on the GRC tooling he used for years before building his own

The founding story has a specific hinge, and it isn't a garage or a whiteboard epiphany. At one point in his CISO career, Bojoukha built an internal compliance tool for a heavily regulated client. It worked. It ran for six years. Eventually it broke down, the way internal tools built by one overworked security team tend to. When that same client went looking for a replacement, nothing on the market did what the old homemade tool had done. That gap - between what enterprises actually need to track risk and what vendors were selling them - became Compyl, which Bojoukha founded in 2020, mid-pandemic, with co-founder Simon Shaddock.

What Compyl actually does

Compyl bills itself as a unified governance, risk and compliance platform - the kind of category that sounds dry until you remember every company above a certain size is drowning in it. Bojoukha's argument, repeated in interviews and on conference stages from Boston to Tampa, is unglamorous and probably correct: most breaches are not the work of sophisticated adversaries. They're phishing emails somebody clicked, servers nobody patched, cloud storage buckets left open by accident. The tooling meant to catch these things is fragmented across a dozen dashboards that don't talk to each other. Compyl's pitch is one pane of glass - real-time, automated, tied to frameworks like SOC 2, HIPAA, ISO 27001 and NIST 800-53 - instead of a security team manually stitching spreadsheets together at 11pm before an audit.

The company doubled its customer base for two consecutive years running into 2025, with triple-digit annual recurring revenue growth, which is the kind of number that gets a Series A closed. In June 2025, Compyl raised $12 million led by Venture Guides, with existing backers Contour Venture Partners, Armory Square Ventures, NVP Capital, Alpine Meridian Ventures, Brooklyn Bridge Ventures and Zelkova Ventures all returning. Venture Guides partner Anton Simunovic took a board seat. Total funding to date sits at $13.7 million.

"Stay close to your customers. Make sure your roadmap reflects real-world needs and build with a strong bias toward efficiency." — Bojoukha's advice for capital-constrained founders

Learning to sell what he used to just do

Bojoukha has been candid, in interviews like the one with The Pipeline Press, about how badly Compyl's early sales calls went. The team would "feature dump" - walk prospects through a list of capabilities without first figuring out what was actually broken in that buyer's world. It's a common enough startup mistake, but a particularly pointed one for a founder whose entire value proposition rests on understanding a customer's problem better than they do. The fix wasn't a script. It was repositioning Compyl as a customizable GRC solution shaped around a given company's actual regulatory footprint, rather than a fixed feature set - closer to how Bojoukha himself used to build tools, one enterprise at a time, when he was still the one holding the CISO title.

That practitioner's instinct shows up again in how he talks about running the company itself. Bojoukha has said he tries to be transparent with employees about where Compyl stands - including the hard parts - rather than sanding down the message for morale. It reads less like a management philosophy borrowed from a book and more like the habit of someone who spent years being the person in the room who had to tell executives the truth about their exposure, whether they wanted to hear it or not.

Where it started

Bojoukha was born in Klaipeda, a port city in Lithuania, then part of the Soviet Union, and moved to Canada with his family at age six. He picked up networking work early - doing infrastructure jobs for the Toronto District School Board while he was still a student there, years before he'd formalize any of it with a security credential. He studied Applied Information System Security at Sheridan Institute of Technology and Advanced Learning in Oakville, Ontario, in a program that was, at the time, the first of its kind in Canada dedicated specifically to information security. His father was a serial entrepreneur across a handful of ventures, which is either a tidy explanation for why Bojoukha eventually started his own company or just a fact that happens to be true. He doesn't lean on it either way in interviews.

What's next

The near-term roadmap includes an AI-powered "Compliance Copilot," which Compyl targeted for a third-quarter 2025 release, aimed at automating more of the manual monitoring work that used to eat a CISO's week. Beyond that, Bojoukha has talked about expanding into the Asia-Pacific region and pushing further into regulated industries like healthcare and fintech by 2026 - sectors where the cost of a compliance blind spot is measured in more than embarrassment.

Off the clock, or as close to off the clock as a Series A founder gets, Bojoukha has mentioned the ferry to Red Hook, Brooklyn as a favorite spring outing - the skyline view from the water, and the barbecue once you're off it. It's a small detail, but it fits a person whose professional identity is built entirely around noticing what's easy to overlook.

Career path

Two Decades of Being the Answer Person

Age 6
Immigrates from Klaipeda, Lithuania to Canada with his family.
Teens
Does networking infrastructure work for the Toronto District School Board while still in high school.
2005-2009
Studies Applied Information System Security at Sheridan Institute of Technology and Advanced Learning.
Early career
Serves as Information Security Officer at Peel Hunt LLP and Information Security Manager at Rabobank.
Mid career
Becomes Regional Lead, Information Security & Risk Management (EMEA) at Cushman & Wakefield.
Later
Serves as CISO and Head of Information Security at SEFE Marketing & Trading Ltd.
2020
Founds Compyl with Simon Shaddock, mid-pandemic, in New York.
2025
Compyl closes a $12M Series A led by Venture Guides; total funding reaches $13.7M.
In his own words and others'

Notes & Anecdotes

Built a compliance tool as a CISO that ran for six years - and became the seed of Compyl when a former client came looking for something just as good and found nothing on the market.

Early Compyl sales calls were "feature dumps" that didn't land - the team had to relearn how to listen to a buyer's actual problem before pitching a fix.

Believes most breaches trace back to basics - phishing, unpatched servers, cloud misconfigurations - not sophisticated attacks.

Prefers being upfront with employees about company challenges over softening the message.

Father was a serial entrepreneur across multiple ventures.

Favorite spring outing in New York: the ferry to Red Hook, Brooklyn, for the skyline and the barbecue.

Further reading

Story Ideas Worth Chasing

The CISO Who Got Tired of Guessing

Traces how two decades running security programs convinced Bojoukha the tooling itself was the problem.

What a $12 Million Series A Buys a GRC Startup

How Compyl plans to spend its new funding, from the Compliance Copilot to APAC expansion.

Most Breaches Aren't Clever

Bojoukha's argument that phishing and misconfigurations, not sophisticated hacks, drive most incidents.

From Klaipeda to Manhattan

Bojoukha's early life and how it shaped a practical, no-frills approach to building a company.

The Six-Year Tool That Became a Startup

The compliance tool Bojoukha built as a CISO, and how its eventual failure sparked Compyl's founding customer relationship.

Feature Dumping and Other Mistakes

How Compyl's early sales approach evolved from listing features to solving buyer problems.

GRC Software Is Boring - That's the Point

Why Bojoukha believes unsexy enterprise problems make for durable startups.

Inside the Compliance Copilot

Details on the AI feature Compyl is building to automate compliance monitoring.

Doubling Customers Two Years Running

Examines Compyl's growth trajectory ahead of its Series A.

Six Certifications and a Company

How deep technical credentialing shaped Bojoukha's product instincts as a founder.

Share This Profile