About Us

We're called Compliance Simple because that's where most clients start. What we actually build is a security program that makes compliance a byproduct rather than an objective.

The Founders

Eugene De Fikh

Eugene De Fikh

Founder & Fractional CISO

Eugene leads security strategy, compliance program design, and the relationship with auditors and enterprise buyers. For the past 15 years he has worked with growth-stage companies feeling security pressure for the first time, turning that pressure into structure. He builds security programs that hold up under scrutiny and support revenue instead of blocking it.

LinkedIn
Oren Golan

Oren Golan

Co-Founder | Engineering Leader | Ex-Amazon

Oren handles engineering, product security, and the automation that eliminates the manual work most firms still do by hand. He spent years building secure, scalable applications at Amazon and multiple startups. He still writes code, which means he speaks the same language as the engineering teams he partners with.

LinkedIn
Ben the Boston Terrier

Ben

Employee #1

Ben is a Boston Terrier who has been with the company since day one. He attends every client call, occasionally snores through security reviews, and has never once leaked confidential information. His compliance record is flawless. He takes his role as office morale officer very seriously and believes every meeting should include treats.

What We Do

We build security programs for growth-stage companies under pressure.

Most companies come to us when something is at stake: an enterprise deal, a funding round, a board request. We design and implement the security architecture so that SOC 2, vendor questionnaires, and board-ready narratives are outputs of a well-designed system, not the starting point.

Security Architecture

We design your security program from the infrastructure up, mapping controls to your actual stack instead of pasting generic policies onto a spreadsheet.

Compliance Programs

SOC 2 Type I and Type II, vendor questionnaires, and enterprise security reviews. We prepare the evidence, coordinate with auditors, and handle the scrutiny.

Fractional CISO

Sustained security leadership without the full-time hire. We handle operations, board reporting, incident response planning, and team training.

Technical Security

Application security reviews, CI/CD pipeline hardening, cloud security posture assessments, and identity and access management design.

Policy & Documentation

Security policies, procedures, and risk assessments that reflect how your company genuinely operates, not boilerplate templates that sit in a drawer.

Engineering Partnership

We work alongside your engineering team directly. Weekly syncs, Slack access, code-level conversations. No waiting for consultants to return your email.

Ready to work with us?

Schedule a 30-minute call with Eugene and Oren. Both founders on every engagement, no junior handoffs.

Book an intro call