~cpchander@dev:~$
cpchander@dev:~/blog$ cat scaling-virtual-employee-60-to-1500.mdx
~ cat scaling-virtual-employee-60-to-1500.mdx
# published May 20, 2026

Scaling Virtual Employee from 60 to 1,500: 17 years of IT operations leadership

What it actually takes to build the IT systems, telecom platform, security program, and operational playbook behind a remote-staffing company that scales from 60 to 1,500 employees over 17 years.

I joined Virtual Employee Pvt. Ltd. in February 2006 as Deputy Manager – IT. We were 60 people. When I left in August 2023 to start my own ventures, we were 1,500+ — across cloud, telecom, security, and compliance, all of it ran on systems my team and I had built.

This is the operational playbook, written from the inside. It's not theory; it's what we actually did, in what order, and what I'd do differently.

The non-obvious part: the mentor

Before any tooling, the most important thing about that 17-year stretch was Narinder Singh Mahil — the CEO, my mentor through the entire journey. The pattern that mattered most: he gave me real scope at every stage. Dy. Manager IT got to make architecture calls in year one. Manager IT got to negotiate vendor contracts in year three. By the time I was VP IT, I'd already lived through every layer of the company.

If you're hiring an IT leader and you want them to actually own the function in five years, give them ownership of something irreversible in year one. The growth follows.

Year 0–3: open source by necessity, not ideology

When we were 60 people, every rupee mattered. The IT stack reflected that:

  • CRM: SugarCRM (community edition)
  • ERP / Operations: OpenERP (now Odoo)
  • Mail / Office: open-source mail servers, OpenOffice
  • Telephony: PAP2 ATA phones plugged into VoIP providers — cheap, reliable, no PBX yet
  • Servers: Linux (CentOS) on commodity hardware in a borrowed rack

The lesson here that founders frequently miss: open source is the right answer for the first 3 years, not the last. It teaches you the entire stack from inside out. When you eventually move to Microsoft Exchange or Dynamics, you understand exactly what you're paying for and exactly where the limits used to bite.

Year 3–7: the second-stage migrations

As we crossed 200–500 employees, we hit predictable open-source limits — calendar federation, mobile sync, audit logging, single-pane support contracts. We migrated in deliberate stages:

  • SugarCRM → Odoo (customized) — gained workflow automation and unified ops/CRM
  • OpenOffice → Microsoft Exchange + Active Directory — calendars, mobile, group policies
  • PAP2 → Asterisk + OpenSIPS — proper PBX, call routing, IVR, recording

Each migration was justified by a missing capability, not a better brand name. That filter saves seven-figure money in mid-stage companies.

The telephony journey deserves its own section

Telephony at a remote-staffing company isn't a "feature" — it's the product. Clients hear our voice quality before they trust our work. We went through three full generations:

Generation 1 (PAP2 era): Cisco/Linksys PAP2 ATAs, one per agent, plugged into off-the-shelf VoIP providers. Worked at 60 people. Broke at 200.

Generation 2 (Asterisk + OpenSIPS): Built our own softswitch. Asterisk handled the call logic (IVR, recording, voicemail, queues, callme4-style callback flows). OpenSIPS handled the SIP routing and trunking. We integrated it with the in-house HRMS so attendance, payroll, and call analytics talked to each other. I wrote a lot of the integration scripts during this era — many of those notes still live on cpchander.blogspot.com.

Generation 3 (Twilio + SIP trunks): As clients spread across US, UK, AU, we needed carrier-grade reliability and per-country compliance. We moved to Twilio for the API surface and contracted SIP trunks per country for cost and regulatory fit. Asterisk and OpenSIPS stayed in the picture for advanced flows. This hybrid model — programmable cloud APIs in front of carrier-grade SIP trunks — is what I'd still build today for any B2B voice product.

Year 7–12: the compliance lift

When enterprise clients started asking us to handle their data, "we have firewalls" stopped being enough. We pursued and achieved:

  • CMMI Level 3 — process maturity for software delivery
  • ISO 27001 — information security management system

I framed the policies, built the control framework, ran internal audits, and walked external auditors through the evidence. Two things I wish someone had told me upfront:

  1. The certification is downstream of the operating discipline. You don't pass ISO 27001 because you wrote the policies. You pass because you've been running the controls for nine months and have the logs to prove it. Start the discipline early.

  2. Compliance pays for itself in deal velocity. Once we had ISO 27001, enterprise sales cycles compressed by months. Procurement teams stopped asking us questions because the certificate answered them.

The in-house HRMS — the bet that compounded the most

At ~500 employees we evaluated commercial HRMS — SAP SuccessFactors, BambooHR, Zoho People. All of them were either too expensive, too generic, or didn't talk to our telephony/CRM stack the way we needed.

We built our own. Payroll, recruitment, onboarding, attendance, IT ticketing, performance reviews, client-side timesheets. It took 18 months and three rewrites to get right. By the time we were 1,500 people, the HRMS was running ₹X crore of monthly payroll, ingesting attendance from Asterisk call logs, generating invoices to clients, and tracking IT tickets — all in one system.

The ROI math is irresistible at scale. A commercial HRMS at 1,500 employees would have cost us tens of lakhs per year, plus integration consulting fees per change. The in-house system cost engineering time which we already had. Bonus: it became a defensible part of how we managed clients.

Year 12–17: cloud and the COVID stress test

By 2017 we were moving on-prem workloads to cloud — websites and content delivery to AWS, client-project environments to AWS/GCP/Azure depending on client preference. Multi-cloud was driven by clients, not by ideology. Each client lived where they wanted; we built skills across all three.

Then COVID hit. In March 2020 we had ~1,000 employees in the Noida office and 500 elsewhere. Within 4 weeks we needed everyone working from home — without breaking client confidentiality, without missing payroll, without losing attendance accuracy, without compromising the ISO 27001 controls we'd worked years to earn.

What we did, in order of operational urgency:

  1. VPN access for everyone — capacity-doubled the appliances; deployed split-tunnel where possible
  2. Employee monitoring system ported to remote — integrated with HRMS so attendance auto-flowed
  3. Remote firewall posture for client environments — pushed standardized configs to home networks where required
  4. Vendor payments and invoicing moved from in-office workflows to a fully remote chain
  5. Finance department coverage — I personally ran the finance department for six months when the existing leader transitioned, doing payroll, invoicing, and data validation while keeping IT running

The 17-year takeaway: operational systems are tested only by the unexpected. What looked like over-investment in HRMS, monitoring, and compliance turned out to be the difference between continuing to operate and shutting down for a quarter.

What I'd do differently

Three things, looking back:

  1. Hire the analytics layer two years earlier. We built real-time reporting and dashboards starting around year 10. We needed them by year 5. Visibility unlocks decisions; we made several blind ones we shouldn't have.

  2. Productize internal tools earlier. The HRMS could have been a $5M+ SaaS product. We built it for ourselves and stopped there. Today my ventures (Zedtreeo, GrowMore Solutions) explicitly look for that pattern: internal tools that could be products.

  3. Spend more on senior IT hires before you need them. Every level of growth has a 12-month window where you need senior IT now but don't have them yet. The cheapest version of that bet is hiring two quarters before the pain. We always hired right as the pain became unbearable.

Use cases — what these systems actually did

To make this real, here are the concrete things the infrastructure handled at scale. Not theory; specific operational moments.

Use case 1 — The COVID transition (the moment of truth)

In March 2020, with 30 hours' notice, we moved 1,200 employees from the Noida office to their homes. Every department kept operating. Salaries hit on time. Client engagements never paused. The full operational playbook is in its own piece: 1,200 employees, 5 days: the COVID remote-work transition playbook. The reason it worked: every system mentioned above was already in place. The crisis tested the foundation; it didn't ask us to build a new one.

Use case 2 — Onboarding a US-government-contractor client (compliance-heavy)

In 2018 we onboarded a US federal contractor whose security posture required:

  • Dedicated subnet for their agents, isolated from the rest of our network
  • Mandatory NAC (network access control) for all endpoints used on their account
  • Encrypted laptops with FIPS-compliant disk encryption
  • Custom firewall rules to whitelist their VPN range only
  • Annual third-party penetration testing
  • A signed BAA-equivalent agreement for security controls

We built a dedicated "delivery zone" in our infrastructure — a segmented VLAN with its own egress firewall, BitLocker on all endpoints, ADFS-federated identity into the client's Microsoft 365 tenant, and an annual pen-test budget. The setup took 8 weeks. It became the template for every subsequent high-compliance client (financial services, healthcare). We turned a one-time onboarding cost into a productized "compliance-grade delivery zone" that we offered to enterprise clients.

Use case 3 — Handling a major client's emergency migration

In 2019 a long-standing UK client was migrating from on-prem Exchange to Microsoft 365 and asked us to handle their helpdesk during the cutover weekend. Volume estimate: 800 tickets in 48 hours.

We spun up:

  • 25 agents pulled from regular rotation, briefed on Friday afternoon
  • A dedicated Asterisk IVR routing into a new queue specifically for this client
  • Real-time CDR streaming into a Power BI dashboard the client's IT leadership watched live
  • A war-room Microsoft Teams channel that bridged our agents and their internal IT
  • Pre-staged knowledge base articles in their ITSM tool for the 50 most-common issues we predicted

We handled 1,100 tickets over the weekend with first-call resolution above 70%. The client renewed the contract at 3× the volume the following quarter. The point: the same systems that ran day-to-day operations were also the surge-capable platform for client emergencies.

Use case 4 — The CMMI Level 3 audit (proving operational discipline)

In 2014 we went through the CMMI Level 3 appraisal. Six months of work. The systems backing the audit:

  • Navision (Dynamics NAV) for financial controls, vendor management, asset tracking
  • The in-house HRMS for training records, skills inventory, performance reviews
  • The IT ticketing system (also part of the HRMS) for incident management evidence
  • SharePoint for process documentation, version control of policies, audit-evidence repository
  • Power BI dashboards for management review meetings, with snapshots archived as audit evidence

The lead appraiser remarked that our evidence chain was the cleanest she'd seen in an India-based service company at our scale. The reason: we hadn't built the systems for the audit. We'd built them for operations and the audit happened to fall out of them. That's how compliance is supposed to work.

Use case 5 — Running finance for six months (mid-leadership transition)

When our finance head transitioned out, I ran the finance department for six months in parallel with IT. Concretely that meant:

  • Monthly payroll execution for 1,500+ employees via Navision
  • Client invoicing via Navision + Exchange (manual review of edge cases)
  • Vendor payment processing through the corporate banking portal
  • Daily cash position reporting + 13-week cash flow forecasting
  • AR follow-ups on the largest 50 overdue accounts personally
  • The annual statutory audit handover to the new CFO

The reason I could do it: the systems already enforced the discipline. Navision wouldn't let me make a journal entry that didn't balance. The HRMS wouldn't let me run payroll without complete attendance. The banking portal wouldn't let me execute a payment without dual approval. Good systems take a competent IT operations person and turn them into a competent finance operator. The systems are the leverage.

What this story is actually about

I tell this story now because it's the playbook every venture I'm building today comes from: Zedtreeo (the remote staffing platform), GrowMore Solutions (automation + outbound), and the autonomous AI work that pulls on every lesson from those 17 years. The technology changes — Twilio replaced Asterisk replaced PAP2; AI agents are replacing manual SDRs; cloud-native is replacing self-managed — but the operational discipline is the same.

If you're scaling IT operations through high-growth, the meta-lesson is this: invest in systems before you need them, write down your processes before you have to defend them, and find the mentor who gives you scope before you've earned it.

The compound interest of all three is what gets you from 60 to 1,500.

← back to /blog