VISO Trust Co-Founders Russell Sherman & Paul Valente

BCV Leads $11M Series A In VISO Trust: Making Vendor Onboarding Safe, Fast, And Compliant

4 min read March 3, 2022
Spotlight Infra

By Enrique Salem, Partner at Bain Capital Ventures

A typical large company works with over 5000 technology vendors, according to Gartner, and each of these vendors presents a potential security risk. After all, every new vendor must be given access to proprietary data and information for their product to function within a company’s tech stack. To ensure that software from third-party vendors is integrated into their infrastructure without compromising any sensitive data, the average company spends $2 million — and countless hours — a year on vendor onboarding programs.

These programs usually entail asking each new vendor to answer over 200 security questions on a spreadsheet, and then having risk, compliance, and security program managers review the answers to assign the vendor a risk score and identify issues that need fixing. This slow, manual, and error-prone process must then be completed annually for each vendor.

Image courtesy of VISO Trust

Today, Bain Capital Ventures is thrilled to announce that we’re leading a $11 million Series A investment in VISO Trust, an innovative startup that has automated the vendor risk management process via automatic document extraction and low-touch onboarding. We are joined by some high-profile security CEOs who invested as angels in the round, including Mandiant CEO Kevin Mandia, Crowdstrike CEO George Kurtz, and former CEO of Splunk Doug Merritt also participated in the round.

VISO’s platform makes it fast and easy to onboard new vendors, automatically assess their security posture and risk surface, and audit those results on a regular cadence. A vendor onboarding process that used to take weeks takes just hours with VISO. And vendors get a VISO profile that’s accessible by other VISO users, making onboarding almost instant once a vendor is in the system, and producing a network effect that incentivizes VISO adoption.

VISO has cracked one of the thorniest problems in the security space and has already attained impressive traction among CISOs, who have been waiting for a product like this for years. CISOs know that two-thirds of data breaches occur due to the failure of third parties to make good on their security commitments, so if they can identify these issues before they occur, they could eliminate the majority of breaches.

While BCV was getting to know VISO Trust, we put the founders Paul Valente and Russell Sherman in touch with Bain Capital’s own CISO, Mark Sutton. After two phone calls, Mark was convinced and now Bain Capital is a VISO customer.

“This platform allows me to make accurate risk decisions, quickly, based on the potential impact of a specific relationship within our vendor ecosystem,” said Sutton. “We are now able to spend more time governing this growing risk instead of being stuck in the endless cycle of process management. This is a true game changer in the vendor and third-party risk management space.”

But while VISO’s technology is incredibly sophisticated, using AI and document heuristics to automatically and quickly do highly-accurate risk assessments, we never invest in technology, no matter how groundbreaking. At BCV, we invest in teams, and the two founders behind VISO have spent the last 20 years in the trenches dealing with vendor risk management themselves.

Paul was CISO at LendingClub, where he met his co-founder Russell, and at ASAPP, and he also worked in senior security roles at Restoration Hardware and MicroEdge. Russell was manager of threat intelligence at LendingClub and has also held security roles at Varo Money, ASAPP, and Dell. Their deep networks in the security industry have already led to several marquee customers and VISO is growing at a rapid clip.

In our software-centered world, companies need to adopt new technologies at a breakneck pace to stay ahead of the competition. And all this new software must be “connected” to its customers’ tech stacks in a safe and compliant way without compromising sensitive corporate data. Vendor risk management is a hugely time-consuming and expensive task for companies today, but VISO solves this headache using sophisticated AI and automation.

We’re excited to see where VISO goes next and we can’t wait to support Paul and Russell as they build the next great security company.

Welcome to the BCV family, VISO!

Related Insights

How to Lower Your AWS Bill

AWS can quickly become the second largest expense for a company (after headcount). BCV Partner Aaref Hilaly and Momento co-founder Khawaja Shams share key habits that every company should be doing to lower its AWS bill at the growth stage.

Aaref Hilaly 1 min read
Business Building Infra Growth

Momento: Data Retrieval Doesn’t Have to Be a Pain in the “Cache”

There are two big movements in infrastructure software. One is open source, epitomized by Confluent and Mongo. These are projects that often incubate in large companies, or as hobbies for their talented founders, before blossoming into independent companies.  The other is “serverless”, which asks engineers to accept closed-source in exchange for ease of use, infinite…

Aaref Hilaly 3 min read
Spotlight Infra Seed

Large Language Models Will Redefine B2B Software

“We should partner with […]. They come up in 70% of our sales calls.” That’s what the new COO at one of our companies told us last week after her second week on the job. It stuck in my mind because only a few years back, it would have been impossible for her to know…

Sam Crowder 5 min read
Domain Insights Infra