VISO Trust Co-Founders Russell Sherman & Paul Valente

BCV Leads $11M Series A In VISO Trust: Making Vendor Onboarding Safe, Fast, And Compliant

4 min read March 3, 2022
News Infra

By Enrique Salem, Partner at Bain Capital Ventures

A typical large company works with over 5000 technology vendors, according to Gartner, and each of these vendors presents a potential security risk. After all, every new vendor must be given access to proprietary data and information for their product to function within a company’s tech stack. To ensure that software from third-party vendors is integrated into their infrastructure without compromising any sensitive data, the average company spends $2 million — and countless hours — a year on vendor onboarding programs.

These programs usually entail asking each new vendor to answer over 200 security questions on a spreadsheet, and then having risk, compliance, and security program managers review the answers to assign the vendor a risk score and identify issues that need fixing. This slow, manual, and error-prone process must then be completed annually for each vendor.

Image courtesy of VISO Trust

Today, Bain Capital Ventures is thrilled to announce that we’re leading a $11 million Series A investment in VISO Trust, an innovative startup that has automated the vendor risk management process via automatic document extraction and low-touch onboarding. We are joined by some high-profile security CEOs who invested as angels in the round, including Mandiant CEO Kevin Mandia, Crowdstrike CEO George Kurtz, and former CEO of Splunk Doug Merritt also participated in the round.

VISO’s platform makes it fast and easy to onboard new vendors, automatically assess their security posture and risk surface, and audit those results on a regular cadence. A vendor onboarding process that used to take weeks takes just hours with VISO. And vendors get a VISO profile that’s accessible by other VISO users, making onboarding almost instant once a vendor is in the system, and producing a network effect that incentivizes VISO adoption.

VISO has cracked one of the thorniest problems in the security space and has already attained impressive traction among CISOs, who have been waiting for a product like this for years. CISOs know that two-thirds of data breaches occur due to the failure of third parties to make good on their security commitments, so if they can identify these issues before they occur, they could eliminate the majority of breaches.

While BCV was getting to know VISO Trust, we put the founders Paul Valente and Russell Sherman in touch with Bain Capital’s own CISO, Mark Sutton. After two phone calls, Mark was convinced and now Bain Capital is a VISO customer.

“This platform allows me to make accurate risk decisions, quickly, based on the potential impact of a specific relationship within our vendor ecosystem,” said Sutton. “We are now able to spend more time governing this growing risk instead of being stuck in the endless cycle of process management. This is a true game changer in the vendor and third-party risk management space.”

But while VISO’s technology is incredibly sophisticated, using AI and document heuristics to automatically and quickly do highly-accurate risk assessments, we never invest in technology, no matter how groundbreaking. At BCV, we invest in teams, and the two founders behind VISO have spent the last 20 years in the trenches dealing with vendor risk management themselves.

Paul was CISO at LendingClub, where he met his co-founder Russell, and at ASAPP, and he also worked in senior security roles at Restoration Hardware and MicroEdge. Russell was manager of threat intelligence at LendingClub and has also held security roles at Varo Money, ASAPP, and Dell. Their deep networks in the security industry have already led to several marquee customers and VISO is growing at a rapid clip.

In our software-centered world, companies need to adopt new technologies at a breakneck pace to stay ahead of the competition. And all this new software must be “connected” to its customers’ tech stacks in a safe and compliant way without compromising sensitive corporate data. Vendor risk management is a hugely time-consuming and expensive task for companies today, but VISO solves this headache using sophisticated AI and automation.

We’re excited to see where VISO goes next and we can’t wait to support Paul and Russell as they build the next great security company.

Welcome to the BCV family, VISO!

Related Insights

Jamstack and Modern Web Dev

All areas of infrastructure software change rapidly, but perhaps none of them quite as quickly as the web development stack. The rate of innovation in other categories of infra can be limited by a few things, including relative technical depth (e.g. databases) or reluctance in depending on new players (e.g cybersecurity). Web dev tools, on […]

Sam Crowder 4 min read
Spotlight Infra

Why We Invested In Smallstep: Taking The Headache Out Of Certificate Management

by Enrique Salem Software is increasingly becoming an interconnected web of microservices, containers, and endpoints. The connections between each of these components can be compromised, creating potential security risk. The rise of cloud computing, distributed systems, and remote work has only accelerated these trends. To ensure that software is built securely and reduce the surface […]

Enrique Salem 3 min read
Spotlight Infra

BCV Leads $105M Series C In Docker: Enabling Modern Software Teams To Ship Quickly And Securely

By Enrique Salem, Partner at Bain Capital Ventures Today, BCV is excited to announce our Series C investment in Docker, the leader in container packaging, distribution, and security. These activities are so core to a software developer’s process that we expect Docker to become one of the generational companies in the space. Docker exploded onto the scene in March […]

Enrique Salem 3 min read
Spotlight Infra