VISO TRUST: How This Company Is Set To Disrupt The Third-Party Risk Management Market

By Amit Chowdhry • Nov 29, 2023

VISO TRUST is a company that puts reliable, comprehensive, and actionable vendor security information directly in the hands of decision-makers who need to make informed risk assessments. Pulse 2.0 interviewed VISO TRUST CEO Paul Valente to learn more about the company. 

Paul Valente’s Background

Along with being the CEO and co-founder of VISO TRUST, he was also the former CISO and built successful security teams and programs at ASAPP, LendingClub, and Restoration Hardware. Valente said:

“My third-party risk management programs have been vetted by hundreds of Fortune 1000 companies, and my teams have vetted thousands of third parties.”

“Russell Sherman is my Co-founder and the CTO of VISO TRUST, an AI-powered SaaS solution that scales and automates third-party risk management (TPRM). He is an accomplished technology executive, security leader, and security product innovator, previously working at highly regulated technology companies, including ASAPP, Varo Money, LendingClub, and Dell SecureWorks, with extensive experience in third-party cyber.”

Formation Of VISO TRUST
How did the idea for the company come together? Valente shared:
“Time and time again, we implemented light-weight processes that were questionnaire-based but ended up being slow and labor intensive. They’d generate endless busy work for my team and cause procurement delays.  Vendors would fail to respond, and stakeholder frustration would go through the roof. In fact, some teams were coined ‘the department of no’ or even accused of ‘killing innovation.’ I tried everything, and nothing worked – whether it was GRC tools, security ratings or risk exchanges — it was still too much work to run, provided inaccurate results, or had low vendor adoption. That’s why Russ and I built the VISO TRUST platform.”

Favorite Memory
What has been your favorite memory of working to build your company so far? Valente reflected:

Reflecting on our journey at VISO TRUST, both Russ and I have been privileged to witness remarkable moments that have defined our collective experience.”

“With each customer that we have interviewed, hearing how much they love the platform, how it has transformed the daily lives of their teams, and the metrics around its successes have been earth-shattering. We continually hear that VISO TRUST eliminates over 95% of the work, that we detect 25x more risky vendors, that they book 75% fewer exceptions, and that we have taken the TPRM assessment process from months to days – it’s an amazing experience. Even more amazing is hearing from customers about how we’ve helped them transform their department from the “Department of No” into a model for innovation automation and the most mature part of their GRC program – it’s an experience unlike any other in my life so far, and in Russ’ as well – one we’ll remember always!”

“Growing and evolving our exceptional team has brought an amazing sense of wonder and gratitude, which will also stay with us forever. Building and scaling a team is so much more than just a structural development; it’s about diverse talents coming together to create something extraordinary. This collaborative spirit enhances each and all of us and gives us the ability to live our ethos: turning challenges into opportunities for innovation and excellence.”

“From a technological perspective, the development, innovation, and integration of AI and LLMs have been key highlights that underscore our commitment to cutting-edge solutions. These milestones showcase our team’s technical prowess and dedication to pushing the boundaries of what’s possible.”

“Innovation is a driving force in our company culture, but its true essence is the shared sense of purpose within our workspace. The camaraderie among team members, the collective celebration of successes, and resilience in the face of challenges, they all form a storyline that goes beyond professional achievements, creating an enduring narrative of fulfillment and success. Sharing these memories and memories-in-the-making will help our customers, stakeholders, and our team to continue to thrive on innovation, teamwork, and a shared passion for making a meaningful impact.”

Core Products

What are the VISO TRUST Platform’s core products and features? Valente explained:

“As cloud-first companies increasingly adopt a technology ecosystem owned and accessed by third parties, navigating the growing complexity with traditional TPRM solutions is ineffective. This process exhausts security teams and fails to reduce overall risk.”

“VISO TRUST’s modern AI-powered approach eliminates the need for manual assessments with end-to-end automated due diligence, simplifying engagement with vendors to just a matter of minutes.

 – Turnkey Due Diligence simplifies an otherwise complex process and allows companies to effortlessly assess third parties. No implementation with VISO TRUST’s out-of-the-box solution. Risk pros can instantly understand cyber risk with a calculated risk score. The platform can easily assess key data on a population of more than 25 million companies and complies with NIST, ISO, AICPA SOC, PCI DSS, GDPR, CCPA, and more.

– Risk Insights provides a comprehensive overview of the organization’s cyber risk posture and makes data-driven decisions to reduce risk across third-party relationships. It quickly identifies previously unknown 4th party relationships with Risk Network Intelligence, providing complete visibility into the organization’s risk posture and operations with in-depth dashboards.

– Lifecycle Automation uses intelligent automated workflows and notifications to engage vendors at key intervals to keep risk insights up-to-date and accurate, making instant assessments possible due to the powerful network effect. VISO TRUST’s intelligent tracking and communication system eliminates the need for back and forth with vendors, and its notification features provide continually fresh insights and alerts on critical changes.”

AI Differentiation
How is VISO TRUST’s use of AI different from other, newer offerings? Valente noted:

Artifact Intelligence, VISO TRUST’s patented AI-driven TPRM process, seamlessly translates security control information. It is backed by an exceptional assurance and risk modeling accuracy rate exceeding 98%. It derives information from an extensive range of public and private sources, including policies, standards, trust portals, trust reports (such as SOC, ISO, and PCI reports), penetration test reports, and automated compliance platforms.”

Evolution Of VISO TRUST’s Technology

How has the company’s technology evolved since launching? Valente pointed out:

“Faster, easier to use, more data sources, more value from economies of scale passed on to the customer, more frameworks, more risk domains, more granular data points, more conversational AI capabilities.”

“Since launch, our core value prop has remained the same: removing the friction from the TPRM process and integrating AI-powered evidence-based assessment to deliver more accurate results than ever before possible while saving time and resources at any scale.  Building on that core value prop, we’ve continuously innovated to make the platform faster and easier to use. Today, assessments take 5 minutes for our customers and, on average, are completed in 5-7 days. That’s a huge win compared to the weeks and months that are the longstanding norm for TPRM vendor assessments.”

“We’ve also expanded the scope of risk our platform addresses from core cybersecurity to now including privacy, resilience, product security, AI trust and cyber insurance. As adoption has grown, we’ve integrated data from over 2.5 million companies on the platform and bolstered artifact intelligence. With retrieval-augmented generation our platform allows customers to literally ask anything of their vendors while using AI to drive near-instantaneous results.”

Significant Milestones

What have been some of VISO TRUST’s most significant milestones? Valente cited:
“Our 2016 initial platform development, our first patents received in 2017, and our first general availability of AI-powered cyber risk management are among our first milestones.”

“Today, the VISO TRUST platform is transforming TPRM and digital trust for some of the largest and most mature companies in the world.  The development of artifact intelligence has ushered in a new era for third-party cyber risk management where accurate, relevant, and detailed due diligence can be obtained at the click of a button, and quality risk intelligence is available for better TPRM decisions.  Developing this unique patented technology is VISO TRUST’s most important milestone, not only for VISO TRUST and its customers but for the risk management industry at large.”

Customer Success Stories

After asking Valente about customer success stories, he highlighted:

Today we have lots of great enterprise customers like Bloomberg, Instacart, Sequoia Capital, Gusto, and Upwork, and they all say the same thing: 90% less work, 80% reduction in time to assess and near 100% vendor adoption. Because it’s the only approach that can deliver accurate results at scale, for the first time, customers are able to gain complete visibility into their entire third-party populations and take control of their third-party risk.”
Prominent industry leaders and organizations have used and embraced VISO TRUST’s innovative platform.
Their results: 

– Patti Degnan, CISO at Notion: ‘VISO TRUST’s AI-powered TPRM solution enabled our security team to complete more third-party assessments with greater accuracy and elevated our security posture.’

– Mark Sutton, Managing Director & CISO at Bain Capital: ‘VISO TRUST’s technical innovation has substantially reduced the uncertainty in our third-party risk assessments, enabling data-driven decisions and operational efficiency.’

– James Nelson, VP of Information Security at Illumio: ‘VISO TRUST has enabled us to bring the security staff time per relationship down from more than 8 hours to only 30 minutes—for us, that’s gold.’”
Investors

After asking Valente about the VCs that they are partnered with, he replied:“Bain Capital Ventures, Work-Bench Venture Capital, Sierra Ventures, Lytical Ventures, and GTM Capital.”

Differentiation From The Competition

What differentiates the VISO TRUST platform from your competition? Valente affirmed:

“Our approach is fundamentally different from other solutions in the market today. At VISO TRUST, we prioritize innovation, and that means we’re constantly pushing the boundaries of what’s possible in third-party and cyber risk management.

The Problem: Existing GRC tools, security ratings, and risk exchanges still require too much manual work for security teams to run, often provide inaccurate results, or have low vendor adoption. Risk exchanges like CyberGRX offer a centralized platform with a repository of risk profiles. Customers are requested to share required data for assessments. However, this approach has weaknesses like lengthy manual audits (6-9 months), static audit results that depreciate rapidly, risk determinations that overlook unique business context, and low vendor participation. Security ratings like OneTrust and SecurityScorecard also have weaknesses, including limited visibility, lack of transparency on risk scoring, and insufficient reflection of actual risk posture due to outdated data.

The Solution: The VISO TRUST approach uses patented, proprietary machine learning and a team of highly qualified third-party risk professionals to automate this process at scale. The VISO TRUST Platform easily engages third parties, saving everyone time and resources.”

In a 5-minute web-based session, third parties are prompted to upload relevant artifacts of the security program that already exist to our supervised AI. Our module references a comprehensive set of over 25 security frameworks and uses document heuristics and natural language processing to analyze any written material and extract all relevant control information.  VISO TRUST’s risk model analyzes the level of risk and delivers a complete assessment that provides everything an organization needs to know to make qualified risk decisions about the relationship. In addition, the platform continuously monitors and reassesses third-party vendors to ensure compliance. No more chasing vendors, reading documents, or analyzing spreadsheets. Enterprise customers like Instacart, Gusto, and Upwork all say the same thing: 90% less work, 80% reduction in time to assess, and near 100% vendor adoption with VISO TRUST.”

Opinions About Third-Party Risk Management And Cyber Risk

What should readers know about third-party risk management (TPRM) and cyber risk that they likely don’t know from other vendors and associations such as Shared Assessments? Valente replied:

“With Artifact Intelligence, long-standing constraints that have undermined the value of third-party cyber risk management no longer apply, and real risk reduction is possible. Because questionnaire-based processes are labor-intensive and slow, companies have been forced to assess only their most critical of vendors. With VISO TRUST, they can finally assess them all and use the information to make better choices about third parties when it counts.  Because questionnaires and other approaches produce only low-confidence data, security leaders have resigned themselves to the fact that TPRM is a compliance exercise that can’t really reduce risk.  VISO TRUST accurately measures vendor maturity with 500% greater accuracy, catches 25x more 100% true positive risk issues, delivers real standards-based risk intelligence that can be relied upon, and is proven to reduce risk by as much as 95%.”
Future Company Goals

What are some of your future company goals for VISO TRUST? Valente concluded:

“As a forward-looking organization, VISO TRUST has set ambitious goals to propel our growth and impact in the coming years. We are dedicated to becoming the go-to, AI-powered third-party risk management leader in the market. This strategic focus aligns with our commitment to innovation, technology, and excellence in providing solutions for managing risks associated with external partners.

Our future company goals include:
1.) Innovation and Technology: Continuing to be at the forefront of technological advancements, we aim to drive innovation in cybersecurity and third-party risk management by leveraging cutting-edge technologies and solutions. 

2.) Market Expansion: Expanding our market presence regionally or globally, tapping into new demographics, and exploring strategic partnerships to broaden our reach and influence. 

3.) Product Innovation & Enhancements: Dedicated to delivering value to our clients, we plan to enhance and expand our product/service offerings to meet evolving customer needs and stay ahead of industry trends.

4.) Talent Development: Investing in our people is a key priority. We aspire to attract, develop, and retain top talent, fostering a culture of continuous learning and innovation.”