Whistic Raises a $35 Million Series B
“We understand the mission-critical importance of a trusted supply chain in today’s global environment,” said Suken Vakil, General Partner at JMI. “Whistic is the clear leader for companies looking to build a streamlined and automated vendor security assessment program. We are excited to partner with Whistic as they and their customers create a new expectation where security comes first."
“The interactions we've had with JMI set them apart from other investment groups we've had the opportunity to meet with,” says Nick Sorensen, CEO of Whistic.“They have a high quality, low ego, very capable, and skilled team. We align well with them from a people perspective, a culture perspective, and from a vision and philosophy of how-to-build-a-business perspective.”
Whistic, founded in 2015, is a proactive vendor security network, changing the way companies assess third party vendor security.
The importance of third party vendor security recently came to light to the public in 2021 with the Solarwinds data breach. Hackers infiltrated thousands of companies by hacking into SolarWinds’ software system, Orion, which was used by over 33,000 companies. The hackers only had to add malicious code to Orion, and when an update went out, the code was sent to all of SolarWind's customers, allowing hackers to access thousands and thousands of company's information. This security breach emphasized the need for companies to assess the security of a third party before engaging with them, which is why Whistic created an easier way for companies to complete vendor assessments.
Normally, if a company wants to use a third party vendor, the company would send hundreds of security-related questions to the third party to assess its trustworthiness. Oftentimes the questions come on a long, tedious Excel spreadsheet that the third party must fill out, respond to, and send back.
“You work on it for weeks or months and then send the answers back,” explains Sorensen. “We do a dance that’s very inefficient and painful, and it slows down the sales process for the seller and creates friction for the purchasing company on the buyer side of the table too.”
Whistic enables companies to publish profiles with their security and compliance information, eliminating the need to fill out laborious questionnaires and creating an efficient two sided network between buyers and third party vendors.
Whistic’s Series B funding will go towards expanding its vendor security network, investing in product and engineering to continue innovation, and adding team members to product, engineering, marketing, sales, customer success, support, operations, and more. The company will be growing rapidly and expanding far beyond their current 80 employee headcount.
The Whistic Vendor Security Network currently has more than 40,000 profiles available on-demand. Monthly, thousands of buyers accept Whistic profiles instead of requesting security questionnaires.
Many Utah companies use Whistic including, BambooHR, Alianza, WCF Insurance, Vasion, MarketStar Corporation, Mirador LLC, Divvy, Overstock.com Inc., Qualtrics, Legato Security, and doTERRA.
Whistic is also a founding member of the Security First Initiative, a coalition pledged to put security first by proactively sharing security information with customers using a Whistic profile, as previously covered by TechBuzz.
In May this year, Whistic announced support for the Minimum Viable Secure Product (MVSP) framework, a security baseline developed by Google. The MVSP was a collaborative effort with Okta, Slack, and Salesforce and with it, vendors can demonstrate to their customers that they are meeting minimum baseline security protocols, as outlined by the industry’s top security professionals.
The company was recently named #20 on the Inc. 500 Regionals 2022 list and Sorensen was nominated as an inaugural WIN100 top entrepreneur. In 2021,Whistic was recognized as an Emerging Elite company by the Mountain West Capital Network and was on the 2021 Inc. 5000 list at #236.
Yet despite these achievements, recognition and prestige are not Sorensen’s main goals. “I put high on the list focusing on building a great company culture and a great team” says Sorensen. “I consider those two things my top priorities in addition to the other responsibilities of the CEO.”
When asked about Whistic’s company culture, Sorensen referred to what the company calls the ‘Whistic DNA.’ This DNA is a list of company values that makes up Whistic’s core beliefs. Values include extreme ownership, start-up mentality, driven by data, voracious learning, and purposeful prioritization.
On the value, ‘purposeful prioritization’, Sorensen expounds, “We want to put the right things in the right order in our lives, and not surprisingly, work is not the most important thing. Every Friday we end work at three o'clock so that we can purposely prioritize time to ourselves and to our families. That's one example of how we tie that value into a weekly action at Whistic; we are very intentional about that.”