Our Investment in Strike Graph: Striking Gold on Compliance


Sep 2021

If you have worked in a tech company at any stage, you’ve likely come across cybersecurity audits. The largest companies in even the most established industries are utilizing solutions from modern cloud vendors and this will continue to be a major need, as regulations are becoming more rigid. This means that cybersecurity compliance has become necessary earlier and earlier in the journey of many of tech companies. The difference between being SOC 2 certified and not is truly make or break.

As investors in B2B technology companies modernizing financial services and other enterprises, we’ve seen first-hand the difference that having scalable security programs can have for our portfolio companies. Large enterprise buyers simply expect their tech vendors to have these audits completed and maintained long-term. When so much is at stake with personal and enterprise data, cybersecurity is just not something that companies will allow flexibility on.

Most GRC software is targeted towards servicing larger, established technology companies with information security teams already in place to decipher and implement the myriad of compliance programs. The rigor of these audits can be a major task for growing or evolving companies that need to establish a foundation of best-in-class compliance immediately. In order to maintain momentum and gain the trust necessary to win clients, technology companies of all sizes need to be able to quickly and successfully pass their cybersecurity audits.

Justin Beals (Co-Founder and CEO) experienced this problem firsthand while working as the CTO at his prior start-up and speaking with its bank and other large enterprise prospects and customers. While the rigor of the requirements continued to go up, the support and systems to help companies of all sizes meet them did not. He felt that regardless of an organization’s size or level of experience in managing compliance programs, it should be easier to reach and maintain the demand from large enterprise buyers.

Enter Strike Graph: a company only a year-and-a-half old, born weeks before the global pandemic in 2020, and growing rapidly due to its success in getting 100% of its many customers clean audit reports to date. These customers, both small and large, are selling to some of the most data-sensitive industries including financial services, healthcare and government.

Even in such a short time period, Justin and his team have demonstrated the clear need for their platform which assesses and right-sizes the controls for each customer, at scale. Strike Graph is not limited to just one type of compliance standard, counting SOC 2, ISO 2700x, CCPA, HIPAA and GDPR to its arsenal of growing frameworks. The team doesn’t leave you hanging either as they make sure each company is adequately prepared to pass its audits.

And that’s because they’ve built a dedicated and passionate team. In addition to Justin, the leadership team includes Brian Bero (Co-Founder and VP Business Development) who has founded and exited tech companies in the past; and Sally Moore (CTO) who brings her unique combination of clinical psychology and tech to build a strong and diverse development team. Strike Graph has deliberately established a diverse team early and commits itself to being inclusive, collaborative, and impactful. Their team promotes innovative thoughts and bringing unconventional ideas to the table. It is exactly the type of company culture that Information Venture Partners likes to back.

We are thrilled to invest in Strike Graph and look forward to partnering with them on this exciting journey.

Alex, Dave, Brendan and the Information VP team

Check out some of our other portfolio investments here.