Three first-time founders with no compliance background built a company to automate a problem most engineers hated: SOC 2 paperwork. Sixteen months after incorporation, that company was worth $1 billion. This is how automating a boring back-office task became one of the fastest unicorn runs in SaaS history.
Here's what you'll learn:
How a challenger can out-position an established rival without matching its budget.
Why the right acquisition can turn a cost center into a growth engine.
How founders without industry experience can spot problems insiders have stopped noticing.

Proof of Trust, Priced by the Hour
In the late 2010s, every fast-growing B2B startup hit the same wall. A big customer would reach the final stage of a deal and ask for a SOC 2 report. Without the report, there would be no deal. The audit itself wasn't even the hard part. SOC 2 Type 2 audits typically cost $12,000 to over $100,000, but the real cost was time: teams often burned 100-plus internal hours screenshotting dashboards, logging access changes, and emailing evidence to auditors by hand.
Startups that wanted to sell had to either delay deals for months while they got "audit ready," or hire consultants to manage spreadsheets full of evidence. Either way, compliance became a fixed cost that hit hardest exactly when a company was trying to move fastest. There was time pressure too. SOC 2 reports expire, so once a company passed the audit period, the clock reset, and evidence had to be recollected every year, adding another round of costs.
The market structure made this worse. Enterprise buyers increasingly treated a SOC 2 report as the bare minimum before even starting a security review, so smaller vendors without one got filtered out of deals before a human ever looked at their product.
Compliance had quietly become a pain point, and almost nobody selling compliance software in 2019 was built for continuous, automated proof. The category was dominated by consultants and static checklists, not software that watched systems in real time.
The audit itself covers 61 criteria and roughly 300 points of focus spread across five trust categories, nearly all of it requiring separate documentation. Drata co-founder Adam Markowitz later described achieving and maintaining SOC 2 compliance as a colossal task that could eat hundreds of hours a year for companies going through it for the first time. Drata's own investors were betting the pain was structural rather than temporary, projecting the GRC market would grow to $15 billion within three years of its 2022 funding round.

Most revenue disappears in the space between intending to follow up and actually doing it. Salesforce for Small Business automates follow-up sequences, tracks lead activity, and connects your email campaigns to your CRM so nothing goes cold by accident.

The 16 Month Unicorn Playbook
Drata's founders, Adam Markowitz, Daniel Marashlian, and Troy Markowitz, weren't auditors. That gap may have helped. They built the product around what an engineering team wanted, not what an audit firm sold.
Their V1 automated evidence collection and continuous monitoring for SOC 2, with a UI that looked like a modern SaaS dashboard instead of a compliance binder. Drata didn't launch publicly until it had used that product to earn its own SOC 2 report, proof it worked before asking customers to trust it.
This mattered because Vanta, a competitor that launched two years earlier, had raised $150 million at a $2.45 billion valuation by mid-2024, serving over 8,000 customers. Drata didn't try to out-discount or out-market Vanta. Instead, it went vertical, adding frameworks fast (ISO 27001, HIPAA, GDPR, PCI DSS) so a single customer could consolidate five compliance programs into one subscription, raising switching costs each time.
A $100 million Series B in November 2021 pushed Drata to a $1 billion valuation, with Satya Nadella among the angels alongside ICONIQ Growth. A year later, a $200 million Series C doubled the valuation to $2 billion and added Frank Slootman and Jeff Weiner as investors, with the company at roughly 2,000 customers including Fivetran, Lemonade, Notion, and BambooHR.
In February 2025, Drata acquired SafeBase for $250 million. SafeBase had built "trust centers," pages where vendors display their security posture for prospects to self-serve. SafeBase counted OpenAI, LinkedIn, Palantir, and CrowdStrike among its 1,000+ customers and had powered $15 billion in transactions tied to security teams. The logic was simple: Drata automated the evidence behind a company's compliance posture, and SafeBase automated showing that posture to the world.
When combined, a customer's compliance program stops being a back-office cost center and becomes a public asset that shortens every future sales cycle.
Drata signed its first 100 customers within 45 days of launch and grew revenue 69% month-over-month in its first year, an early signal that the land-grab was working. By its Series C in December 2022, Drata had expanded past 14 compliance frameworks, up from SOC 2 alone at launch. The trust center category Drata bought into wasn't unproven, either: SafeBase had already raised $53.1 million from investors including Zoom Ventures, NEA, and Comcast Ventures before Drata acquired it.

Back-Office Burden to Front Office Asset
Drata crossed $100 million in ARR around its four-year mark, going from $1 million to $100 million ARR in roughly three and a half years, by the company's own account. Sacra estimates put 2023 revenue at $59 million, growing 61% to roughly $95-98 million in 2024, with the customer base expanding to over 7,000 organizations across 60 countries, a 55% jump year over year.
International growth ran even hotter, with EMEA customer growth hitting 100% year over year and roughly 25-30% of the customer base now sitting outside the U.S.
What's notable is how the moat compounds rather than just growing. Every new framework a customer adds raises switching costs. Every trust center page a customer publishes pulls their prospects' security teams into Drata's orbit too, since those prospects now expect a trust center from the next vendor they evaluate. New requirements like the EU's Digital Operational Resilience Act and the EU AI Act are pushing more companies to formalize vendor security reviews, a regulatory tailwind neither company had to create, and exactly the workflow SafeBase and Drata now automate together.
Drata isn't running away with the category the way FanDuel ran away with sports betting. Vanta hit a roughly $4 billion valuation in July 2025, about double Drata's mark, and still counts more customers overall. But the category itself has been validated at a scale nobody expected in 2020. Two companies founded by non-auditors have built a combined customer base in the tens of thousands. "Prove you're trustworthy, automatically" turned out to be a real business, not just a feature.
Key takeaways to consider…
Turn a Cost Center Into a Sales Tool. A product that only reduces risk gets treated as overhead. One that also helps customers win business becomes something they actively want to keep.
Don't Compete With an Incumbent on Their Terms. Matching a market leader on price or marketing spend rarely works for a challenger. Going deeper on what customers actually need can beat trying to out-spend or out-market them.
Outside Experience Could be Your Unfair Advantage. Drata's founders had zero compliance background, and built a better product because of it. Instead of replicating the audit firm experience in software, they built a modern SaaS dashboard that matched what engineering teams actually expected.

Scale AI support on AWS, see how July 9
Customer expectations keep rising. Support budgets don't. On July 9, Fin and AWS are hosting a live executive session on how leading enterprises close that gap: scaling AI-powered support while simplifying how they buy it.
You'll see how to resolve an average 76% of conversations with Fin on AWS enterprise-grade infrastructure, procure through AWS Marketplace to put committed cloud spend to work, and turn the Fin and AWS collaboration into lower support costs. Register for the live session to see how.

🍫 Power Numbers
$100 million+ - Annual recurring revenue reached within four years of founding
16 months - Time required to reach unicorn status
61% - Year-over-year revenue growth in 2024
$15 billion - Transactions powered through SafeBase Trust Centers
$250 million - Price paid to acquire SafeBase
8,000+ - Customers globally across 60 countries

More Sweet Reads
Raising capital is about showing up prepared enough that it’s hard to say no. Investors don't fund ideas, they fund pattern matches, and every serious investor already has a mental model of what their "yes" looks like before you walk in.
After years of recalls and weak rankings, Ford learned that better tools only work when experienced engineers help guide them.
A new SBA-NASA partnership is designed to help space-tech innovators get the capital they need to grow. By aligning investment funds with NASA’s top priorities, the deal could accelerate breakthroughs in energy, propulsion, materials, communications, and more.
A strategic reset after 11 years at Sound Ventures, rather than chase headlines, Kutcher is going back to backing picks and shovels. Teaming with Morgan Beller and going upstream, targeting the systems and power sources that tomorrow’s biggest companies will depend on.

Grab the attention of 1,200+ product and marketing leaders at companies with at least 30 employees? Partner with us.
Was this shared with you?



