The Story of Thoroughpass: Building the Future of digital compliance and security reviews

The Story of Thoroughpass: Building the Future of Digital Compliance and Security Reviews

Sometimes the most valuable startups emerge not from chasing trends, but from founders who’ve personally experienced the pain points holding back an entire industry. In a recent Category Visionaries episode, Austin Ogilvie shared how his frustration with enterprise security reviews led to building Thoroughpass, a company reimagining how businesses handle digital compliance.

The Genesis

Austin’s journey into compliance technology began at Ondeck Capital, where he worked on applying machine learning to small business lending from 2010 to 2013. This experience led him to co-found Yhat, a data science platform helping teams overcome the engineering challenges he’d encountered. But it was during Yhat’s growth phase that he discovered the problem that would inspire his next venture.

As Yhat began landing larger clients like “Intuit, doximity, Stripe, PayPal, Johnson,” Austin encountered a critical challenge: enterprise security reviews were becoming a major bottleneck in the sales process. As he explains, “If you’re a software company and you don’t take security and privacy controls seriously, not only is that a bad thing to do because it puts the company theoretically in jeopardy, but it also is really damaging to streamlined sales.”

Building the Right Team

Rather than rushing to solve this problem alone, Austin took time to assemble the perfect founding team. Through a mutual mentor at Bain Capital, he connected with Sam, who shared a surprisingly parallel background – both were UVA alumni and Y Combinator graduates who had worked in New York tech. As Austin recalls, “It was like, on first meeting, it was like entrepreneurs love at first sight kind of a situation. Sam and I were pretty certain within the first hour that this is a really strong fit.”

But the critical piece was Eva, who brought two decades of experience managing cybersecurity governance at Citigroup. This combination proved powerful: founders who understood the customer pain point firsthand paired with an expert who knew how to solve it. As Austin explains, “Sam and I came to be commercially and intellectually interested in this space, but we don’t come from the solution side. Right? We care about this set of problems because we ourselves have these problems.”

The Breakthrough Insight

The team’s key insight was recognizing that automation alone wasn’t enough. As Austin puts it, “If you’re passively collecting all of the digital exhaust that’s relevant in compliance audits, that’s great. But if you have to export all the data and go talk to a separate cottage industry audit firm, it really defeats the purpose of all of the automation in the first place.”

This understanding led Thoroughpass to build not just tools for companies to collect compliance data, but also solutions for auditors to leverage that structured data effectively. The company positioned itself at the intersection of three growing markets: governance and risk compliance (GRC), IT auditing, and third-party vendor risk management.

Growth and Evolution

The market response was dramatic. While Yhat took four years to reach $1.5 million in ARR, Thoroughpass hit that milestone in just 12-13 months. Even more impressive, “the one to 10 million we achieved in six quarters or something like that,” Austin notes.

Along the way, the company underwent a complete rebrand from their original name, Leica. Despite the technical complexity of changing “whatever 100 or so SaaS products that we ourselves use,” the team recognized that differentiation in the market required a distinct identity.

The Future Vision

Looking ahead, Thoroughpass aims to become “this single pane of glass where all software companies come to manage their IT audits across any of these standards.” As software companies increasingly evaluate each other’s security practices, the opportunity continues to expand. “If Slack is selling or buying something from another software company, they’re now engaging in these kinds of third party vendor risk management problems.”

This expansive vision positions Thoroughpass not just as a compliance platform, but as critical infrastructure for the future of B2B software sales. By removing the friction from security reviews and compliance processes, they’re helping accelerate the entire software ecosystem’s growth – a vision that started with one founder’s frustration with enterprise sales bottlenecks.