The Generalist - Vanta: Securing the Internet

Christina Cacioppo’s company is the established leader in automated compliance monitoring. Its ambitions span the web.  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌

Hello friends,

What SaaS company scaled in near-silence before raising a $50 million Series A from Sequoia Capital?

The answer? Vanta.

In today’s piece, we unpack the story of a category-creating business that has achieved breakout traction with minimal funding. (Specifically, a $10MM run rate before that Series A.) In the process, we’ll explore the massive opportunity in compliance and security, how Vanta disrupted an industry, and what it means to secure the internet. We’ll also touch on Vanta’s absurd traction and tell the behind-the-scenes story of that Sequoia round.

This piece was written as part of The Generalist's partner program. You can read about the ethical guidelines I adhere to in the link above. I always note partnerships transparently, only share my genuine opinion, and commit to working with organizations I consider exceptional. Vanta is one of them.


VANTA: SECURING THE INTERNET

Actionable insights

If you only have a couple of minutes to spare, here's what investors, operators, and founders should know about Vanta.

  • Vanta is an architect of trust. At its core, the company makes it easier for businesses to trust one another. It does so by automatically monitoring a business’s performance relative to compliance standards like SOC 2.
  • Christina Cacioppo created the category. Before Vanta, getting SOC 2 certified required tens of thousands of dollars and months of work. Cacioppo recognized technology could automate much of the work and radically reduce cost and effort.
  • It scaled in near-silence (and continues to grow). Cacioppo built an impressive business with little funding or fanfare, not wanting to alert others to the opportunity. Vanta had reached a $10 million run rate when it raised a Series A from Sequoia Capital.
  • Automated compliance has become a hot space. Though Vanta managed to stay under the radar for several years, other businesses have awoken to the space’s potential. Competitors are raising bumper rounds to try and close the gap.
  • Vanta’s mission is to secure the internet. It doesn’t see itself as just an easy way to get SOC 2 certified. Already, the company provides support for HIPAA, GDPR, ISO 27001, and beyond. Its greater mission is to help make online business safer.

***

Our brains work hard to assess the trustworthiness of another person. We observe the sturdiness of their gaze, listen to their voice's timbre. We consider their age, gender, wealth, and weight. We heed what they say and what they seem to hide. Did they pick at their nails as they spoke? Did they scratch their nose? And what was that movement, that little dart: a flinch, a sneeze, a cough, a tell?

We do this difficult work, drawing in hundreds of real-time signals because almost every worthwhile interaction comes after trust has been established. Friendships, relationships, and partnerships all rely on some measure of it.

Businesses have the same need for trust. But when it comes to securing it, they cannot rely on the same swirling broth of sensory and extra-sensory information humans do. So, what can they do? In the place of instinct, there is auditing. And rather than psychology, there are standards of compliance, the largest of which is called “SOC 2.”

Behind the aridity of the acronym, this is what SOC 2 really is: a document in which a business says, “This is who I am. These are all the things I do to stay safe. This is why you can trust me.”

Though that might sound simple, getting to the point of trust for a business used to be a complicated and costly endeavor. The experts I spoke with shared that a complex SOC 2 process might take eight months, costing north of $50,000. Since large enterprises typically require proof of data hygiene to work with another company, smaller businesses found themselves in a fiendish conundrum we might call a “SOC 22.” The steep price of an audit could put a business in financial trouble, but failing to pay for one meant no new customers, no revenue, and financial risk, all the same. For the lucky, compliance was a cumbersome cost-suck; for the ill-starred, it could be an existential strain.

This was the way of the world, and it served no one save the auditors themselves. They thrived on high fees, opaque processes, and unwavering demand. Then, something happened.

Every industry that has undergone technological upheaval has a before and after moment. Online payments can be divided into time before and after Stripe. Venture capital existed pre and post-AngelList. In compliance, there is a “BV” and “AV”: Before Vanta and After Vanta.

Founded in 2017 by Christina Cacioppo, Vanta is the quintessential disruptor. It has axially altered the way companies prepare for security audits, reducing the timeline from months to weeks. It has also created a brand new category and changed the cost structure of an entire industry, lowering prices by as much as 90%. In the process, Cacioppo and her team have constructed a remarkably winning business – hitting a $10 million revenue run rate before raising its Series A from Sequoia Capital. Even as fast-followers have entered the space, Vanta has gone from strength to strength, logging insane customer growth and establishing itself as the standard bearer for the industry.

Vanta’s success means there is a clear line of sight to significant financial success in the short-to-medium term. Yet the company has only just begun its climb towards Cacioppo’s true goal: to secure the internet. If Vanta is successful, businesses may be able to establish trust in just a fraction of the time it takes now, a profound change.

In today’s piece, we’ll tell Vanta’s story and chart its future. In doing so, we’ll cover:

  • Origins. Before starting Vanta, Christina Cacioppo learned how to study business at Union Square Ventures. She also built plenty of products of her own before discovering the opportunity in automated compliance.
  • Product. Vanta shifts the compliance process from a reactive one to a proactive one. By connecting with a company’s different tools, it seamlessly monitors security practices and suggests improvements. When auditing time arrives, most of the work is done.
  • Model. By turning to technology, Vanta has reduced the cost of SOC 2 certification. That hasn’t stopped it from growing. It grew its customer base by 220% last year after a sterling 2020.
  • Culture. Christina Cacioppo is a Midwestern assassin – incredibly nice but not to be underestimated. She has built a business in her image, replete with good-spirited operators who want to win.
  • Risks. Despite being the market leader, Vanta hasn’t always touted its positioning. As competitors flood behind them, Cacioppo and company will need to invest in messaging. That may require a new round of capital.
  • Future. Right now, audits are point-in-time assessments. Does that make sense given the dynamism of the tech sector? In the future, companies may demonstrate trustworthiness on a near-continuous basis.

Let's get going.

See you soon,

Mario

Older messages

Blockspace with Chris Dixon

Sunday, May 15, 2022

Chris Dixon has called blockspace the “best product” of the 2020s. We ask a16z's head of crypto to explain why that's the case and where we're headed. ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌

The Economy of You

Sunday, May 8, 2022

An exploration into the promise and perils of social tokens. ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌

Flexport: How to Move the World

Sunday, April 24, 2022

The $8 billion freight forwarder has designs on a bigger prize: owning the data layer for global trade. ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌

Dune: The Data Must Flow

Wednesday, April 20, 2022

The crypto unicorn is a tamer of blockchain information. It's also a portal to a new kind of economic empowerment. ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌

The Wisdom List: Leif Abraham, co-CEO of Public

Sunday, April 10, 2022

The leader of investing unicorn Public shares his lessons on fundraising, hiring, and finding focus. ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌

You Might Also Like

🔥 Vertical AI Agents Could Be 10X Bigger Than SaaS

Sunday, November 24, 2024

There could be 300 billion dollar companies in this category alone. This Week at YC November 24th, 2024 ✨ The Latest Vertical AI Agents Could Be 10X Bigger Than SaaS As AI models continue to rapidly

#207 | Agentic Commerce, Energy Theses, State of Gen AI, & more

Sunday, November 24, 2024

Nov 24th | The latest from Scale, USV, Madrona, Menlo Ventures, Redpoint, and others ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏

$12K/mo AI App for grandmas

Sunday, November 24, 2024

Starter Story Sunday Breakfast ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏

🎓 Learn from these legends to supercharge your 2025

Sunday, November 24, 2024

And save 40% while doing so with our greatest Black Friday deal ever! Black Friday_Header_2 Hey Friend , This Black Friday, you get the biggest, most lucrative sale we've ever offered—and with it,

The ultimate guide to founder-led sales | Jen Abel (co-founder of JJELLYFISH)

Sunday, November 24, 2024

Learn how to master founder-led sales with Jen Abel of JJELLYFISH: tips on outreach, leads, closing deals, and hitting your first $1M ARR ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏

🗞 What's New: ~40% of young adults get their news from influencers

Saturday, November 23, 2024

Also: "File over App" for digital longevity ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏

Initiator Creator - Issue 145

Saturday, November 23, 2024

Initiator Creator - Issue #145 - ( Read in browser ) ​By Saurabh Y. // 23 Nov 2024 Presented by NorthPoll​ This Week's Notes:​ ​Content-rich designs looks more convincing I just love how Basecamp

🛑 STOP EVERYTHING 🛑 BLACK FRIDAY IS NOW!

Saturday, November 23, 2024

This is your sign to take action—2025 could be your breakthrough year, but only if you start now. Black Friday_Header_2 Hey Friend , This is getting serious. We're handing over $1700 in value as

What’s 🔥 in Enterprise IT/VC #421

Saturday, November 23, 2024

Thoughts from Goldman's PICC + optimism for 2025? ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏

I'm blue

Saturday, November 23, 2024

Hey, ​ ​ tl;dr – I've decided to delete all my Twitter posts, lock down my account, and leave the platform. And I'm going all-in on Bluesky, which (in the last month) has become 1000x more fun