The Generalist - Vanta: Securing the Internet

Christina Cacioppo’s company is the established leader in automated compliance monitoring. Its ambitions span the web.  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌

Hello friends,

What SaaS company scaled in near-silence before raising a $50 million Series A from Sequoia Capital?

The answer? Vanta.

In today’s piece, we unpack the story of a category-creating business that has achieved breakout traction with minimal funding. (Specifically, a $10MM run rate before that Series A.) In the process, we’ll explore the massive opportunity in compliance and security, how Vanta disrupted an industry, and what it means to secure the internet. We’ll also touch on Vanta’s absurd traction and tell the behind-the-scenes story of that Sequoia round.

This piece was written as part of The Generalist's partner program. You can read about the ethical guidelines I adhere to in the link above. I always note partnerships transparently, only share my genuine opinion, and commit to working with organizations I consider exceptional. Vanta is one of them.


VANTA: SECURING THE INTERNET

Actionable insights

If you only have a couple of minutes to spare, here's what investors, operators, and founders should know about Vanta.

  • Vanta is an architect of trust. At its core, the company makes it easier for businesses to trust one another. It does so by automatically monitoring a business’s performance relative to compliance standards like SOC 2.
  • Christina Cacioppo created the category. Before Vanta, getting SOC 2 certified required tens of thousands of dollars and months of work. Cacioppo recognized technology could automate much of the work and radically reduce cost and effort.
  • It scaled in near-silence (and continues to grow). Cacioppo built an impressive business with little funding or fanfare, not wanting to alert others to the opportunity. Vanta had reached a $10 million run rate when it raised a Series A from Sequoia Capital.
  • Automated compliance has become a hot space. Though Vanta managed to stay under the radar for several years, other businesses have awoken to the space’s potential. Competitors are raising bumper rounds to try and close the gap.
  • Vanta’s mission is to secure the internet. It doesn’t see itself as just an easy way to get SOC 2 certified. Already, the company provides support for HIPAA, GDPR, ISO 27001, and beyond. Its greater mission is to help make online business safer.

***

Our brains work hard to assess the trustworthiness of another person. We observe the sturdiness of their gaze, listen to their voice's timbre. We consider their age, gender, wealth, and weight. We heed what they say and what they seem to hide. Did they pick at their nails as they spoke? Did they scratch their nose? And what was that movement, that little dart: a flinch, a sneeze, a cough, a tell?

We do this difficult work, drawing in hundreds of real-time signals because almost every worthwhile interaction comes after trust has been established. Friendships, relationships, and partnerships all rely on some measure of it.

Businesses have the same need for trust. But when it comes to securing it, they cannot rely on the same swirling broth of sensory and extra-sensory information humans do. So, what can they do? In the place of instinct, there is auditing. And rather than psychology, there are standards of compliance, the largest of which is called “SOC 2.”

Behind the aridity of the acronym, this is what SOC 2 really is: a document in which a business says, “This is who I am. These are all the things I do to stay safe. This is why you can trust me.”

Though that might sound simple, getting to the point of trust for a business used to be a complicated and costly endeavor. The experts I spoke with shared that a complex SOC 2 process might take eight months, costing north of $50,000. Since large enterprises typically require proof of data hygiene to work with another company, smaller businesses found themselves in a fiendish conundrum we might call a “SOC 22.” The steep price of an audit could put a business in financial trouble, but failing to pay for one meant no new customers, no revenue, and financial risk, all the same. For the lucky, compliance was a cumbersome cost-suck; for the ill-starred, it could be an existential strain.

This was the way of the world, and it served no one save the auditors themselves. They thrived on high fees, opaque processes, and unwavering demand. Then, something happened.

Every industry that has undergone technological upheaval has a before and after moment. Online payments can be divided into time before and after Stripe. Venture capital existed pre and post-AngelList. In compliance, there is a “BV” and “AV”: Before Vanta and After Vanta.

Founded in 2017 by Christina Cacioppo, Vanta is the quintessential disruptor. It has axially altered the way companies prepare for security audits, reducing the timeline from months to weeks. It has also created a brand new category and changed the cost structure of an entire industry, lowering prices by as much as 90%. In the process, Cacioppo and her team have constructed a remarkably winning business – hitting a $10 million revenue run rate before raising its Series A from Sequoia Capital. Even as fast-followers have entered the space, Vanta has gone from strength to strength, logging insane customer growth and establishing itself as the standard bearer for the industry.

Vanta’s success means there is a clear line of sight to significant financial success in the short-to-medium term. Yet the company has only just begun its climb towards Cacioppo’s true goal: to secure the internet. If Vanta is successful, businesses may be able to establish trust in just a fraction of the time it takes now, a profound change.

In today’s piece, we’ll tell Vanta’s story and chart its future. In doing so, we’ll cover:

  • Origins. Before starting Vanta, Christina Cacioppo learned how to study business at Union Square Ventures. She also built plenty of products of her own before discovering the opportunity in automated compliance.
  • Product. Vanta shifts the compliance process from a reactive one to a proactive one. By connecting with a company’s different tools, it seamlessly monitors security practices and suggests improvements. When auditing time arrives, most of the work is done.
  • Model. By turning to technology, Vanta has reduced the cost of SOC 2 certification. That hasn’t stopped it from growing. It grew its customer base by 220% last year after a sterling 2020.
  • Culture. Christina Cacioppo is a Midwestern assassin – incredibly nice but not to be underestimated. She has built a business in her image, replete with good-spirited operators who want to win.
  • Risks. Despite being the market leader, Vanta hasn’t always touted its positioning. As competitors flood behind them, Cacioppo and company will need to invest in messaging. That may require a new round of capital.
  • Future. Right now, audits are point-in-time assessments. Does that make sense given the dynamism of the tech sector? In the future, companies may demonstrate trustworthiness on a near-continuous basis.

Let's get going.

See you soon,

Mario

Older messages

Blockspace with Chris Dixon

Sunday, May 15, 2022

Chris Dixon has called blockspace the “best product” of the 2020s. We ask a16z's head of crypto to explain why that's the case and where we're headed. ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌

The Economy of You

Sunday, May 8, 2022

An exploration into the promise and perils of social tokens. ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌

Flexport: How to Move the World

Sunday, April 24, 2022

The $8 billion freight forwarder has designs on a bigger prize: owning the data layer for global trade. ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌

Dune: The Data Must Flow

Wednesday, April 20, 2022

The crypto unicorn is a tamer of blockchain information. It's also a portal to a new kind of economic empowerment. ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌

The Wisdom List: Leif Abraham, co-CEO of Public

Sunday, April 10, 2022

The leader of investing unicorn Public shares his lessons on fundraising, hiring, and finding focus. ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌

🚀 Introducing Launch YC: The Launchpad for YC Startups

Monday, July 4, 2022

Introducing a new way to discover recently-backed YC startups and product updates from YC alum — Launch YC. View this email in your browser 🚀 Launch YC: The Launchpad for YC Startups This week, we

Something huge is coming

Monday, July 4, 2022

Hey , From all of us at Foundr, Happy 4th of July. As part of the celebrations happening today, I wanted to let you know that something huge is coming tomorrow (July 5th, 2022 USA Eastern). You may

Limiter, Seekr, Proudlist, VYou app, and folk

Monday, July 4, 2022

One-stop SaaS feature management solution BetaList BetaList Daily Limiter One-stop SaaS feature management solution Seekr Browser's bookmarks redesigned for fast browsing. For inidividuals &

Today's startups in 10 words

Monday, July 4, 2022

10words.io Discover new apps and startups in 10 words or less Workast: The project management app for Slack teams FluidStack: FluidStack connects you to unused machines at data centres cheaper Bravely:

Today's Digest: Pay money to waste time: ultimate productivity hack?

Monday, July 4, 2022

Your Indie Hackers community digest for July 4th ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌

🦄 SegmentStream: Advertising without cookies

Monday, July 4, 2022

SegmentStream provides businesses marketing analytics without using internet cookies. The company uses proprietary machine learning algorithms that monitor user behavior to reverse engineer advertising

Silicon Valley Funding News - Week of July 4, 2022. Twelve Raised $130M Series B led by DCVC

Monday, July 4, 2022

View this email in your browser 3.6 million people are projected to fly this weekend, per AAA and I am flying back to San Francisco today! I had a wonderful time in London this past week! The weather

🇺🇸 The life, death, and re-birth of Silicon Valley patriotism

Monday, July 4, 2022

Anduril, Astranis, ABL, Palantir, Hermeus, Shield AI, and more ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌

[Inverted Passion] The number one job of a founder is to communicate clarity

Monday, July 4, 2022

Here's a new post on InvertedPassion.com The number one job of a founder is to communicate clarity By Paras Chopra on Jul 03, 2022 02:57 am In the very early stages when there are few people in the

My cofounder quit mid-raise 🤯

Monday, July 4, 2022

Is Europe the friendliest place for crypto? | The deeptech startups to watch | Sibling cofounders View this email in your browser Powered by True Layer Hi Sifted reader, Getting on with your cofounder