Brought to you by Vanta
Vanta is the rare company that saves you time and money. One of the reasons we’re admirers of the platform is because of the thoughtful way the company addresses security compliance needs.
Instead of muddling through dozens of spreadsheets and hundreds of email threads, more than 5,000 customers trust Vanta to streamline their security and unlock business growth. By using the platform, you can automate up to 90% of compliance standards like SOC 2, ISO 27001, GDPR, HIPAA, and more. Better still, you’ll save hundreds of hours of manual work and up to 85% of compliance costs.
To learn more about how Vanta gets you audit-ready in weeks, instead of months, check out their 3-minute demo to learn more.
If you only have a few minutes to spare, here’s what investors, operators, and founders should know about Vanta’s bear-market playbook.
- Time the raise. Christina Cacioppo had offers to raise a Series B during the frenzy of 2021. Aware that conditions might change, the Vanta CEO turned it down, knowing an elevated valuation could be a burden in a downturn. Instead, she raised a $150 million Series B in mid-2022 – after the market had cooled down but before it had frozen over. It’s given Vanta a war chest for the next three-to-four years.
- Go on the offensive. As well as maintaining its market leading position domestically, Vanta has used the last year to expand internationally. With fewer rivals to reckon with, Cacioppo’s firm has been able to build up significant business lines in Europe and Australia. International revenue has subsequently swelled by 800%.
- Build new moats. Vanta has always prided itself on offering the most complete, thoughtful product in its space. The bear market has given it the space to make both incremental and radical improvements. One of its biggest moves is its “Vendor Risk Management” platform, released just last week. If it takes off, it could create a meaningful network effect for the business.
- Rev the Corp Dev. In January 2023, Vanta acquired Trustpage. Though it’s early days, it looks set to be part of the minority of purchases that are actually successful. In Trustpage CEO Chase Lee, Cacioppo found a kindred spirit that shares her vision and style of company building. It doesn’t hurt that the startups’ products appear to be perfect complements.
- Stack the team. As its traction continues to build, Vanta has been smart enough to scale its talent, too. Over the past twelve months, Cacioppo snapped up two C-Suite hires, bringing aboard Stevie Case as Chief Revenue Officer and David Eckstein as Chief Financial Officer. Both look like moves that position Vanta to IPO within the next few years.
This piece was written as part of The Generalist’s partner program. You can read about the ethical guidelines I adhere to in the link above. I always note partnerships transparently, only share my genuine opinion, and commit to working with organizations I consider exceptional. Vanta is one of them.
“You can’t overtake 15 cars in sunny weather…but you can when it's rainy.”
On May 16, 2022, those words, belonging to Formula One legend Ayrton Senna, appeared on a deck prepared by Sequoia Capital. With the market floundering, the storied venture firm delivered a presentation designed to galvanize its portfolio executives, urging them to act decisively to avoid calamity and capitalize on the radically new environment. In case the applicability of Senna’s words were unclear, they were accompanied by a more pointed addendum: “There is an opportunity ahead. Recognize it.”
Christina Cacioppo was among those in the audience. Two years earlier, Sequoia had led a $50 million Series A into Vanta, her fast-growing security business. Best known for providing SOC 2 compliance automation at that point, Vanta had never relied on the hype of a bull market to survive. Before raising from Sequoia, Vanta had reached a $10 million revenue run rate and kept a relatively low profile. In part, that had been strategic; as the creator of a new, lucrative category, Cacioppo had been keen to amass market share without alerting inevitable competition.
Though Vanta had strong fundamentals, Cacioppo knew her business wasn’t immune from the shifts Sequoia’s “Adapting to Endure” presentation outlined. If the CEO wanted to build a defining company, it wasn’t enough to survive a downturn; Cacioppo had to ensure Vanta stepped on the accelerator and recognized the opportunity. To ensure the rest of her team recognized how much the environment had changed, Cacioppo asked one of Sequoia’s investors to come give an abridged version of the presentation at a company all-hands meeting. “I wanted everyone to understand what was happening since the economic uncertainty would affect us all,” she said.
Almost exactly one year after Sequoia’s presentation (and The Generalist’s first briefing on the company), Vanta looks like a company that has grown stronger during the venture capital winter. In addition to raising a war chest of $150 million, Vanta has leveled up on virtually every front: gaining ground in untapped international markets, expanding its product suite, acquiring Trustpage, lining up partnerships with giants like Atlassian and HubSpot, and snagging C-suite talent capable of taking the company to an IPO, and beyond. In the process, it has doubled its business, growing to more than 5,000 customers. It’s on track to do the same in 2023.
In doing so, Vanta presents a compelling case study of how an impressive startup took the steps to potentially become a generational one, using a difficult year to emerge stronger.
Capital: Building a war chest
As the great Midwestern statesman and wordsmith Adlai Stevenson said, “Flattery is alright as long as you don’t inhale.” Few propositions are more intoxicating than being told that something you have built is valuable, even beyond your belief.
For much of the semi-productive bubble of 2021, founders of high-growth startups were confronted with a very fiscal form of flattery: a generous term sheet.
Christina Cacioppo was a natural recipient of such offers. Not only had Vanta been raised by some of Silicon Valley’s best investors, but the security firm was also a category leader logging rapid growth. In an environment where every tech company seemed destined to reach stratospheric heights, Vanta stood out all the same.
Toward the end of 2021, financiers came knocking – and Cacioppo turned them down. The CEO sensed a shift was coming that might make high valuations more of a burden than a blessing. “I just couldn’t look someone in the eye and say, ‘Vanta’s a $3 billion company and you should feel great about the value of this.’”
It indicated Cacioppo’s integrity, discipline, and critical farsightedness. While locking in a considerable valuation bump from the Series A might have garnered headlines, it would have pressured the business to validate that elevated price. It also would have meant that some C-suite candidates Cacioppo was targeting wouldn’t have received as favorably priced option packages. Long-time readers of The Generalist will know that I consider the Vanta CEO one of the most impressive startup founders operating right now. In miniature, Cacioppo’s decision to turn down easy money is one of the reasons why: she has a gift for unflashy decisions that prove highly strategic.
Not that Cacioppo’s choice always felt easy. Fundraising had changed by the time she set out to raise the Series B in mid-2022. “There was some FOMO later,” she recalled. “A few times during the B process, I’d think to myself, ‘Those text message term sheets sound pretty good right now.’” Gone were the days of securing a round over a frenzied long weekend; securing tens of millions of dollars once again required time and diligence.
While Vanta might not have closed its Series B over a few WhatsApp missives, its strength meant Cacioppo could run an efficient process. It helped that she had a preferred firm in mind: Craft Ventures.
Founded by Bill Lee and David Sacks in 2017, Craft has built a name as a SaaS specialist backing ClickUp, Intercom, Vendr, and Productboard. The firm had vied to lead Vanta’s Series A. While Cacioppo had ultimately chosen Sequoia to partner with, she’d been left impressed by the depth of Craft’s understanding of her business. “They were also just very good,” she said. “Starting in 2019, we started receiving pitch decks from investors analyzing the company from the outside-in. Often, they’d be reasonable but it’s hard for someone external to grasp a business we’re in day to day. But Craft’s was good. It was deeper. It was like, ‘You all get it. And you figured it all out yourselves.’”
In July, Vanta closed a $110 million Series B led by Craft at a $1.6 billion valuation. I made it one of Generalist Capital’s first investments, joining previous investors Sequoia Capital and Y Combinator. A few months later, in October 2022, Cacioppo added $40 million from cybersecurity giant CrowdStrike.
That strategy of tying up partners has continued. Yesterday, Vanta announced the corporate venture arms of three other strategics had participated in the Series B: Atlassian, HubSpot, and Workday. As with CrowdStrike, these enterprise giants could prove to be extremely valuable as distribution and product partners. Bringing them onto the cap table looks like a shrewd maneuver.
Vanta’s more than $150 million injection put the business on firm footing. “It gave us essentially three and a half to four years of runway, with the goal of doubling the business every year. We’re on track to do that,” Cacioppo said.
It’s a sign of Vanta’s strong fundamentals that since closing the round, the company’s investors have counseled increasing spend from the original plan. Sequoia partner Andrew Reed has been a particular advocate on this front. “When I presented the annual plan to the board this year, I remember Andrew’s feedback was, ‘This looks great, and if you do it, no complaints on our side. But if you can burn more and make more, at this ratio, do it.’ That was surprising.”
Investors’ guidance has resulted in a subtle but significant strategic reframing from Vanta. Rather than focusing on efficiency during the downturn, the company is minded towards leverage. “The goal is not to cost-cut just to hit a certain number. You cut so that you’re not pointlessly incinerating money. But we’re in a position that if we can spend $10 million to bring in $20 million, we can, and will, do it.” Such willingness to act aggressively has allowed Vanta to expand its horizons.
Expansion: Winning overseas
Walk through one of Vanta’s offices, and there’s a good chance you’ll come across a stuffed llama. The proliferation of these cuddly camelids is not merely the sign of a team that embraces its official mascot – it indicates the increasing competition Vanta faces.
Allow me to explain. Since Christina Cacioppo created the SOC 2 automated compliance category in 2018, dozens of fast-followers have joined the gold rush. So many that a few years ago, the company spun up a spreadsheet to track the forty-something rivals that have come to market. Vanta offers employees a small prize for keeping it up to date: “If you can add a name to the spreadsheet, you get a stuffed llama,” Cacioppo said. Vanta’s llama bounty is a lighthearted approach to competitive intelligence; it reflects the reality of a hot sector.
While Vanta’s primary differentiation comes from its more comprehensive and performant product suite, Cacioppo has used the downturn to win share in new markets. As replica businesses sprout up across America, international markets have remained comparatively untouched. “The European market feels like the US market in 2019: no one’s there, and founders want this.” Even without a dedicated team, 20% of Vanta’s business came from outside America, rolling in from customers in Europe, Asia-Pacific, and Latin America. “We looked at these markets and thought to ourselves, ‘What if we tried?’”
In mid-2022, Vanta decided to try. The firm hired Paulo Rodriguez, an Ireland-based go-to-market operative, to lead its international expansion. Cacioppo parachuted in some of the company’s top-performing account executives and client managers to make a dent in the European and Australian markets. The goal was simple, if audacious: reach Vanta’s 2020 revenue trajectory – then surpass it. “Paulo’s team had the benefit of a time machine. They could avoid the mistakes we made over the past three years, so we felt they could hit an even steeper growth curve.”
Though appreciative of Cacioppo’s ambition, the board wasn’t convinced that was possible. “They basically said, ‘Look, if you can pull it off – great. Godspeed.’”
As it turned out, Cacioppo’s projections may have been too conservative. A year into its global expansion, Vanta has grown international revenue by 800%.
Cacioppo has doubled down on the international opportunity, hiring local employees in Europe and Australia, establishing an HQ in Dublin, building out geographically-specific features, and adding support for new languages. Aspects of Vanta’s products are now available in German, French, Spanish, and English. Earlier this year, Vanta announced the opening of a Frankfurt data center, benefiting EU customers requiring local data storage.
This is one of Vanta’s most significant evolutions compared to a year ago. Today, the trust management platform is a multi-market player transforming into a truly global business. Though that invites greater complexity and requires more resources, it opens up tremendous opportunities. Vanta is once again leveraging its first-mover advantage.
Product: Managing trust
One painful mode of corporate obsolescence looks like this: A promising startup finds early success with a killer feature. It capitalizes on scalding product-market fit to grow its customer base and win in its category. Focused on its core product, that company devotes insufficient resources to building a broader suite, even as rivals emerge to chip away at its market share. Eventually, the business is hemmed in, stale, unskilled at building and launching new major features, hanging on to its first product.
The common wisdom is that to avoid this outcome, companies need to learn to become multi-product relatively early in their life.
It’s little surprise that Christina Cacioppo is attuned to this risk. Before founding Vanta, she was a product manager at Dropbox. Though far from a failure, the cloud storage platform exemplifies how innovative companies can become stuck, unable to push into new territories. Sixteen years into its life, though Dropbox’s storage features are smoother, richer, and more powerful, its fundamental offering hasn’t changed much. Attempts like its Paper product – a spin on docs that Cacioppo helped build – failed to attract widespread usage. That wasn’t for lack of effort. “There were years of trying hard,” Cacioppo recalled, “And it never worked. In many ways, failure is the default case.”
Cacioppo’s time at Dropbox gave her an appreciation for how difficult building a multi-product business is and why it’s an evolution worth beginning early. Over the past year, the CEO has moved assertively to progress Vanta from a robust automated compliance product into a comprehensive “trust management” suite bolstered by several new product lines. It’s too early to know precisely how significant these additions will become, but they’ve already made Vanta a more valuable, proactive, and enterprise-ready offering.
Before discussing its new product lines, it’s worth noting how Vanta has expanded its core. Last summer, the company launched an initiative named “Project Infinite Standards.” As its moniker suggests, the goal was to increase the number of supported standards beyond classics like SOC 2 and GDPR and construct a system that made adding new standards simple. “We turned it into an assembly line,” Cacioppo said. “Now, they just roll off one after another.” Since our last deep dive on Vanta, the number of supported standards has swelled from 5 to more than 20 and counting.
Critically, if a customer needs a standard Vanta doesn’t currently support, its engine makes it easy to add a new one – which can then be leveraged by successive customers. Equally, if a company wants to construct a custom framework, Vanta takes care of it. For enterprise customers, that capability is especially critical.
“We just said to ourselves, ‘Let’s not lose because we don’t have some UK cyber framework.’” By building the infrastructure to support “infinite” standards, Vanta has taken away a potential vector for competitors to differentiate while extending its advantages.
“Project infinite integrations” had a similar goal. Historically, Vanta rolled out integrations with top SaaS platforms piecemeal. These connections are essential – they simplify monitoring security across platforms for customers. “We covered all of the top SaaS tools,” Cacioppo said, “But if you were using something else, your experience was degraded. The long tail really matters.” Once again, Vanta sought to solve the issue once and for all, retooling its systems so that adding new integrations became trivial. The floodgates have opened; Vanta has added 50 new integrations in the last three months alone, contributing to an ever-growing collection.
Though significant upgrades, Vanta’s bigger innovations have come elsewhere. In particular, its introduction of “Trust Reports” and “Questionnaire Automation” have proven significant. Both of these products have been boosted by Vanta’s 2023 acquisition of Trustpage, which we’ll discuss later. Before outlining the products themselves, it’s worth detailing the problem Vanta is solving here.
Imagine you’re the CEO of a SaaS platform that sells to big enterprises. One day, one of your sales reps calls to share some good news: Microsoft is interested in using your product. Before securing a game-changing contract, you have to prove to Microsoft your trustworthiness. To do so, Microsoft sends you a series of questions about your security posture – things like how you manage employee access and data encryption.
If you’re starting from scratch, this might take months. Even if you have a decent grasp of your processes, pulling the requisite information together could require weeks. It’s a process that is often manual and time-intensive. Even more frustratingly, it’s repetitive: each new potential customer has their own questions and requirements.
Trust Reports change this process. Rather than reactively responding to security concerns, companies leverage this product to proactively demonstrate their trustworthiness, including the compliance standards they meet and the procedures they follow. This information is showcased on a branded page that potential customers can view and monitor in real time. In that respect, it’s effectively a version of an uptime page that broadcasts a company’s security.
For both Vanta and its customers, this is a sneakily profound shift. For customers, Trust Reports turn security into a competitive advantage. Instead of sending over a static spreadsheet, customers display a comprehensive, live tracker that gives their clientele more information and peace of mind. It catalyzes a step-by-step shift Cacioppo has made for Vanta: evolving from a point-in-time solution to an always-on, continually-valuable security suite.
Vanta’s “Questionnaire Automation” product bolsters this solution. Though Trust Reports are well-suited to address most security concerns proactively, there’s an inevitable long tail of queries. To reiterate, the current process here is nightmarish: answering the same questions repeatedly for different clients in different formats. Leveraging AI, Vanta streamlines this process, pulling information from previously completed questionnaires and security policies. Users can “auto-complete” a new questionnaire in just a few clicks.
Last week, Vanta announced another significant product: Vendor Risk Management (VRM). It’s a neat addition that “completes the second half of Vanta’s marketplace,” as Cacioppo said. To make that analogy explicit: the “first half” of Vanta’s marketplace enables software sellers to prove their security, the VRM hemisphere allows software buyers to evaluate prospective vendors’ trustworthiness. By using the platform, enterprises can automatically discover and vet vendors, streamlining the security review process. The VRM solution continuously monitors the vendors a company uses, staying on top of these third-party risks and helping guide remedial action when necessary.
It’s a product that uniquely leverages Vanta’s dominant position in the market and builds new defensibility. Cacioppo’s company serves more than 5,000 companies that comply with 20-plus security frameworks, meaning it has a rich and up-to-date data compendium. With VRM, software buyers get direct access to ground-truth security information about their vendors. Most are likely already Vanta customers given the size of the company’s user base. VRM allows Vanta to flex its scale advantage, one that will only become more pronounced as it grows.
More exciting is that it brings network effects to the company. Every new customer that joins Vanta increases the number of vetted vendors in the VRM portal and provides valuable data. Though VRM is still in its infancy, it looks like a significant new puzzle piece.
M&A: Trustpage
By some accounts, 70-90% of acquisitions fail. Combining cultures, products, and leadership teams under a single roof is a challenge that vexes even experienced leaders. And yet, as with “going multi-product,” the ability to successfully conduct M&A is an effective driver of enterprise value. Microsoft grabbed PowerPoint for just $14 million in 1987 before making it an essential part of its Office Suite. Alphabet would not be nearly as competitive in today’s AI renaissance had it not snapped up Deepmind in 2014 for $500 million. Meta might have declined half a decade ago were it not for the pick-up of Instagram. Thanks to their corporate development team, many great businesses have unlocked second and third acts.
In January 2023, Vanta closed its first acquisition: Trustpage, a provider of trust reports and security questionnaire tooling. Given the lifespan of a corporation, five months is the blink of an eye; the shrewdness of Vanta’s purchase will be measured in years. Early signs are encouraging, however.
The discussion started mid-2022 when Trustpage CEO Chase Lee asked mutual investor GTMfund to connect him to Christina Cacioppo. A serial entrepreneur with previous exits in the software security space, he’d been looking to connect to the Vanta founder for some time. Not only was Trustpage a customer, Lee was an admirer of the product Cacioppo had built and felt there might be a compelling partnership to forge. Vanta had the ideal data to populate the trust reports that Trustpage had made its calling card.
A Vanta acquisition was far from Lee’s mind. Trustpage has grown efficiently since he founded the business in 2020. After bootstrapping for a year, he’d raised a $5 million seed round from Ludlow Ventures, Detroit Venture Partners, GTMfund, and others, securing major customers like ZoomInfo, Pendo, and Dutchie. That traction had prompted firms to offer to lead a potential Series A.
With this backdrop, Lee and Cacioppo met – and promptly hit it off. The two founders shared similar views about the future of security and the product opportunities for their respective businesses. It didn’t hurt that both hailed from the Midwest, allying fierce competitiveness with their region’s penchant for decency and affability.
Quickly, the conversation moved beyond a partnership and toward an acquisition. Cacioppo saw clear advantages in a potential team-up. “We had launched our version of Trust Reports by then, but their product was more built out and they’d gotten upmarket customers,” she recalled. “The acquisition hypothesis became: this is a very fully-baked product that we can give to our sales team and can stand on its own. And if for some reason it doesn’t, this team is very good.”
Lee shared Cacioppo’s excitement, even if giving up running his company caused some reservations. “Emotionally, it was hard to think about not taking the new funding round and continuing to build Trustpage. But when you looked at Vanta’s tremendous growth over the last few years and the perfect fit between these companies, we felt we could end up somewhere bigger together. Vanta could accelerate us, and we could accelerate Vanta.”
Lee also cited the intangible harmony between Trustpage and Vanta’s teams. “This deep cultural and founder alignment also signaled to me, ‘Hey, most of these M&A deals get screwed up, but this one feels like we’re foundationally on the same page. We’ll make the right decisions.’”
The maturity of Vanta’s Trust Reports and Questionnaire Automation owes much to work done by Lee’s team, and there are reasons to believe this acquisition has further dividends to pay. As Vanta seeks to move upmarket, Lee’s expertise could be beneficial.
Leadership: KillCreek and Dave
In April 2022, Christina Cacioppo and Stevie Case circled a lagoon in California’s balmy Foster City. The pair had been connected a few weeks earlier by Andrew Reed, who thought the departing Twilio VP of Sales might be the perfect person to lead Vanta’s sales teams to new heights. Cacioppo recounted the gist of the Sequoia investor’s message: “I basically got an email from Andrew that said, ‘This person might be leaving Twilio. If she even dips her toe out, she’ll get a job offer in 14 seconds. You need to go talk to her now.’”
While Cacioppo could not have foreseen a last-minute jaunt to Foster City, built across San Mateo’s Brewer Island, in some respects, it was even more surprising to find Stevie Case there. Born and raised in Kansas, Case has seemingly lived half a dozen lives in one.
In the late 1990s, Case became the world’s first professional female gamer, dominating first-person shooter Quake under the moniker “KillCreek.” For those familiar with that period of gaming history, KillCreek’s exploits are the stuff of legend. Not only did she blaze a path for other women in gaming, combatting persistent misogynistic attitudes, she famously beat Quake’s co-creator, John Romero, at his own game. The case appears in David Kushner’s chronicle of the scene, Masters of Doom, and was profiled by Vanity Fair last October.
As well as being an expert player, Case was also a game developer, a role that brought her closer to the tech industry. It required the intervention of a mentor to convince Case that despite her engineering abilities, her skills might be best applied in sales. It wasn’t a move that made much rational sense to Case. “I had no idea what sales meant or looked like beyond the stereotypes of someone selling cars, for example,” she said. Still, something about the sense of challenge appealed to her. “For the first twenty years of my career, if something made me feel deeply uncomfortable, it usually meant I should do it.”
It proved an inspired fit. Alongside her intelligence and technical expertise, Case is a natural connector and empath. Vanta’s Head of Communications, Erin Cheng, summarized this powerful combination. “Some people really index high on IQ or EQ – Stevie has both. She excels at being an empathetic leader that drives results.”
Those abilities took Case to Twilio, where she started as one of the API company’s first salespeople in 2016. It served as Case’s professional home for the next six years, during which time Twilio established itself in the public markets, and “KillCreek” rose to the role of VP of Enterprise Sales followed by a period as VP of Mid-Market Sales. The Quake adept that had spent years in gamer basements had officially reached the board room.
Though Twilio had proven an exceptional fit for Case’s talents, in early 2022, she began to think about making a change. She knew as well as Reed that she would have no shortage of suitors. To filter potential options, Case set three criteria for her next position:
- The company was post-product-market fit.
- The sales team was ready to scale.
- The CEO was exceptional.
On that first lagoon walk and in the meetings that followed, Case quickly realized Vanta could offer all three. “It was the one opportunity that checked every box. It was the clear winner.” Particularly important was how emphatically the company fulfilled the third of Case’s criteria. “I felt on a deep, personal level that Christina was the leader I wanted to work with. It’s hard to find the right words to describe her adequately: you meet her, and she seems so even-keeled, just really steady. And then, when you see how much is on her plate, how far she has taken this company, how much she’s built – it’s stunning.”
Vanta’s CEO found herself similarly awed. In last year’s analysis of the company, I described Christina Cacioppo as a “Midwestern assassin”: “incredibly nice but not to be underestimated.” It indicates the almost innate understanding between the two operatives that Cacioppo has passed on the honorific. “Stevie’s the true Midwestern assassin.”
In April 2022, Stevie Case was officially unveiled as Vanta’s new CRO. It represented a significant coup and the beginning of a partnership already bearing considerable fruit. By Cacioppo’s accounts, Case has “transformed” Vanta’s sales teams, bringing swagger and structure to operations. Buoyed by her intensely competitive spirit – don’t forget “KillCreek” still lurks behind the sales exec veneer – Vanta has successfully moved into the mid-market and is beginning to make a significant dent among large enterprises.
True to form, Case has brought a sense of play to the process of winning. One of her first acts as CRO was to give exceptional performers personally painted llamas as part of the “Golden Llama Awards.” Many have become prized possessions.
Perhaps even more exciting than Case’s progress is the prospect of what she will do at Vanta in the future. Cacioppo has snagged a top-tier talent that seems intent on making this company her greatest success to date – the sense of camaraderie and recognition between Case and her CEO augurs very well.
David Eckstein is Vanta’s second key addition. A seasoned finance leader, Eckstein started his career in banking at Barclays before moving to the startup world. He held positions at Box, OpenDNS, and Menlo Security. At that last business, Eckstein served as CFO, a post he held for five years.
As with Case, Cacioppo courted Eckstein for several months, traveling across the country in the process. During one conversation, Eckstein casually asked if Cacioppo planned to attend Goldman Sachs’ tech conference in November last year. Though she’d never heard of it before, the Vanta CEO immediately said yes, then asked her investors to help get her a ticket. “In my head, it was 100% a recruiting trip,” she said. “Of course, David didn’t know that, so he was trying to help me prepare for investor meetings. I was just there to hang out with him.”
It proved to be time well spent. Eckstein joined as Vanta’s CFO in February 2023.
Eckstein’s addition is a clear indication of Cacioppo’s public market ambitions. While he has yet to usher a business through IPO as its CFO, Eckstein’s time at Barclays gave him an appreciation for the process from the other side of the table, while his stint at Box exposed him to the preparation a big tech company goes through leading up to its public debut. Cacioppo is confident he’s the right person to handle that process for Vanta when the time comes. “If you’re going to bet on anyone to step up like that, it’s David.”
Vanta’s work is done on the recruiting front. As you might expect for a company of this stage, there are still executive roles to fill. Adding that firepower will be important in the coming months and years. As the processes with Case and Eckstein show, Cacioppo is willing to be patient and persistent in bringing the best talent aboard. To have added two impressive lieutenants in the last year is strong work that will pay dividends.
Risks: A bigger game board
Before discussing Vanta’s current risks, it’s worth reflecting on those we highlighted last time around:
- Capitalization risk. This time last year, Vanta had raised just $53 million – considerably less than many of its competitors. While that discipline was admirable, we worried that Vanta’s conservatism might allow a rival to gain a capital advantage that could be used to gain market share.
- Innovation risk. Differentiating on products becomes increasingly important as competition grows. With dozens of followers “slinging SOC 2s,” as Cacioppo described it, we felt Vanta needed to keep innovating on its product to retain its market-leading position.
- Messaging risk. Vanta had taken a light touch regarding marketing, leaving space for fast followers to build brand awareness. To ensure it did not lose a public awareness battle, we suggested Cacioppo’s company “spend a portion of its next round on messaging.”
It’s exciting to see how effectively Vanta has addressed these potential weaknesses. As we’ve discussed, Cacioppo closed a strong Series B just a couple of months after our piece was published, giving it financial might at the best possible moment.
Equally, the company has shipped incremental product improvements and new offerings. Vanta has done so at a time when several competitors have slowed their product innovation.
Vanta has also made significant strides when it comes to messaging. The playfulness the company showed in its popular “Compliance that doesn’t SOC 2 much” billboard campaign has been more fully instilled in the product. The best example is Vanta’s rebranding, which launched in April this year. Much of it centers around Ilma, a winning illustrated llama. It has upped the cheekiness without losing its polish. “We wanted to create a flexible brand system,” VP of Marketing Sarah Scharf remarked. “On the one hand, we have this cute, quirky llama and taglines that are tongue-in-cheek. Conversely, if you remove those elements, the brand identity is refined and works well with enterprise customers or audit partners.”
When analyzing high-growth companies, these softer elements can often go under the radar, but they make a meaningful difference. Though Vanta’s rebrand might look like a small touch at first glance, it’s a clever way of bringing personality and approachability to a space that tends to be dry. Vanta’s product has always stood out from the pack; now, its brand does, too.
Vanta has done the work to bring that brand to life. It’s been a much more aggressive marketer over the past twelve months and continues to look for new avenues. Cacioppo remarked on how surreal it felt that Vanta would soon be advertising on a series of French podcasts. It has built a growing community around itself. Around the winter holidays in 2022, the company held “VantaCon,” its first user conference. “It was such a special moment to get our community together,” Scharf said. “Having people that are invested enough to come learn what’s next for Vanta and hear the vision – that felt amazing.” Again, in a traditionally sterile industry, finding ways to build genuine connections may prove powerful.
While Vanta has executed impressively to de-risk its prior issues, new ones have inevitably emerged. There are three, in particular, worth highlighting.
First, Vanta’s attempts to go multi-product could fail to take off. Though it’s strategically sound to try and develop the company’s ability to execute adjacent to its core business, history is littered with examples of failed launches and botched features. New products could become time and resource sucks that make little impact.
Right now, Vanta’s efforts look well-considered. Trust Reports and Questionnaire Automation solve a proven problem and uniquely leverage Vanta’s insights on its customers. Vendor Risk Management (VRM) is slightly more speculative, moving into vendor discovery and third-party risk assessment. Still, it’s connected to the main product suite and helps complete a customer’s journey.
Second, Vanta and Trustpage could struggle to integrate. The statistics show just how hard it is to make these arrangements work. Founders used to operating independently may struggle to find themselves with a boss; employees dropped into a new corporate environment could find it challenging to connect with a swathe of new colleagues.
No discord troubles Vanta and Trustpage’s union. For now, at least, it is a happy marriage with the makings of an enduring one. The companies share uncommonly consistent cultures and visions. The products sync up nicely with one another. And both founders seem deeply committed to making the most of their partnership. I suspect we’ll look back on Vanta’s acquisition of Chase Lee’s team as a subtly powerful accelerant.
Vanta’s global push represents a final risk. Last year, I remember having a conversation with the CEO of a distributed company. They mentioned the importance of creating “operating hours” across the business. Without them, a CEO might effectively run three or four different companies: one on the West Coast of America, one on the East Coast, one in Europe, and one in Asia. Communicating a message to every employee synchronously requires a 24-hour speaking tour of the CEO or midnight Zoom calls from staff.
While such difficulties are navigable, they illustrate how global expansion stresses operations. Though remote-first, Vanta has offices in San Francisco, New York, Dublin, and a growing team in Australia. The company increasingly needs to coordinate across time zones, geographies, and jurisdictions. It feels inevitable there will be growing pains to deal with; Vanta must ensure it moves through them as swiftly as possible and minimizes avoidable mistakes.
Ultimately, Vanta’s risks look manageable. Indeed, they’re the kind of concerns you want a business to have, borne out of innovation, acquisitions, and expansion. But there’s no doubt they are real, all the same. Vanta may have de-risked its previous issues but now operates on a much larger board with many more pieces. Maintaining focus and high performance amidst complexity will be Cacioppo’s primary concern in the coming year.
“Who doesn’t just survive, but win?”
This is perhaps the most pointed question in Sequoia’s “Adapting to Endure” deck. Which companies weather a winter and emerge stronger for it? How can a startup capitalize on difficult conditions as an opportunity to extend its lead?
In Vanta, we have an example. Over the past twelve months, Christina Cacioppo has achieved a great deal: raising new capital, expanding overseas, innovating on products, tying up a game-changing acquisition, and recruiting the talent needed to reach the next level. Though plenty of risks remain, Cacioppo’s decision-making in a downturn has set Vanta on a path to becoming one of this generation’s defining companies.
The Generalist’s work is provided for informational purposes only and should not be construed as legal, business, investment, or tax advice. You should always do your own research and consult advisors on these subjects. Our work may feature entities in which Generalist Capital, LLC or the author has invested.
Join over 55,000 curious minds.
Join 120,000+ readers and get powerful business analysis delivered straight to your inbox.
No spam. No noise. Unsubscribe any time.