We started Vanta in 2017 as Equifax had lost every American’s social security number, Home Depot had leaked its customers’ credit card numbers to hackers, and Facebook admitted that it irresponsibly sent user data to third parties who tried to influence the US election.
We are so user centric that we’re currently on a first name basis with our users/customers —and while that won’t always be true, we’ll always be absurdly close to them. Everyone on our team talks to users about what they’re building or doing. Our engineers rotate each week to do oncall support (during normal business hours) so that they can help debug support issues. As an engineer, this means that you’ll put down your normal project for the week and (very likely) dive into different parts of the codebase that you probably have never before.
This practice is two-fold: it ensures that multiple people are familiar with every part of our codebase and keeps everyone close to our customers and their needs.
We are uncomfortable working with engineers who feel comfortable building things without customer feedback. We’re an incredibly customer-centric company and actively seek out other customer-centric engineers to join our team.
We "do things that don’t scale:" we make the first few product iterations manually until we build up confidence that folks want what you’re making. It's easy to iterate on a spec, harder on a mock, and hardest on code -- our time is valuable, so we learn lessons as early as possible.
We like to work with folks who are excited about making and carrying out their decisions, whether in the code they write or the partnerships they strike.
Someday, Vanta will need strict departments and handoff points between owners/teams. We don’t have – and don’t want – those things today.
To date, our product helps companies to check their security settings, but we will eventually build out the ability for Vanta to also prevent vulnerabilities.
For example, in addition to checking the settings on your laptop and alerting you – do you know if everyone at your company has encrypted their laptop’s hard drive? – we also want to make it easy for you to fix or change settings.
Security related to email, laptop, VPNs, and SSH keys may seem like standalone products, but they’re really part of the security-in-a-box solution that we are building for technology companies so that they can focus on their products. As a result, there is a tremendous amount of room for engineers to fully own projects.