Key takeaways from VantaCon UK
BlogCompany news
April 14, 2025

Going beyond the standard: Key takeaways from VantaCon UK 2025

Written by
Vanta
Reviewed by
No items found.

Accelerating security solutions for small businesses 

Tagore offers strategic services to small businesses. 

A partnership that can scale 

Tagore prioritized finding a managed compliance partner with an established product, dedicated support team, and rapid release rate.

Standing out from competitors

Tagore's partnership with Vanta enhances its strategic focus and deepens client value, creating differentiation in a competitive market.

Our second annual VantaCon UK event featured thought-provoking conversions with founders, CISOs, and security leaders from Synthesia, Okta, Klarna, Pigment, Multiverse, and more.

During the event, speakers touched on the complexities of building trust in the age of AI, discussed specific regulatory challenges in the EU, and shared practical tips for modern CISOs operating amidst an evolving regulatory landscape and complex risk environment. 

For those who couldn’t attend the live event in London, we’re sharing some key takeaways.

Trust in the age of AI

During a fireside chat with Vanta’s CEO Christina Cacioppo, Synthesia co-founder and COO Steffen Tjerrild discussed his journey building the UK’s most valuable generative AI media company. He shared the importance of balancing innovation with transparency to demonstrate trustworthiness and allay customer concerns around AI. 

Though there was no AI regulation in place at the time he founded Synthesia, Steffen and his team built the company with a framework of “consent, control, and collaboration” in mind—guiding principles that helped Synthesia take cutting-edge AI technology to market in a responsible way

Today, another way Synthesia demonstrates trust is through ISO 42001 compliance. Synthesia became the world’s first ISO 42001-compliant AI video company in September 2024—providing validation that the company has a strong AI governance framework in place and develops AI in line with industry best practices. ISO 42001 has been a competitive differentiator for Synthesia, especially when assuring enterprise customers that they are a vendor that can be trusted. 

Regulatory challenges in the EU

Another panel of experts went deep on regulations in the EU. Quentin Berdugo, CISO at Pigment, Zafrul Sattar, Director of Information Security at Multiverse, Becci Freeman, Chief of Staff at Engine by Starling, and Lazar Lazarov, Head of Security at BVNK took the stage to chat about the biggest security and compliance challenges they face at their respective companies.

While each organization faces unique compliance challenges, all agreed that AI is changing the game significantly in the European market—amidst local regulations like the EU AI Act. Zaffrul discussed the challenge of balancing innovation with security while building AI products and the risks associated with using publicly available LLMs. He reminded the audience that all the public LLMs have backdoors that can be hacked. Zafrul encouraged attendees not to use confidential or client data with these models. However, he advised that there are still appropriate use cases where they can increase your productivity (though you do need to assess for risks in those use cases). 

The panel also discussed the challenges of meeting EU regulatory frameworks while balancing other demands on their security programs. Quentin touched on how market demands dictate team priorities: “The market is telling you what it wants.” Customers demand to see things like ISO 27001, which makes this tablestakes for EU-based companies. As he says, security is a product feature, and it’s critical to listen to what customers want. 

With new emerging frameworks like DORA, it can also be tough to prioritize which frameworks to pursue. Becci cautioned security leaders to strike a balance—seizing opportunities where controls overlap and multiple frameworks can be achieved without duplicating work, while also focusing on scalability and maintaining compliance with the frameworks you already have in place. Quentin echoed that sentiment and reminded leaders not to underestimate the effort needed to maintain a certification: “It sends a good signal when you acquire a new one. It sends a very bad signal when you lose one.”

How modern CISOs adapt to a changing landscape

A panel of CISOs also shared insights from the front line. David Bradbury, CISO at Okta, Niek Nigg, Chief Security Risk Officer at Klarna, and Vanta’s own Jadee Hanson discussed how the role of a modern CISO has evolved into one that’s part technologist, part strategist, and part trust-builder. 

Panelists talked about the challenges of creating a security-minded culture across all departments within an organization and the need to assess the DNA of any organization to figure out the best approach. At Klarna, for example, Niek talked about how the organization is first and foremost an engineering company, made up of 1,800 engineers. The goal is to let engineers do what they do best and not force them into compliance work. For the security team, it’s essential to make compliance an effortless part of the engineering journey—so it doesn’t interfere with engineering work and supports continuous compliance efforts. 

Once more, AI was top of mind. David shared how his team at Okta is trialling LLMs to detect malware in marketplace integrations—externally developed code submitted by third parties—with early results proving promising.  He also talked about the potential benefits of AI in third-party risk management. He discussed the “paper trail of trust” that vendors leave behind—with documents that exist in the public domain and are privately shared. Together, these documents help define the trust level we associate with each vendor. David sees an opportunity for AI to optimize this process: “As I’m relying more and more on humans to interpret these documents, I see a strong linkage between the ability for natural language processing to consume these documents at scale and identify where we’re seeing hot spots, so we can then double-click into those.” 

The panel closed with some advice for fellow CISOs. Jadee advised listeners to stay curious and embrace AI, while Niek shared a poignant reminder to start small. Demonstrate value in small ways, then evolve your program from there—chase progress, not perfection in GRC.

Hear from more industry leaders at our next VantaCon event

VantaCon is coming back to San Francisco later this year (more details coming soon). Join us to connect with industry leaders, discuss the latest trends in security, compliance, and AI, and learn how Vanta helps companies build trust in the age of AI. 

Keep an eye on our website for details about the location and event date.

Access Review Stage Content / Functionality
Across all stages
  • Easily create and save a new access review at a point in time
  • View detailed audit evidence of historical access reviews
Setup access review procedures
  • Define a global access review procedure that stakeholders can follow, ensuring consistency and mitigation of human error in reviews
  • Set your access review frequency (monthly, quarterly, etc.) and working period/deadlines
Consolidate account access data from systems
  • Integrate systems using dozens of pre-built integrations, or “connectors”. System account and HRIS data is pulled into Vanta.
  • Upcoming integrations include Zoom and Intercom (account access), and Personio (HRIS)
  • Upload access files from non-integrated systems
  • View and select systems in-scope for the review
Review, approve, and deny user access
  • Select the appropriate systems reviewer and due date
  • Get automatic notifications and reminders to systems reviewer of deadlines
  • Automatic flagging of “risky” employee accounts that have been terminated or switched departments
  • Intuitive interface to see all accounts with access, account accept/deny buttons, and notes section
  • Track progress of individual systems access reviews and see accounts that need to be removed or have access modified
  • Bulk sort, filter, and alter accounts based on account roles and employee title
Assign remediation tasks to system owners
  • Built-in remediation workflow for reviewers to request access changes and for admin to view and manage requests
  • Optional task tracker integration to create tickets for any access changes and provide visibility to the status of tickets and remediation
Verify changes to access
  • Focused view of accounts flagged for access changes for easy tracking and management
  • Automated evidence of remediation completion displayed for integrated systems
  • Manual evidence of remediation can be uploaded for non-integrated systems
Report and re-evaluate results
  • Auditor can log into Vanta to see history of all completed access reviews
  • Internals can see status of reviews in progress and also historical review detail
Logo of incident.io
Incident.io
Logo of Lumos
Lumos
Icepanel logo on a white background.
IcePanel
Epsilon Logo
Epsilon3
The logo for supabase.
Supabase
EasyLLama Logo
EasyLlama
Qualifi Logo
Qualifi
Logo of toku
Toku
FEATURED VANTA RESOURCE

The ultimate guide to scaling your compliance program

Learn how to scale, manage, and optimize alongside your business goals.

DOWNLOAD FOR FREE
GRC
AI and Trust: Navigating Maturity, Influence, and Risk
Compliance
Secure from the Start: How Founders Build Compliance Into Early-Stage Growth
Compliance
Building Trust in the AI Boom: Security, Capital, and Credibility from Day One
Compliance
Live Demo: Accelerate security and compliance workflows with AI
GRC
AI and Trust: Navigating Maturity, Influence, and Risk
Compliance
Secure from the Start: How Founders Build Compliance Into Early-Stage Growth
Compliance
Building Trust in the AI Boom: Security, Capital, and Credibility from Day One
Compliance
Live Demo: Accelerate security and compliance workflows with AI

Table of contents

No titles!

Share this article

Share this article

Related Resources

Meet the Vanta MCP Server
Engineering
Blog

Built for the agentic era: Meet the Vanta MCP Server

We’re excited to announce that the Vanta MCP Server in now available via public preview—the first step towards bringing trust management into the emerging Model Context Protocol (MCP) ecosystem.

Product updates
Blog

What’s New in Vanta

Jamf, MongoDB Atlas, Azure container scanning and more

How MSPs unlock growth with Vanta’s Service Partner Program
Company news
Blog

How MSPs unlock growth with Vanta’s Service Partner Program

Vanta’s Service Partner Program provides MSPs with essential tools to expand service offerings, accelerate growth, streamline operations, and stand out in a competitive market.

Company news
Blog

Introducing proactive, AI-powered risk management that breaks the cycle of reactive risk

Unify risk management with Vanta’s AI-powered Trust Management Platform—automate workflows, monitor vendors in real time, and act on risks before they impact your business.

Related Resources

Company news
Blog
Introducing proactive, AI-powered risk management that breaks the cycle of reactive risk

Unify risk management with Vanta’s AI-powered Trust Management Platform—automate workflows, monitor vendors in real time, and act on risks before they impact your business.

Company news
Events
VantaCon 2025

Join us in person in San Francisco on November 19.

Company news
Blog
Lessons learned from Vanta’s FedRAMP® 20x pilot program

A behind-the-scenes look at how Vanta navigated the FedRAMP 20x pilot.

Company news
Blog
Helping businesses earn and prove trust: Announcing Vanta’s $150 million Series D

Vanta’s mission is to help businesses earn and prove trust. Today we’re excited to announce we’ve raised a $150M Series D to continue building the future of trust.

Company news
Blog
Supercharging Vendor Risk Management: Vanta acquires Riskey

We're excited to announce that Vanta has acquired Riskey to improve security reviews from point-in-time snapshots to continuous, AI-powered assessments.

Vanta has been named as a Leader in the IDC MarketScape: Worldwide Governance, Risk, and Compliance Software 2025 Vendor Assessment.
Company news
Blog
Vanta is a Leader in the IDC MarketScape: Worldwide Governance, Risk, and Compliance Software Vendor Assessment, 2025

The IDC MarketScape assesses the competitive landscape, analyzing qualitative and quantitative criteria to evaluate GRC vendors.

Company news
Blog
Introducing Vanta Trust Maturity Report: Benchmark your security maturity against 11,000+ programs

We’re excited to release our first-ever Vanta Trust Maturity Report to help you benchmark your security maturity.

Company news
Events
Founder to Founder: The Guide to Building a Breakout Startup in the AI Age

Watch our conversation with Christina Cacioppo (CEO and Co-founder of Vanta) and Mario Gabriele (CEO and Founder of The Generalist) on what it really takes to build a breakout startup, with sharp insights and strategies for staying ahead in a market that’s shifting faster than ever.

Vanta earns ISO 42001 certification
Company news
Blog
Vanta earns ISO 42001 certification to demonstrate trustworthy AI practices

We’re excited to announce that Vanta is one of the first companies to earn ISO 42001 certification.

Company news
Events
Zero to success: What we got wrong before we got it right

Join experienced founders as they share key lessons on overcoming early startup challenges and driving growth.

How MSPs unlock growth with Vanta’s Service Partner Program
Company news
Blog
How MSPs unlock growth with Vanta’s Service Partner Program

Vanta’s Service Partner Program provides MSPs with essential tools to expand service offerings, accelerate growth, streamline operations, and stand out in a competitive market.

Company news
Events
Fueling Success: How Founders Can Maintain Energy & Avoid Burnout

A powerful session on mastering energy management, staying resilient, and avoiding burnout while scaling your startup—watch now!

Get compliant and build trust—fast

Request a demo
G2 Badge 2025 - Best Software | Top 50 Governance, Risk, & Compliance ProductsG2 Badge 2025 - Best Software | Top 50 Security ProductsG2 Badge 2025 - Best Software | Top 100 Best Software Products