Meet the Team!
Meet Robbie! 👋
Robbie is a Software Engineer at Vanta. He’s been at Vanta for almost two and a half years.
Tell us about your role at Vanta.
I was Vanta’s first engineering hire. I started the same day as my brilliant colleague Kevin.
Every day is different. When I started, there were four of us. Now there are fifty-something. I still spend much of my day coding, but I’ve been spending more and more time writing specs, chatting with various stakeholders, and occasionally putting out fires (often lit by yours truly).
These days, I have colleagues who are design, product management, and user research experts. That's been really positive. I’m no longer a person who is designing (terribly ugly) things — Vanta has a great design team making our product beautiful and usable. I was traditionally the “always on-call infrastructure engineer.” Now that the team has grown, we have an infrastructure rotation. I typically work on the backend and tend to touch actual customer-facing things less — though I enjoy hopping into customer calls with our Sales and Customer Experience teams too.
What made you realize this was the right career field for you?
I always knew I wanted to be some sort of scientist, and I realized too late that computer scientist doesn’t really count. But more to the point, I always loved solving puzzles, and real science took too long. I once had to wait for a zebrafish to grow up. Solving fun problems with instant feedback — and knowing that your solutions are being used to do something valuable (in Vanta’s case, to ensure security) — is a rewarding job.
I’ve explored a bit of everything: a big company, a boutique consulting firm, my own company, and now a fast-growing, early-stage startup. I ultimately realized I wanted to go back to my roots: explore a problem and find a solution. Vanta has been the most exciting place to do that — it’s a small startup, I have a lot of ownership, and customers are buying something no one has built before.
Why did you choose Vanta over other companies?
When I shut down my company, I panicked a bit — I needed to find a real job! I knew I wanted to choose a tiny company or a massive one. At a small company, you own a lot of things, grow with the company, and have a say in where the company is going; the company lives or dies by your hands and you have a huge impact. At a large company, you have less of those things, but you have basically unlimited resources, scale, and support.
A lot of startups are building a solution in search of a problem. A venture capitalist might say that they haven’t yet demonstrated product-market fit, despite a cool product. When I joined Vanta, we had a problem but desperately needed a solution. From Day 1, we had customers knocking down our doors, but hadn’t built much of anything yet. I thought I might be able to have a hand in building something that could be integral to the backbone of internet security. So far, I think I’ve made the right call! The product is very much a solution for (many!) existing problems, not a solution in search of a problem. And it helps that Vanta was my favorite tiny company — I was impressed by the founders who were clearly hypercompetent without being too ego-driven.
What excites you about Vanta’s mission?
Computer security is a nebulous term. Does it mean making sure cryptosystems are invulnerable to an attack by EvilCorp’s supercomputer, or does it mean ensuring that RegularCorp didn’t accidentally leave a window unlocked? A lot of smart people have done a lot of amazing work in the first category. We’ll surely continue to find vulnerabilities in TLS, and somebody might eventually break RSA. But it doesn’t matter if the current version of TLS works if you’re accidentally using an old version, and it doesn’t matter how good encryption can be if you forget to encrypt! I think Vanta can serve as the first effective solution to that second type of computer security: we make sure that you don’t accidentally leave the door unlocked after buying a two-thousand-dollar lock. The systems people are building are so large and complex these days that even a security expert can’t reliably ensure that everything is kosher, and most programmers aren’t security experts.
I feel very aligned with Christina on the vision long-term. We are now focusing more on compliance, which is a great foot-in-the-door — but there is a ton of opportunity for us to continue growing toward broader security, too. We’re vigilant in making sure we’re mindful of what our customers are asking for while also building for what aligns with our long-term mission: securing the internet via continuous monitoring across as many systems as possible. This is broad, and we’re never going to catch everything, but every new integration and product improvement is another layer that helps ensure that our customers’ systems are secure. We’re building a product that allows you to organize all of your tools and that grants comfort in knowing that your security posture is as good as it could possibly be.
If you could travel anywhere in the world, where would it be?
I could spend weeks sampling the wares at the fish market in Tokyo. Still waiting on that Vanta Japan office, and crossing my fingers for the rescheduled Tokyo Olympics in 2021! That colleague Kevin who I mentioned happens to have a PhD in Japanese literature, so he’s sure to be a valuable travel buddy.
PCI Compliance Selection Guide
Determine Your PCI Compliance Level
If your organization processes, stores, or transmits cardholder data, you must comply with the Payment Card Industry Data Security Standard (PCI DSS), a global mandate created by major credit card companies. Compliance is mandatory for any business that accepts credit card payments.
When establishing strategies for implementing and maintaining PCI compliance, your organization needs to understand what constitutes a Merchant or Service Provider, and whether a Self Assessment Questionnaire (SAQ) or Report on Compliance (ROC) is most applicable to your business.
Answer a few short questions and we’ll help identify your compliance level.
Does your business offer services to customers who are interested in your level of PCI compliance?
Identify your PCI SAQ or ROC level
The PCI Security Standards Council has established the below criteria for Merchant and Service Provider validation. Use these descriptions to help determine the SAQ or ROC that best applies to your organization.
Good news! Vanta supports all of the following compliance levels:
A SAQ A is required for Merchants that do not require the physical presence of a credit card (like an eCommerce, mail, or telephone purchase). This means that the Merchant’s business has fully outsourced all cardholder data processing to PCI DSS compliant third party Service Providers, with no electronic storage, processing, or transmission of any cardholder data on the Merchant’s system or premises.
Get PCI DSS certified
A SAQ A-EP is similar to a SAQ A, but is a requirement for Merchants that don't receive cardholder data, but control how cardholder data is redirected to a PCI DSS validated third-party payment processor.
Learn more about eCommerce PCI
A SAQ D includes over 200 requirements and covers the entirety of PCI DSS compliance. If you are a Service Provider, a SAQ D is the only SAQ you’re eligible to complete.
Use our PCI checklist
A Report on Compliance (ROC) is an annual assessment that determines your organization’s ability to protect cardholder data. If you’re a Merchant that processes over six million transactions annually or a Service Provider that processes more than 300,000 transactions annually, your organization is responsible for both a ROC and an Attestation of Compliance (AOC).
Automate your ROC and AOC