Hi everyone - Sorry for going MIA last week. I am currently transitioning from GTM Strategy to Product Management for Machine Learning Data Models at Hyperscience. I am very excited about the new role as it will give me hands-on product development experience while I continue to build out Startupon and another super secret project.
My transition to PM has got me thinking: Do non-technical people looking to break into tech/startups even know the types of roles available? There might be a post in the works 🧐
As always, you can find the abbreviated list of companies we’ve already talked about here. Below are links to the previous posts
Software Spotlight: Vanta
Company Snapshot:
Founded: 2017
Employees: 200
Funding: $53M
Valuation: $500M
Stage: Series A
Locations: San Francisco, CA
Company Overview
Vanta is an automated security monitoring platform that helps companies get SOC 2, HIPAA, or ISO 27001 certified quickly.
Tell Me More
Vanta’s security and monitoring platform automatically shows the gaps customers need to address to pass various compliance audits. The company accelerates the audit process for customers through automated onboarding and continuous monitoring for all vital compliance requirements.
Vanta’s continuous monitoring platform is similar to other enterprise software businesses like Datadog and PagerDuty, but for a different end-market. Vanta is solving what has until now, been an annual or semi-annual audit scramble for many companies. While auditors still need to go review a customer’s books, they can do so with Vanta’s automated reporting, which keeps businesses honest about its security and compliance data year-round, resulting in fewer surprises and last minute audit scrambles.
Market Opportunity
Typically, companies request SOC 2 reports and other compliance regulations when they want to hire a company as a vendor. Customers ask for SOC 2 because they want to confirm the vendor’s security compliance to feel safe working with the vendor. Sometimes customer’s request the report for their own peace of mind. Other times vendors provide it to show they’re “enterprise-grade”. Sometimes there are compliance or regulatory standards they have to comply with. Regardless of the reason, SOC 2 and other compliance reports are integral to selling software and hosting user data.
Gartner says more than half of enterprise IT spending in key market segments will shift to the cloud by 2025. SOC 2 and other compliance reports are vital to selling SaaS and hosting data. In 2022, more than $1.3 trillion in enterprise IT spending is at stake from the shift to cloud, growing to almost $1.8 trillion in 2025. Looking deeper, Vanta services an important aspect of the cloud market by helping customers become enterprise-ready.
Why I like the company
After going through Y Combinator, the company stayed out of the spotlight and focused on creating a great business. According to Forbes, the company reached 600 customers without a proper website; today, it says it’s helped 1,000 with their SOC 2 compliance audits, passing $10 million in annual recurring revenue while with only 65 employees. In essence, the company is growing like a weed. Similarly, tangential companies with continuous monitoring functionality like Datadog and Splunk have fared well in the public markets, reaching market caps of $50B and $18B, respectively.
Similarly, the security and compliance market is an underserved and unsexy market. Not including the costs (in budget or time) involved in becoming SOC 2 compliant, the cost of an official CPA audit can range from $10,000 to upwards of $50,000+ depending on the complexity of the audit. Vanta’s product has the opportunity to capture chunky, recurring revenue at scale thanks to somewhat tedious and complicated compliance checks.
The most exciting part about Vanta is that it’s a horizontal platform and is not beholden to just one industry or audit procedure. As the company matures, they will identify new use cases and expand their offering to work with multiple business units, customer types, and verticals. Instead of focusing on just SOC 2, the company will be able to service use cases across a variety of industries, thereby meaningfully expanding their TAM.