👋 Howdy to the 882 new legends who joined this week! You are now part of a 139,884 strong tribe outperforming the competition together.

LATEST POSTS 📚

If you’re new, not yet a subscriber, or just plain missed it, here are some of our recent editions.

🤗 Systems For Success & Helping Founders Enjoy The Work. An interview with Jonathan Lowenhar, Managing Partner at Enjoy The Work.
✨ How Attio Creates Beautiful, Functional Design. A look at the new platform taking on the CRM game and winning.
🤯 How Companies Are Owning Emojis. How to transform your brand by claiming your own emoji.

PARTNERS 💫

AI-native CRM.

Attio is the CRM for the AI era. Connect your email, and Attio instantly builds your CRM with enriched, actionable data.

Then unleash the full power of the platform—from AI-powered automations to research agents, Attio can handle some of your most complex operational processes like finding key decision makers and triaging leads.

Join industry leaders like Flatfile, Replicate, Modal, and more. Start for free.

_{Interested in sponsoring these emails? See our partnership options here.}

HOUSEKEEPING 📨

Had some great comments on Thursday’s poll about capitalism vs distributism. Thanks to those who voted, but also the many people who took the time to reply with very thoughtful responses. If I were to summarise, the replies went from a polite ‘you are an idiot,’ to an impassioned ‘I am with you.’ I think the main thing is it brought something out of people. So thanks again.

If you are wondering what hiring through a partner like us looks like you’ll be able to see in the 2025 Salary Report we created recently. Hiring abroad is hard, but not impossible. You can absolutely do it yourself, and save a load of money. But if you are looking for a partner with boots on the ground we can help. Anyway, here is another cracking post for you today. Behind the scenes of the success that is Vanta. Enjoy!

ZERO TO ONE 🌱

How Vanta Went From 1 To 100

A couple of months back, we released a super popular post on the zero to one story of security giant, Vanta. That story focused heavily on the journey of their incredible founder, Christina Cacioppo. Today, we are back with a follow up to that piece, which we are creatively calling the 1 to 100.

If the original piece told the insane story of Vanta getting to Series A with $10M of near bootstrapped revenue—they weren’t bootstrapped, but they didn’t raise much and operated very much under the radar—then this next stage is how they took that momentum and leveraged into into further growth, having them now sitting well north of $100M in ARR.

We all know the story—not many startups actually make it through their first 12 months. Many less again ever make it to a Series A. It’s the very rarest of startup animals that make it as far as $100M. There is something going on here, and it’s my job as your own personal Dick Tracy to sleuth my way around the belly of the llama to find out what exactly that thing is.

To do that I enlisted the help of Vanta’s Chief Product Office, Jeremy Epling, Chief Revenue Office, Stevie Case, and again the wonderful and glorious super-founder that is Christina Capiocco. This ladies and gentlemen is the story of Vanta going from one to one hundred.

Where we left off

By way of a very quick TL;DR of for those who didn’t catch the original piece (or subsequent bonus interview content), Vanta, the Sequoia Capital and Y Combinator backed security and compliance platform, was the brainchild of Christina Capiocco. Raised in Ohio, Christina went on to major in economics, which she followed by securing a Master’s in Management Science and Engineering.

So that’s what she did. She founded Vanta while at Y Combinator, culminating in a seed round to get things off and running.

The incredible thing was, that she didn’t just get things ‘off and running,’ she led Vanta at a pace that could only be described as breakneck speed. It seemed to be one of those stories that was really a story of market pull. Vision, and execution, sure. Absolutely no doubt that she had those in spades, but she was also building something people wanted. And really from the ground up: category defining.

And unlike most companies she and Vanta were able to do it all while staying relatively under the radar. This, of course, was a strategic decision. The extent to which they were able to stay under the radar is quite stark. In May of 2021 they would announce their Series A, with a revenue run rate of over $10M dollars of ARR. To put that into perspective, that’s probably 5-10x the revenue that most companies would have going into their Series A. Following on from Vanta’s incredible A round is where our story really takes off.

Moving past the Series A

In order for any company to put on their real grownup pants, there needs to be a focus on moving upmarket. For the Vanta team, this was definitely the case. Coming into the market, and focusing on startups is grand. But as you scale, you also want to be doing business with the top end of town. Some companies will even go as far as to fire their startups customers.

To move upmarket though, you need to; 1) build for upmarket, and 2) learn how to sell to upmarket. If you can do these two things, while maintaining the whole foundational Venn diagram of strategy, culture and finance together you will do well.

This process involves taking into account not only what product thinks, and what growth thinks, but what product and growth think. See what I did there? It was subtle, maybe you missed it. What I am saying is it needs to be a collaborative internal ecosystem.

How product works

The first thing I noticed when speaking with Jeremy was how deeply he cared about his product. I asked what his day to day looked like as CPO, and he told me; “I believe that to build a great product,” which they are, “you need to be actively using it.” Jeremy dedicates time each and every day to playing around in the Vanta platform. What feels sticky? Is there anything that doesn’t flow? Could the copy and the visuals even be improved? No detail goes unnoticed.

Partners that are smack back in the centre of their ICP, that they are building the product to suit (we’ll dive more into this in our next section).

As far as areas in which Jeremy spends his days , the final is playing around with other tools on the market, particularly around AI. “This not only helps me keep our product competitive but also ensures it integrates well with the tools and technologies our engineers and customers are using.”

Jeremy’s reports

One of the things that fascinates me with every executive I interview—from companies at all stages—is the team structure and direct reports. Jeremy manages Iccha Sethi, who is VP of Engineering, Deb Kawamoto as Head of Design, and Jimmy Singer who oversees the Product Operations area.

This leader handles everything from our automated compliance solutions for smaller customers to our enterprise-level offerings.” The job titles for these folks are: VP of Product GRC and VP of Product for New Products.

Principles, metrics, goals

When we sat down, we didn’t discuss principles explicitly, but I reached out to Jeremy via email to see if I’d missed something. This is how he told me that he, his team, and Ilma the llama think about product principles.

As for goal setting, and what metrics are important, Vanta followed a pretty standard acronymic playbook for software, in particular SaaS, starting with the commercial goals all revolving around growth and retention. ARR, or Annual Recurring Revenue, NRR, aka, Net Revenue Retention, and last but not least GRR. You guessed it, Gross Revenue Retention. For any subscription company understanding NRR is key, especially your growth ceiling, and growth wall. Concepts not often spoken about.

The second, and less quantitative thing that is key to Vanta is what Jeremy calls ‘product love.’

”We monitor the effectiveness of our remediation processes—how well our product identifies issues, explains them to users, and facilitates quick resolutions, ideally through automated one-click fixes. This involves leveraging AI to generate code that users can directly implement to resolve detected issues.”

”Overall, our goal is to ensure that the product not only meets commercial targets, but also resonates well with users,” he would say, “Making their daily tasks more efficient and enjoyable.”

Build, partner, buy

A friend of mine, Tyson, used to be pretty high up at Xero in strategic partnerships—now at Tracksuit who collab’d on a great piece with us recently—and he introduced me to a way of thinking about product I’d not heard before. And that was thinking about decisions in a build, partner, buy framework. It seems obvious, but I think it’s something founders and product teams often overlook.

A great example of this is what is commonly referred to as ‘Shiny Object Syndrome,’ in other words, trying to build everything for everyone all at once. This can lead to poor allocation of resources at best, and a Frankenstein’s monster of a product at worst.

While Vanta aren't the most acquisitive company (yet), only having the two additions; Trustpage in 2022, and ThreatKey in 2024, they do think in a similar framework and the decision to build internally versus acquiring hinges on several considerations.

”Overall, our strategy is to ensure that any acquisition or partnership aligns with our long-term goals and adds tangible value to our platform, enhancing our end-to-end trust management capabilities while maintaining a cohesive and integrated user experience,” Jeremy would say.

Staying ahead

One final thing that’s also worth discussing is just how Vanta stays ahead of competition. How do they win? First things first, they have a rabid dedication to make sure the core product remains best in class, or more specifically, “It’s essential to never lose sight of the foundation upon which our business is built.” Vanta started with SOC 2 and ISO certifications, but has expanded rapidly from there. It’s a great strategy for improving the platform, solving more problems, and making more money, but it can be easy to forget what makes the beer taste better. As Jeremy put it, “I've seen other products lose their way, and we strive to maintain a clear focus.”

Another element that most companies don’t need to think so deeply about is how to stay ahead of what’s coming regulatorially (this is not a word apparently, but I am making it one). To stay ahead of the industry and government, they have a dedicated head of government affairs, and customer advisory boards filled with high-level security officers and other key stakeholders who provide insights into industry trends and challenges they’re seeing.

And finally, the product org is structured around different time horizons. Horizon 1, is this year’s growth, and hitting company targets set for the month, quarter or year. Horizon 2 is more on the emerging opportunities side. What can they look to build / add in the coming few years. And the third horizon is more the exploratory moonshots. The big problems that are really worth solving and could be a very meaningful arm of the business.

Wait, but what even is a design partner?

Something that I found really interesting in my conversation with Jeremy, was how they work with design partners. Something that a lot of companies do while building product for their ICP. Instead of breaking this down in my own words, I am going to take part of the transcript from our discussion for you to read in full here.

Bill: “What does the design partnership look like for you today when you're working with those partners?” 

Jeremy: “Our approach to design partnerships typically involves multi-year commitments, especially with larger enterprise customers. This long-term commitment is crucial because it often takes time for the partnership to fully develop and for the product adoption to mature. I prefer not to rush into renewal discussions only a few months in.”

”We usually meet with our design partners monthly or even more frequently if needed. These meetings are a collaborative effort to refine and evolve our product offerings in areas like governance, risk, compliance, and cloud security. During these sessions, I encourage partners to demonstrate how they currently use our tools and discuss any gaps they find. This isn't just about fixing immediate problems; it's about envisioning a transformative experience that redefines how they think about these areas.

The real advantage for our partners is their significant influence on our product roadmap. While we may not implement every request, we prioritize their needs highly and may accelerate certain features that benefit them directly, even if they aren't immediately necessary for other customers. This proactive approach ensures they receive the enhancements they need sooner rather than later.

Having previously focused on developer tools and security, compliance is a relatively new area for me. Spending time with these customers, understanding their daily operations, and seeing the decisions they face helps me grasp how we can improve our products to better align with their security programs. This deep dive into their everyday challenges enriches our partnership and guides our product development direction.”

Bill: “How many design partners do you have at time, and what does the commercial relationship look like?”

Jeremy: “Right now, we have about four or five deep design partnerships where we're engaging frequently. Beyond these, we have top customers we meet with often, though I wouldn't classify them strictly as design partners. When selecting a design partner, it's crucial for us that they provide valuable feedback and engage actively, even with products that are still in development. This engagement goes beyond just having influence over our roadmap; it's about a reciprocal relationship where both sides contribute meaningfully. Commercially, design partnerships are not just standard transactions. We maintain a closer relationship with these top customers, allowing them significant influence over our product roadmap and frequent interactions.

Typically, these partnerships involve long-term commitments, especially for products that are not immediate launches but are planned for future development. We offer favorable terms, like better pricing, recognizing the collaborative effort over several years. It's important to set these expectations from the beginning to ensure all parties are aligned and enthusiastic about the partnership.”

And how growth works

Firstly, let me start by saying Stevie’s title could just as easily be Chief Inspection Officer, as she has built a organisation-wide inspection and debugging cadence that runs weekly. She operates as Lead Hawkeye, the Overseer & Chief of every part of the GTM funnel. And I actually think she loves it. “Each week I run a forecast that combines reviewing trends, KPIs, how we work, opportunities, what's working, what isn't, and a big deal review.” This work is across all of their customer segments.

On a serious note though, this operational cadence is important to Stevie, and how Vanta runs their go-to-market teams.

Goal setting

“Setting revenue goals in our organization is a multifaceted process,” according to Stevie, “We start from the top down, beginning with our three-to-five-year vision for the company, considering what top-line growth and secondary metrics we need to hit to achieve this vision.”

”Based on our long-term goals, we set a top-line revenue target for the year, reflecting the growth rate we want to achieve.” Once these important, overarching goals take shape, Stevie and the Vanta team build out what their secondary goals might look like, net retention for example is big for them.

Following this, comes the white-boarding stage. And how to bridge the gap from where Vanta is today to where they aim to be tomorrow. “We assess which segments we sell into and where we see outsized opportunities.” She goes on; “If we were to double down on certain segments and grow our teams there, what that would look like and how it could help us close the gap to our top-line goal.”

And lastly, in the goal setting process is collaborating with product (remember that Jeremy guy?), to align on vision and roadmap. This is a really collaborative effort between product and growth. Everything has an opportunity cost, and it’s Jeremy and Stevie that decide on how and where a lot of Vanta’s personnel—and more importantly cerebral horsepower—are allocated.

Stevie’s team

Next is Mark Lail, who leads revenue operations. Elliot runs North America sales, and global partnerships, or “essentially half my world” as Stevie puts it. Alongside Elliot is Kelly Bray, who is VP of Customer Success & Account Management. This is everything you’d imagine it would be from post-sales: adoption, onboarding, and overall customer health. Account management also works as “a sales function where we sell new products to our existing customer base.” Stevie also has a head of sales in EMEA, and a general manager in APAC as well.

Additionally, Eric Martin, Vanta’s original head of sales, now runs what they call "specialty sales." “He takes on new initiatives or new teams to stand up, helping to build those businesses for me. He’s like my zero to one guy,” Stevie says about Eric, her all-rounder.

The market

Vanta in the early days, was always a startup-focused platform. Very typical of course. We can’t all come out the gate signing deals with the Waystar Royco’s of the world. This is actually, according to Stevie, Vanta’s biggest bet today. A double down on moving upmarket.

“We are investing heavily ahead of the opportunity. It involves everything from accelerating our roadmap, to hiring enterprise sellers experienced in this area, to doubling down on account executives who have enterprise sales experience, and building out a solutions engineering team.”

”We are also bringing on GRC (Governance, Risk, and Compliance) subject matter experts to fully staff this initiative.” Vanta today has different segments, with different sales cycles, and much different levels of attention required to close the deal.

“This bet is about expanding our reach into larger, more complex organizations, where the sales cycles are longer and the deals are bigger, requiring a more nuanced approach to how we sell and integrate our platform.” Something interesting I found when talking to Stevie was the care and detail she showed when talking about the career of her sellers.

Like a lot of great companies, Vanta has three structured sales teams with countless levels you can be promoted into. From SDR, to startup, to mid-market, to enterprise.

This is kinda table stakes right? You’re probably getting bored right now thinking ‘well … duh.’ Well, yes, you’re right, it is table stakes, but after speaking to Stevie, I could just tell she really cares about her team, and takes seriously the fact that she is really the one who can help build out a great career for them. As someone who over-indexes on culture at my company, I can just tell when someone really cares.

And lastly, experimentation

One thing I love to understand is how companies think about experimentation. What percentage of resources go to new channels, compared to what’s already working well. With Vanta, for tests that align with their short term revenue horizon goals they invest and experiment aggressively.

“Our current push into the enterprise segment, [where] we've allocated significant resources,” says Stevie. “This includes hiring specialized staff such as enterprise sellers, solutions engineers, and GRC experts, and accelerating relevant parts of our product roadmap.”

For longer-term bets—new market segments or innovative product lines—the approach is different. Vanta applies a more balanced approach.

Or better put: “Their success isn't measured by immediate revenue generation, but by strategic achievements that lay the groundwork for future growth.” This strategy means Vanta can dump resources on experiments closer to the bullseye, while playing around a little more with the ideas on the edges.

Key lessons to apply

So, your brain must be working on overdrive here. I know mine is. Just in order to lighten the mental burden for you, I am happy to distill some of the key lessons that can be found in Vanta’s growth. As I see it anyway.

• Design partnerships are strategic, not transactional: Build multi-year relationships with active users who push product limits.

• Segment strategically as you scale: Structure distinct sales motions for startups, growth-stage, and enterprise customers.

• Rigorous inspection drives growth: Implement weekly forecasting, KPI reviews, and debugging systems across all segments.

• Build career pathways within segments: Create clear promotion paths for salespeople to advance through customer tiers.

• Balance product innovation with core excellence: Never neglect your foundation while expanding into new areas.

• Structure product teams around time horizons: Organise for immediate growth, emerging opportunities, and exploratory moonshots.

• Experiment aggressively on near-term opportunities: Invest heavily in aligned experiments while taking measured risks on long-term bets.

Future

And with those takeaways in the books, we come to the close of our piece today of Vanta's journey from 1 to 100. A technological tale of a company that has deftly navigated the challenging transition from startup darling to all out enterprise-ready uber-platform.

The next chapter in Vanta's story will likely be defined by how effectively they can maintain their product velocity while addressing the increasingly sophisticated needs of their largest enterprise customers. I am not sure how fast a llama moves in real life, but what I know is that I expect this llama to keep moving at breakneck speed.

Fun facts

• The original meaning of compliance is ‘the act of yielding’: Ironic, since it’s now about resisting bad actors.

• In ancient Incan culture, llamas were considered sacred: Often buried with their owners for protection in the afterlife.

  

• Cybersecurity has its own Oscars: Called the SC Awards, with categories like “Best Threat Intelligence Solution.”

• The word ‘compliance’ appears over 10,000 times in SEC filings each quarter: Yet most startups still leave it until the last minute.

• The cybersecurity market is expected to hit $424 billion by 2030: That’s nearly double what it was in 2021.

Extra reading / learning

• Building a More Trustworthy Internet - June, 2022

• 55% of companies say security risks are at a high—and AI has a lot to do with it, according to new data from Vanta - October, 2024

• Solving start-up puzzles, with Vanta CEO Christina Cacioppo - March, 2025

• Cybersecured: Vanta’s Zero To One - March, 2025

And that’s it! You can keep up with Christina, Jeremy, and Stevie, on LinkedIn or check out Vanta on their website.

BRAIN FOOD 🧠 

TWEETS OF THE WEEK 🐣 

TOOLS WE USE 🛠️

Every week we highlight tools we actually use inside of our business and give them an honest review. Today we are highlighting Paddle—a merchant of record, managing payments, tax and compliance needs—we use their ProfitWell tool.

See the full set of tools we use inside of Athyna & Open Source CEO here.

HOW I CAN HELP 🥳

P.S. Want to work together?

1. Hiring global talent: If you are hiring tech, business or ops talent and want to do it for up to 80% off check out my startup Athyna. 🌏

2. Want to see my tech stack: See our suite of tools & resources for both this newsletter and Athyna you check them out here. 🧰 

3. Reach an audience of tech leaders: Advertise with us if you want to get in front of founders, investor and leaders in tech. 👀