The Vanta product is
security in a box for technology companies, a suite of interconnected tools that currently runs the security of companies as small as 2 employees and as large as 350, including many that you've heard of. As a team, we spend a lot of time talking to our users, understanding their workflows, and building tools that help them run their business.
An example of a recent project was to add a feature to our laptop and server agents (written in Go) to hash public SSH keys on laptops and servers, and use that information to determine which employees had access to which machines. That data then needed to be gathered, displayed, and organized for our users on our NodeJS/React/GraphQL website — not in a giant, unwieldy table, but in a holistic tool that was built with an understanding of what actual tasks our customers were trying to accomplish with that information.
Our tools can take a company with no security infrastructure and bring it all the way up to the level of SOC2 or PCI compliance, which means that our users can buy Vanta to unblock sales in their pipeline stuck in security review.
Our customers love us: we were one of the fastest growing companies in our YCombinator batch, we have zero voluntary churn, and our NPS numbers are off the chart.
We make something that people want: we finished YCombinator with one of the fastest growth rates in our batch and are profitable at 17 employees. The average NPS score for a B2B product is 29, 50 is a solid indicator of customer love, and 60 is extremely rare — our most recent NPS score was a 67!
Customers love what we've built: we've added over 130 paying teams in a year, all with five-figure deal sizes, and we didn't have a single salesperson until 6 months ago.
Strong founders who have built teams together: Christina and Erik, Vanta’s cofounders, met at Stanford twelve years ago; since then, they’ve worked at places like Apple, Facebook, and Dropbox, and have both started and successfully sold companies. Before leaving to found Vanta, they built and launched Dropbox Paper, growing the team from 3 to 80.
Despite being small, Vanta has a strong culture of ownership, customer focus, and diversity. You can read more about us at https://www.keyvalues.com/vanta
We work on interesting technical problems with a strong mission. We strongly believe that the only way to truly increase security is to increase transparency and tackle deep-rooted incentive problems. We're proud to create a product that does exactly that, and we think we can have a real impact on the internet if we're successful.
Vanta is still a one-pizza engineering team, which means that ownership is high and communication is critical. We have worked with fast-growing teams before, so we know when to introduce lightweight process and when to keep things ad-hoc.
Our engineering team is flat, with all engineers reporting directly to our CTO. We are radically transparent, with every customer correspondence and every project accessible to every employee.
We encourage everyone on the engineering team to work on projects outside of their primary role based on what inspires them: for some, that may be design work, for others, talking to customers or building tools to make engineering more productive. We rotate one engineer weekly to pair with our support lead to talk to customers, project manage issues, and help build process and tooling to make the product even more reliable as we grow. Engineers also shadow sales calls, work with our ops team, and are critical partners as we work on the product.
We strongly value developer tools, and have a powerful set of productivity boosts ranging from custom tslint rules to strong unit testing to powerful tools that generate typed API interfaces for our microservices to prevent large classes of bugs. Investing upfront time to build automated systems pays off in the long run, and while we move quickly, we move with confidence knowing that there are solid automated guardrails that we've built for ourselves.
We value a user-oriented mindset – we’re constantly asking ourselves who will use what we build, and why they’d take time from an otherwise-busy work day to do so. We spend a lot of time talking to customers so that we can make product decisions quickly.
Finally: these are the early days. We’re still iterating through practices, and some of what works today won’t work in a few months. Come help us figure all this out, and shape these norms for future Vanta engineers.
We aim to provide security for internet businesses, so our code needs to be secure, correct, and reliable.
We want to be the de facto security team for every internet business.
We use open-source tools in our own software suite; for example, our endpoint (employee laptop) and host (server) monitoring is powered by osquery. We then built and run our own osquery server, which ingests data from tens of thousands of laptops/servers.
Many of our customers lack proper SSH authentication, choosing to create a single SSH key and distribute it to every developer machine. This has some problems: an employee leaves but retains a copy of their key, a developer machine is hacked and key copied, and an the company’s inability to identify which employee ran which commands on a given server.
One solution to this problem is Google’s BeyondCorp (https://cloud.google.com/beyondcorp/).
How might you implement “BeyondCorp as a service”?
Some considerations: - single points of failure, such that a hack of any specific system could compromise security for one of our customers - ability to patch software, for example if a service runs on-prem - what data needs to be stored, and where?
Vanta monitors our customers' infrastructure using several tools that send us streaming data, but today we process that data in batches via regular snapshots. Eventually, we'd like to move to a streaming system that responds in real-time to changes and can execute complex queries on our data pipelines.
We won't want to roll this out as a large, monolithic change — instead, we need to design the ideal system and build pieces of it in priority order as we grow.
Some considerations: - given Vanta's usage patterns and product, what sort of storage should we build? - how do we take that storage system and break it into concrete, shippable milestones? - what foundational abstractions should we built to make our common use-cases as easy as possible? - which parts of this project are high priority (and why), and which can we leave, knowing that we're on the path to building them when necessary?
There's lots of front-end surface area at Vanta — Vanta's founders came from companies like Dropbox, Apple, and Facebook, where design was a holistic process focused on understanding users and their workflows before placing any pixels.
An example of a frontend project we'll work through is a risk analysis tool. Security, at its core, is about measuring and managing risk, and we don't like any the tools on the market today. This project would involve user research with security consultants, heads of security, engineers, CTOs, and customers, and then we would design, prototype, and implement a new risk management product.
Today, Vanta distributes an application built around osquery (https://osquery.io) to monitor both servers and corporate laptops, which is helpful but still leaves our customers responsible for fixing misconfigurations. The number one support ticket we get for this product is,
most of our laptops are unencrypted — how should we go about fixing them?
We’d like to build a robust laptop management framework for our customers, which they can use without thinking too hard.
There’s interesting open source work to leverage – MicroMDM (https://github.com/micromdm/micromdm), Disney’s Munki (https://github.com/munki/munki), and Google’s Santa (https://github.com/google/santa) are a few examples.
And then there’s product engineering as well: what’s the best way to knit these tools into an experience that allows our users to secure company devices in an easy, hassle-free way? How do small companies (<200 employees, sometimes <10) want to manage their computers? How do we build a friendly experience that respects, and not annoys, our customers?
Here's a great writeup of our culture: https://www.keyvalues.com/vanta
User empathy: we derive our product confidence from having a very close connection to our users. We can make strong product decisions quickly because we can talk through how each archetype of customer would react, and we believe that's why our NPS score is so high.
End-to-end ownership: while we have enough work for engineers who want to code and be left alone, we prefer folks interested in working outside of their role. Whether that's culture, recruiting, engineering tools, fundraising, product, or anything else, everyone has access to every part of the business, and we encourage engineers to help out on their passion projects.
Diversity: we believe that strong teams are formed by different perspectives coming together, and we are committed to building a diverse team from the start.
We’re so small that we Vanta don’t have a vacation or time off policy. We want our coworkers to feel motivated and rested, so please do take time off!
We love our office in the Mechanics Institute (https://www.milibrary.org/), outside the Montgomery BART stop, in San Francisco. The Institute was founded in 1854 to equip mechanics – out-of-work gold miners, really – with the skills needed to earn livings.
The fourth floor of Mechanics holds the nation’s oldest, continually-operating chess room (https://chessclub.org/index.php), and we're always up for chess games.
We have zero preference on an engineer’s hours, so long as:
- we’re all able to feel like we work productively together
- the engineer commits to tasks each week
- those tasks are completed in a reasonable fashion
100% of insurance costs for the employee on the Anthem Silver PPO 2000 plan; 75% of insurance cost for the employee on the Anthem Gold PPO 0 plan. Anthem Platinum HMO 0 and Anthem Platinum PPO 0 plans are also available. If a plan other than Anthem Silver is selected, the employee pays the difference in premium.
We also offer dental and vision insurance.
We think about working from home similar to the way we think about flexible hours; if we’re all able to: - feel productive working together - understand what we’re building, why, and for whom - commit and complete tasks within reasonable time periods team members can work outside the office when it better suits.
Vanta will reimburse up to $180/month in transportation costs.
Regular social events on Tuesday nights (boardgames, wine and cheese) and, of course, The Fun Committee (the name is intentionally ironic, I promise!) which is a group of folks around who meet regularly to think about social life at Vanta.
Group activities, group lunches, etc. are all great opportunities to meet folks on the team, but they can bias towards extroverts and not do enough to also build strong 1:1 relationships. To help, we do
lunch roulette where we pick pairs of names from a bowl every Monday. Vanta pays for those folks to get out of the office and have lunch together, which helps establish closer ties between teammates.
Interested in this company?
Skip straight to final-round interviews by applying through Triplebyte.