Christina Cacioppo, 36, is the CEO and cofounder of security and compliance company Vanta.Courtesy Christina Cacioppo
The Stanford graduate built a fast-growing software company to automate what had previously been a manual process. She’s now one of America’s richest self-made women.
About five years ago, Vanta CEO and cofounder Christina Cacioppo received a message from one of the customers of her nascent security and compliance automation company that something was wrong. The automated email the customer received each morning detailing what had happened in their Vanta account in the past 24 hours had the wrong company name in it. Cacioppo responded: “There’s a bug, we’re so sorry. We’ll fix it.”
What the customer didn’t realize was that the “automated” email was actually one that Cacioppo had sent early that morning. Cacioppo, who had founded Vanta just months earlier, set her alarm each day for 5:45 a.m. and crafted the emails by hand. She did this to make sure customers liked the emails before spending time writing code that would automate them. Once she knew what customers wanted, she and Vanta’s founding team sat down and wrote the code—and didn’t need to change it for a year and a half.
It’s just one example of the Ohio native’s scrappy approach—which also included everything from buying coffee in bulk from Costco to running Vanta without formal executive or staff meetings for its first two years. That hustle has helped her company land an estimated 5,000 customers including Quora, Autodesk and payments software firm Modern Treasury, with 600 new customers signing up each quarter, according to Vanta. Cacioppo has also helped score $203 million in funding to date from such venture capital firms as Craft Ventures and Sequoia, including $110 million raised in June 2022 that values the company at $1.6 billion. That’s enough to earn Cacioppo, 36, a spot on Forbes’ list of America’s Richest Self-Made Women with a $385 million fortune based on her stake in Vanta.
“Prior to Vanta, the way security and compliance was done was entirely with spreadsheets and screenshots of information that were collected in folders and shown to [certified public accountants],” Cacioppo says. “What we built was a way to do almost all of that work, and do it automated.” Cacioppo cofounded Vanta with Erik Goldman, a software engineer and product designer who is no longer involved in the company.
Vanta’s software automates businesses’ security compliance processes, saving companies time and money. The “security” piece means helping companies meet certain standards for managing and storing customer data; “compliance” is the process of getting certified for doing so. Historically, the process was a highly manual annual or bi-annual scramble. Vanta automates that process via continuous monitoring and real-time reports called “trust reports.” Then auditors, including a network of Vanta-vetted professionals, can go through the data and, hopefully, certify the company as compliant with an array of standards—such as SOC 2, ISO 27001, HIPAA, GDPR, USDP and others—more quickly.
Currently, Vanta is sitting on enough cash to operate for another three and a half years, Cacioppo says, with most of its $110 million June 2022 funding round still in the bank. Vanta is “definitely on the IPO trajectory,” says Sequoia partner Andrew Reed, who led Vanta’s earlier fundraising round in 2021 and invested again last June. Cacioppo emphasizes that going public isn’t an end goal but rather a stepping stone.
Additionally, Vanta has at least doubled its annual recurring revenue every year since its founding to an estimated $80 million. A subscription business, Vanta charges customers upfront for a year of service. Like many startups, Vanta isn’t profitable, although it was from approximately 2019 to 2021, Cacioppo says.
To get to profitability and a potential public offering, Vanta will need to navigate a growing competitive landscape. Five years ago, the company’s main competitors were individual security consultants. Cacioppo says Vanta was a pioneer in its field of automated security and compliance software, but not anymore: Now, Vanta maintains a list of competitors with some 40 companies on it. Whenever an employee adds another to the list, Cacioppo gives them a stuffed llama—Vanta’s mascot.
Some of its competitors include Drata and Secureframe. Drata, for one, has grown faster than Vanta in terms of valuation, at least: It was founded in 2020 and reached a $2 billion valuation in December 2022.
Vanta’s plan to differentiate itself includes expanding the list of companies its software can work with. Similarly, last year it launched an initiative with a goal to increase the number of compliance standards it supports. The San Francisco-based company is also expanding into Europe: It opened its first European office in Ireland in late 2022, where Reed says Vanta might be even more useful due to Europe’s complex regulatory systems. Additionally, Vanta is keeping its focus on hiring engineers who like talking to customers as well—for the fast feedback loops like those in Cacioppo’s “automated” emails.
“The space is well funded and has a lot of competition, which, from one vantage point, is a good thing,” says Brandon Greer, who leads HubSpot Ventures and invested in Vanta last year. Vanta’s position as a pioneer in the space gives it a leg up, and there’s an “almost limitless total addressable market,” he says.
Sequoia’s Reed says Vanta sits in the top 1% of his investment portfolio in five metrics, including measures of revenue and customer growth.
acioppo didn’t always realize she wanted to be a startup founder, even though she knew she liked building things from age 11, when she ran a solo eBay Beanie Baby business. The daughter of two university professors of psychology, she jokes that she didn’t know that adults could be anything besides professors until age 22.
At that point, she was finishing her undergraduate degree in economics at Stanford. She would go on to earn a master’s degree in management science and engineering, also from Stanford. After that, she moved into venture capital, working as an analyst for Union Square Ventures from 2010 to 2012 working on early-stage investments—a job she took because “it’s kind of like academia because you get to run around, find people and ask them questions all day.”
Then she decided that she wanted to build things instead. When she first struck out on her own as a founder in 2013, she told her parents it was a “sabbatical” from her investing job. It wasn’t; she had quit the role.
Her first project—an array of nascent software products under the umbrella “Nebula Labs” that she cofounded with Stanford classmate Matt Spitz, who is now head of engineering at Vanta—didn’t work out, but it did help Cacioppo lay the groundwork for Vanta. After Nebula Labs, Spitz and, a bit later, Cacioppo, both moved to Dropbox. In 2014, Cacioppo started as a product manager of a new Dropbox product, Dropbox Paper—the company’s version of Google Docs.
The idea for Vanta came during Cacioppo’s time at Dropbox, as she was talking to Dropbox customers to get them to use Paper. A member of Dropbox’s legal team told her she couldn’t do that: The security compliance contracts Dropbox customers had signed didn’t yet apply to Dropbox Paper.
As she worked with the legal team to learn about those compliance standards, she remembered thinking about how tedious, manual and error-prone it was. “The way, as an industry, we think about the security of products, is through accountants looking at screenshots? Seriously?”
Cacioppo left Dropbox in 2016 to start Vanta with Goldman, even though they didn’t know what exactly it would become at that point. Their monthslong exploration phase would take them through several ideas, including an app that was like Amazon’s Alexa for biologists. Notably, they waited to write any code until they’d talked to enough security experts and were sure they had a business. After talking to lots of people working in security, they realized there was a need for an automated solution.
At first, Vanta was building its product with individual customers, essentially acting as security consultants themselves, and ran on relatively small amounts of funding—$500,000 from Y Combinator and $3 million in seed funding. The company surpassed $10 million in annual recurring revenue before raising $50 million in May 2021. That figure is an order of magnitude greater than that of the average startup raising its first major funding round, according to Sequoia’s Reed.
As Vanta has scaled from a handful of customers to thousands, Reed says Cacioppo’s customer-obsessed but competitor-aware approach plays out to Vanta’s benefit in a field that’s more crowded now, given that the company continues to develop and innovate its product.
Both Vanta cofounder Goldman and Vanta head of engineering Spitz say one of Cacioppo’s greatest strengths is her ability to dive into a problem she wasn’t previously familiar with, whether it was writing code for Vanta without a computer science or security background—or coming up with a pricing model for Vanta’s first enterprise customers, which she, ever an avid reader, did by “blitzing through” several books in a weekend, Goldman says. The pricing model, guided by customers’ opinions of an “expensive price” they would pay for Vanta’s product, ended up being their model for about two years.
In addition to building a successful software company, Cacioppo has occasionally done some angel investing. She backed team collaboration tool company Notion in 2016 (before Vanta was founded; Notion was one of Vanta’s first customers). In 2022, she invested in several software and security companies including vertical software-as-a-service company Pocus.
Cacciopo also wants to make a difference as a female founder and CEO of a software company: “It’s probably incrementally easier for Vanta to hire a woman than the parallel universe Vanta that’s run by, like … me, but male.” Unlike at many tech startups, Vanta’s senior leadership team is split evenly between male and female executives.
“But I think my highest level pointer message here is that more women should start enterprise SaaS companies,” Cacioppo says, referring to software as a service. “We’ve come a long way, but [we’re] nowhere near parity.”