Cheeky Pint
Cheeky Pint

Compliance at scale and why TAM is a distraction, with Christina Cacioppo of Vanta

March 31, 2026

AI Summary

5 min read

Christina Cacioppo, founder and CEO of Vanta, explains how her company automates compliance and security programs for software vendors, turning high-level standards into monitored controls. Drawing from her Dropbox experience, where launching a new product stalled due to missing compliance proofs, she built Vanta to make startups "audit-ready" continuously, serving 15,000 customers with 60%+ annual growth.

Origin and Product Mechanics

Vanta started in 2018 after Cacioppo observed startups ignoring security until a customer demanded SOC 2 compliance—a "buying moment" that forced implementation of best practices. Founders faced questionnaires or audits without prior work, while enterprises tracked controls in spreadsheets or Jira. Vanta provides a tailored list of applicable controls (derived from 30,000+ past audits, customer contracts, and questionnaires), implements them as automated "tests" modeled on unit tests—pulling data from GitHub, GitLab, etc., to enforce rules like separate doer/approver in code reviews. This ensures ongoing monitoring, dashboards, deviations, and auto-remediation, with outputs like logs for auditors. Early-stage users get prescriptive guidance; larger ones focus on observability, like Datadog for compliance.

Continue reading the full summary in the app — free to try.

Read Full Summary →

Free • No credit card required

Listen to Audio Summary Open in App

What you'll learn

  • 1 (00:01) **Vanta Founding Overview** - Christina introduces Vanta's mission to automate security programs and compliance audits for startups to enterprises
  • 2 (01:55) **Origin at Dropbox** - Compliance roadblocks launching Dropbox Paper inspire Vanta after year of founder talks
  • 3 (04:03) **Discovering Real Opportunities** - Experience in big tech uncovers hidden problems like SOC2 vs half-baked student ideas
  • 4 (05:18) **Current Scale and Growth** - 15k customers, 60%+ YoY growth accelerating; self-serve from 2-founder couch to Fortune 50
  • 5 (07:21) **Product Layers Explained** - Controls definition + continuous monitoring; early cos need both, later focus on observability
  • 6 (08:17) **Enforcing Controls via Tests** - Unit-test style checks on GitHub PRs for rules like separate doer/approver
  • 7 (09:04) **Iconic Billboard Saga** - "Compliance doesn't have to suck" drives massive awareness, later lost to agency mishap

+ Full timestamped outline available in the app

Show Notes

Christina Cacioppo, founder and CEO of Vanta, joins the pub to discuss building the future of agentic trust. She explains why compliance has a “vitamin vs painkiller” dynamic, the drama behind their famous 101-billboard campaign, and why she believes "market sizing is bullshit." They cover the tension between vibe coding and rigorous security, how Vanta is using agents to generate UI, and why the best founders are relentless truth-seekers.


Timestamps

(00:00:17) Vanta

(00:12:30) How compliance works

(00:15:06) Breaches

(00:23:52) Stripe Tax

(00:24:43) AI and compliance

(00:44:50) Go-to-market

(00:47:22) Lessons from USV

Cheeky Pint

More from this podcast

Cheeky Pint →