Iccha Sethi is Vice President of Engineering at Vanta, the leading Trust Management Platform, where she leads initiatives focused on enhancing security and compliance automation. Previously, she was an engineering leader at GitHub where she oversaw a multi-product portfolio including Actions, Hosted Runners, Codespaces, Packages, Pages, and npm. Iccha has also held principal engineering roles across a spread of firms, large and small, including InVision, Atlassian and Rackspace.
What attracted you to the role of VP of Engineering Management at Vanta?
The corporate’s unwavering commitment to its mission. Our CEO Christina Cacioppo founded Vanta with the goal of securing the web and protecting consumer data, and from Day One, she has stayed true to this vision.
The platform she has built is indispensable for over 8,000 emerging businesses and enormous enterprises, ensuring data security and promoting trust.
Having personally experienced the challenges of navigating regulations like GDPR as Principal engineer at Atlassian and obtaining a SOC 2 attestation as engineering leader at GitHub, I understand firsthand how painful and sophisticated these processes will be. Vanta is addressing an actual problem, making compliance more manageable and cost-effective for businesses.
How has your experience at GitHub influenced your approach to engineering at Vanta?
My experience at GitHub has greatly shaped my approach to engineering at Vanta. At GitHub, I managed a various portfolio of products like Actions, Codespaces, Packages, Pages, and npm, each at different stages of maturity. For instance, Codespaces was in its early market fit phase, while Actions was experiencing rapid user growth. This taught me how one can tailor my strategies to suit the unique needs of products at various stages of their journey.
As Vanta continues to grow, I’m applying this experience to balance execution, innovation, and reliability, ensuring that we support our expanding business effectively. Just as at GitHub, where we focused on making a product developers loved, at Vanta, we’re committed to constructing a pleasant, automated experience in the safety and compliance domain. This give attention to user experience is particularly crucial in an industry ripe for automation, where reducing manual effort and friction is vital.
How do the engineering strategies differ between larger organizations like GitHub and a fast-growing startup like Vanta?
At a big company like GitHub, the engineering strategy is heavily focused on scaling, reliability, and performance as a result of the vast number of consumers and engineers involved. This requires mature incident response processes and a powerful emphasis on operational health. With more people, there’s also a major give attention to constructing a sturdy platform to make sure engineers will be productive. While constructing and shipping features remain essential, the method is more cautious as a result of the broader impact of any changes.
At a fast-growing startup like Vanta, the strategy centers on balancing innovation, speed to market, and constructing a reliable, user-friendly product for each small and enormous customers. We aim to draw and retain enterprise customers, so while the importance of a very good platform for rapid development continues to be there, we will afford to be more selective in our investments. The hot button is being mindful of areas where rapid iteration and fast failures are acceptable versus those where we’d like to determine a solid, long-term foundation.
How does Vanta utilize AI to automate critical security functions?
Security is a critical aspect of any business, whether you’re selling a product and wish to deal with customer concerns about your security posture, or assessing vendor risks when making purchases. These processes often involve sifting through extensive documentation, like SOC 2 reports, to make informed risk determinations.
Vanta leverages AI, particularly Large Language Models (LLMs), that are ideally suited to processing vast amounts of data and identifying probably the most relevant data.
We’ve seamlessly integrated AI into our Vendor Risk Management, Trust Center, and Questionnaire Automation products, allowing our customers to save lots of weeks of time by streamlining critical security functions. With AI on the helm, key security workflows at the moment are faster and more efficient.
As an illustration, Vendor Security Reviews have turn into significantly quicker, with Vanta enabling security teams to investigate and extract relevant information from SOC 2 reports, DPAs, and other vendor documentation in only seconds.
Our Security Questionnaire Automation feature allows teams to immediately pull insights from a wide range of sources, whether it’s their existing library, previous questionnaire responses, or newly uploaded policies and documents—all in only just a few clicks.
We also use AI to suggest probably the most effective tests and policies for every compliance framework, transforming what was once a manual process right into a streamlined, automated task.
Are you able to explain the role of AI-powered Questionnaire Automation in improving security review processes?
Traditionally, when selling a product, your customers send security questionnaires that may take anywhere from hours to weeks to finish.
At Vanta, we simplify this process by allowing you to upload sample questionnaires or your knowledge base. Our AI then uses LLMs to generate responses for the questionnaire, providing you with the source of data and the context behind each answer. You’ve gotten the flexibleness to switch, regenerate, or edit the whole response as needed.
This protects security teams significant time and allows them to give attention to more productive, strategic work.
What are the advantages of doing continuous controls monitoring in comparison with traditional methods?
A serious Vanta profit is the flexibility to detect and address compliance issues before they escalate into violations, somewhat than rushing to repair them during an audit or on the last minute. Vanta automates this process by constantly monitoring your controls, which allows organizations to remain ahead of potential problems and maintain ongoing compliance.
With Vanta’s continuous monitoring of controls and tests, customers can stay compliant while not having to spend hours each week on manual checks. This offers Governance Risk and Compliance (GRC) and security teams the peace of mind that they’ll be alerted when any a part of their program falls out of compliance, freeing up their time to give attention to other more strategic points of their security program.
For patrons evaluating a vendor, knowing that a security program is backed by Vanta’s continuous controls monitoring provides assurance that compliance is not a one-time checkbox on the initial audit, but is being maintained on daily basis, hour, and minute thereafter. This marks a major shift from traditional, point-in-time compliance to an always-on approach, offering a better level of trust and security that works as a strategic business lever
How has Vanta’s recent $150 million Series C funding influenced its AI development and product offerings?
The recent round will enable us to double down on expanding our upmarket momentum, international markets, and advancing our AI capabilities.
It also allows us to expand our AI team to proceed meeting our customers evolving security needs with cutting-edge AI and automation.
How does Vanta integrate with other tools and platforms to supply seamless compliance and security solutions?
Vanta integrates with a wide selection of tools and platforms to deliver seamless compliance and security solutions tailored to firms at different stages.
For startups, Vanta offers a comprehensive “compliance in a box” solution, integrating with essential tools while also providing services like access review, background checks, device management, and even cyber insurance.
For larger enterprises, Vanta supports a broader and deeper set of integrations, including cloud management, vulnerability management providers, Human Resources Information System (HRIS) solutions, and procurement tools on the Vendor Risk Management (VRM) side.
What customization options does Vanta offer to tailor security and compliance programs to specific organizational needs?
Organizations can create and monitor custom security controls that align with specific policies, ensuring their practices meet exact requirements. For those with industry-specific or internal standards, Vanta allows teams to regulate compliance frameworks accordingly. Risk assessments may also be tailored to a corporation’s unique risk profile, helping teams prioritize what matters most.
Moreover, Vanta enables the design of each automated and manual workflows that seamlessly integrate with existing processes. The platform’s flexibility extends to tool integration as well, allowing for custom integrations that connect with a corporation’s tech stack via API access. Custom alerts and notifications will be set as much as support incident response plans, while user roles and permissions will be finely tuned to manage access across teams. Finally, Vanta offers the flexibility to generate custom reports, ensuring that internal needs are met and stakeholders remain well-informed.
How is Vanta shaping the long run of trust management in an AI-driven world?
By leveraging AI to automate compliance processes, Vanta ensures that firms can effortlessly adhere to industry standards like SOC 2 and ISO 27001. The platform also supports AI compliance with example frameworks, making it easier for organizations to satisfy these evolving requirements.
By way of risk management, Vanta’s AI capabilities enable organizations to shift from a reactive to a proactive posture by identifying potential security risks before they turn into issues. This not only strengthens security, but additionally enhances overall organizational resilience.
Vanta further simplifies the usually tedious technique of completing security questionnaires. The platform’s AI learns from previous responses and routinely generates recent, accurate answers, allowing teams to maneuver faster and with greater precision.
Moreover, Vanta’s AI enhances searchability, making it easy to search out all of the essential information for security reviews by scanning through documentation with familiar search functionality.
