Iccha Sethi, Vice President of Engineering at Vanta – Interview Series

Iccha Sethi is Vice President of Engineering at Vanta, the leading Trust Management Platform, where she leads initiatives focused on enhancing security and compliance automation. Previously, she was an engineering leader at GitHub where she oversaw a multi-product portfolio including Actions, Hosted Runners, Codespaces, Packages, Pages, and npm. Iccha has also held principal engineering roles across a range of companies, large and small, including InVision, Atlassian and Rackspace.

What attracted you to the role of VP of Engineering Management at Vanta?

The company’s unwavering commitment to its mission. Our CEO Christina Cacioppo founded Vanta with the goal of securing the internet and protecting consumer data, and from Day One, she has stayed true to this vision.

The platform she has built is indispensable for over 8,000 emerging businesses and large enterprises, ensuring data security and promoting trust. 

Having personally experienced the challenges of navigating regulations like GDPR as Principal engineer at Atlassian and obtaining a SOC 2 attestation as engineering leader at GitHub, I understand firsthand how painful and complex these processes can be. Vanta is addressing a real problem, making compliance more manageable and cost-effective for businesses.

How has your experience at GitHub influenced your approach to engineering at Vanta?

My experience at GitHub has greatly shaped my approach to engineering at Vanta. At GitHub, I managed a diverse portfolio of products like Actions, Codespaces, Packages, Pages, and npm, each at different stages of maturity. For example, Codespaces was in its early market fit phase, while Actions was experiencing rapid user growth. This taught me how to tailor my strategies to suit the unique needs of products at various stages of their journey.

As Vanta continues to grow, I’m applying this experience to balance execution, innovation, and reliability, ensuring that we support our expanding business effectively. Just as at GitHub, where we focused on creating a product developers loved, at Vanta, we’re committed to building a delightful, automated experience in the security and compliance domain. This focus on user experience is especially crucial in an industry ripe for automation, where reducing manual effort and friction is key.

How do the engineering strategies differ between larger organizations like GitHub and a fast-growing startup like Vanta?

At a large company like GitHub, the engineering strategy is heavily focused on scaling, reliability, and performance due to the vast number of customers and engineers involved. This requires mature incident response processes and a strong emphasis on operational health. With more people, there’s also a significant focus on building a robust platform to ensure engineers can be productive. While building and shipping features remain important, the process is more cautious due to the wider impact of any changes.

At a fast-growing startup like Vanta, the strategy centers on balancing innovation, speed to market, and building a reliable, user-friendly product for both small and large customers. We aim to attract and retain enterprise customers, so while the importance of a good platform for rapid development is still there, we can afford to be more selective in our investments. The key is being mindful of areas where rapid iteration and fast failures are acceptable versus those where we need to establish a solid, long-term foundation.

How does Vanta utilize AI to automate critical security functions?

Security is a critical aspect of any business, whether you’re selling a product and need to address customer concerns about your security posture, or assessing vendor risks when making purchases. These processes often involve sifting through extensive documentation, like SOC 2 reports, to make informed risk determinations. 

Vanta leverages AI, particularly Large Language Models (LLMs), which are ideally suited for processing vast amounts of information and identifying the most relevant data. 

We’ve seamlessly integrated AI into our Vendor Risk Management, Trust Center, and Questionnaire Automation products, allowing our customers to save weeks of time by streamlining critical security functions. With AI at the helm, key security workflows are now faster and more efficient.

For instance, Vendor Security Reviews have become significantly quicker, with Vanta enabling security teams to analyze and extract relevant information from SOC 2 reports, DPAs, and other vendor documentation in just seconds.

Our Security Questionnaire Automation feature allows teams to instantly pull insights from a variety of sources, whether it’s their existing library, previous questionnaire responses, or newly uploaded policies and documents—all in just a few clicks.

We also use AI to suggest the most effective tests and policies for each compliance framework, transforming what was once a manual process into a streamlined, automated task.

Can you explain the role of AI-powered Questionnaire Automation in improving security review processes?

Traditionally, when selling a product, your customers send security questionnaires that can take anywhere from hours to weeks to complete.

At Vanta, we simplify this process by allowing you to upload sample questionnaires or your knowledge base. Our AI then uses LLMs to generate responses for the questionnaire, providing you with the source of information and the context behind each answer. You have the flexibility to modify, regenerate, or edit the entire response as needed.

This saves security teams significant time and allows them to focus on more productive, strategic work.

What are the benefits of doing continuous controls monitoring compared to traditional methods?

A major Vanta benefit is the ability to detect and address compliance issues before they escalate into violations, rather than rushing to fix them during an audit or at the last minute. Vanta automates this process by continuously monitoring your controls, which allows organizations to stay ahead of potential problems and maintain ongoing compliance.

With Vanta’s continuous monitoring of controls and tests, customers can stay compliant without needing to spend hours each week on manual checks. This gives Governance Risk and Compliance (GRC) and security teams the peace of mind that they’ll be alerted when any part of their program falls out of compliance, freeing up their time to focus on other more strategic aspects of their security program.

For customers evaluating a vendor, knowing that a security program is backed by Vanta’s continuous controls monitoring provides assurance that compliance isn’t a one-time checkbox at the initial audit, but is being maintained every day, hour, and minute thereafter. This marks a significant shift from traditional, point-in-time compliance to an always-on approach, offering a higher level of trust and security that works as a strategic business lever

How has Vanta’s recent $150 million Series C funding influenced its AI development and product offerings?

The recent round will enable us to double down on expanding our upmarket momentum, international markets, and advancing our AI capabilities. 

It also allows us to expand our AI team to continue meeting our customers evolving security needs with cutting-edge AI and automation.

How does Vanta integrate with other tools and platforms to provide seamless compliance and security solutions?

Vanta integrates with a wide range of tools and platforms to deliver seamless compliance and security solutions tailored to companies at different stages. 

For startups, Vanta offers a comprehensive “compliance in a box” solution, integrating with essential tools while also providing services like access review, background checks, device management, and even cyber insurance.

For larger enterprises, Vanta supports a broader and deeper set of integrations, including cloud management, vulnerability management providers, Human Resources Information System (HRIS) solutions, and procurement tools on the Vendor Risk Management (VRM) side. 

What customization options does Vanta offer to tailor security and compliance programs to specific organizational needs?

Organizations can create and monitor custom security controls that align with specific policies, ensuring their practices meet exact requirements. For those with industry-specific or internal standards, Vanta allows teams to adjust compliance frameworks accordingly. Risk assessments can also be tailored to an organization’s unique risk profile, helping teams prioritize what matters most.

Additionally, Vanta enables the design of both automated and manual workflows that seamlessly integrate with existing processes. The platform’s flexibility extends to tool integration as well, allowing for custom integrations that connect with an organization’s tech stack via API access. Custom alerts and notifications can be set up to support incident response plans, while user roles and permissions can be finely tuned to control access across teams. Finally, Vanta offers the ability to generate custom reports, ensuring that internal needs are met and stakeholders remain well-informed.

How is Vanta shaping the future of trust management in an AI-driven world?

By leveraging AI to automate compliance processes, Vanta ensures that companies can effortlessly adhere to industry standards like SOC 2 and ISO 27001. The platform also supports AI compliance with example frameworks, making it easier for organizations to meet these evolving requirements.

In terms of risk management, Vanta’s AI capabilities enable organizations to shift from a reactive to a proactive posture by identifying potential security risks before they become issues. This not only strengthens security, but also enhances overall organizational resilience.

Vanta further simplifies the often tedious process of completing security questionnaires. The platform’s AI learns from previous responses and automatically generates new, accurate answers, allowing teams to move faster and with greater precision. 

Additionally, Vanta’s AI enhances searchability, making it simple to find all the necessary information for security reviews by scanning through documentation with familiar search functionality.

Thank you for the great interview, readers who wish to learn more should visit Vanta.