 Hey, everyone. Welcome to theCUBE's presentation of the AWS Startup Showcase, Cybersecurity. This is season three, episode three of the ongoing series, covering exciting startups from the AWS ecosystem. I'm your host, Lisa Martin, and today I've got two great guests with me. Stevie Case is here, the Chief Revenue Officer at Vanta, and Jeff Ernst, the founder and CEO of Slap5. They're here to talk about Vanta, getting compliant and building trust fast. Jeff, Stevie, great to have you. Thanks for joining me today. Thanks for having us. Yes, glad to be here. Thank you. Yeah, we're gonna have a great conversation. Stevie, give us the lay down on what's going on with Vanta. What's new since we last spoke? Oh my gosh, so much is new. Vanta has had a tremendous amount of growth. We are really excited about trust management and the way that we're helping startups build trust in an increasingly complex world. Startups face so many challenges. The regulatory landscape is always shifting. They're having to deal with security and compliance when really they want to focus on the heart of building their product and what makes them special. We've been really focused on helping them mitigate risk, getting them compliant so they can unlock new revenue streams. We're really passionate about that work with startups. It's our bread and butter and what we do. Jeff's a great example of that over at Slap5. Excellent. Jeff, bringing you into the conversation. Give the audience an overview of Slap5 and you got to tell me what's in a name. Sure. Well, thank you. In Slap5, we are a customer marketing platform and what that really means is that we let companies turn their customers into their best sales and marketing people. And so the name comes from the whole premise that in order, if you want your customers to help make your company successful, you need to help make them successful first. So it's a Slap5 or a High5 is the ultimate expression of shared success. And so that's where our name came from. I love that shared success. And one of the, you know, I think one of the greatest things that Stevie, I think as CRO, you would agree with me that there's no greater value for a brand than the voice of its customers articulating its value prop. So, and we're going to get into that now. But Stevie, talk about you guys have over 5,000 customers now. How has working with Vanta helped those customers really build their businesses? Yeah. So, so many startups face this problem, companies of all sizes. And that is that they have to run a secure and compliant business. So, they're building great software. And what many of our customers find out is they try to bring that software to market. And when they sell it, they're asked, are you SOC2 compliant? Are you HIPAA compliant? Have you thought about GDPR? They're all of these regulatory considerations, privacy considerations that they face. And trying to address that in a way that is in any way tech forward and rational can be very difficult. And that's where Vanta comes in. So, we've built this platform that helps our customers manage compliance, manage security and prove trust in a way that is tech forward. So, great example of how we do that at the heart of it. SOC2, if you've ever been through that process, so many people do it the old school way. They're taking screenshots of their settings inside their AWS configuration. It's very, very old school. They're working out of spreadsheets and emails and screenshots. Vanta actually integrates with your core systems. And then we continuously monitor your settings and your security. So, we can prove in real time that the way you're running your business and building your software is secure. So, we take a process like getting SOC2 compliant that can be very painful and slow and turn it into something that is very achievable and that early stage startups can achieve right out of the gate while not being distracted from building their great products. That's incredibly important, especially speed and scale. Talk about, Stevie, in this climate, why compliance and security are so vital? We're in such a dynamic state these days. I mean, it all comes down to trust. You know, the regulatory landscape is changing rapidly. Obviously, there's a tremendous amount of innovation. AI is new on the horizon. And there's so much enthusiasm to build with new technologies. And I feel that, and we feel that in the startups that come to us, but it's really critical to do that in a way that builds trust because trust with the folks you're selling your software to, trust with your users, is core to any business being successful. There's also risk on the other side of that. So, you hold that tremendous trust, but if you violate that trust, the risk to a business is just immense. So, building trust and building in a compliant way from day one of building your products is really the way to go. What we're finding is so many people are in market trying to build software and they don't realize they might think it's socked to today, but then they're building in healthcare and they need to think about HIPAA and maybe they haven't thought about the California's new Privacy Act. They're actually five plus states that have their own Privacy Acts now. So, it's only getting more complicated. There are risk vectors from the vendors that you use to power your software to the people within your business. Managing that complex landscape is what we're here to help you do. And Vanta is the first that came to market with a way to do that, that makes sense from a technology perspective. So, we make it easy, we make it fast, and we help you get back to really building. Jeff, bring us into the Slap Five story based on the climate that we're in, what Stevie's been talking about from a compliance and a security perspective, SOC2, HIPAA, all those other regulations that are coming. When did you begin to think about compliance and security for Slap Five? Well, I've been thinking about it since we started the company because, but we didn't take action on it right away. And so, here's what happened. So, we started the company and as Stevie said it all comes down to trust, right? And so, in our market, Slap Five actually fills a trust gap between buyers and sellers in the market by unleashing the customer voice. Well, same thing with our prospects, more and more of them as we got through maybe 2018, 19 into the pandemic years, almost every prospect of ours would ask us if we had SOC2 compliance and to see the audit report. And if not, they would send us a 200 page questionnaire that we would have to fill out. And my CTO was spending more time filling out security questionnaires than he was writing code or building enhancements or architecting great features into our system. And so, that got very frustrating for me because we just had a backlog of security questionnaires we had to fill out. And honestly, my CTO had been through a SOC2 audit before, the old-fashioned way that Stevie described with accounting firms and things like that. And he just didn't think we were big enough yet to make that effort the investment of time and effort because, for him, it's always been a nightmare, an incredible transaction, disruption, you know, the distraction from the company. And so, I basically, we were going back and forth and I kept trying to convince him, look, we have to do this. You're going to get so much more time to work on the product. And it wasn't until one day I got an email from the wonderful Haley Burns at Vanta talking about, hey, we've got an automated way of doing this. It uses a technology approach and we've got a lot of best practice templates for all these policies. And so, I'm like, this sounds great to me. I got my CTO on the phone and said, we have to talk to Haley and this might be our path forward without being able to do it now instead of waiting another two years. Did you look at other technologies and why was the Vanta solution really spot on for Slap 5? Well, because the only thing that I knew about at the time and that my CTO knew about were when you hire an audit firm to come in and it's a manual process and they're on site with you or they're at your hosting firm or they're just very intrusive and trying to tap in and causing you to download all these reports and create custom reports over all the systems that you use. What Vanta stood out was, hey, you can plug into our hosting platform. That's awesome. You can plug into our database. You can plug into all the elements of our technology stack and pull out things to help make sure we're compliant versus us having to be reporting on those things. And that's as deep as I go technically about it, but hopefully that helps. And then so that was a big thing. And then just having these policies because another concern my CTO had was, last time he had to spend so much time writing and he's not a writer and he hates to write. And what we saw with Vanta was just having all these templates for all these policies outside of the box. Why reinvent the wheel? I mean, our policy for this or that isn't much different than any other companies. We just need to put our name in there and make sure our terms and parameters are in there. So that was a big, big point for us. I'm sensing some pretty big business outcomes, which we'll get to in a minute. But, Steve, I want to go back to you from Vanta's point of view, and I think you articulated this a few minutes ago, that early stage startups should really begin to focus on compliance and security from day one. Do you find that they generally do or is there a lot of addressable market for Vanta to educate them on why they should? We have seen a huge change on this front. I think that what Jeff is describing used to be the norm that people would put it off as long as possible until they were either stuck trying to get a deal done and they couldn't meet the requirements or there was a huge spreadsheet of questionnaire questions to fill out. And then they would get deals and revenues stuck at the one-yard line and they just couldn't get there because they couldn't prove they were secure or compliant. And people put it off because it was so gnarly to get through that process and we have seen a huge change on this front. And this is part of why Vanta has so many customers. We like to talk to our customers from day one. And we often will see that founders, one of the first purchases they make is Vanta because they want to start to lay that base of a secure and compliant way of building right out of the gate. That way it's not a huge project. Later down the line, you can start strong. And for some people it's SOC2 to start, but it's not always that. Sometimes you want to be able to prove trust with an external facing trust center. We've got a beautiful way of doing that. It's like a status page for trust and compliance. Some people need to start with some of the other frameworks ISO 27001 or FedRAMP. There are dozens of laws and regulations they might need to tackle. And then others might need to run an access review or assess the security of their vendors. They're starting to buy software themselves and we see vendors as actually a huge risk vector in a business. You're trusting that you've bought software that's secure as well. But Vanta provides a way for startups and larger companies to make sure they're doing business with secure and compliant software vendors. So we really advise start early, start often, make it a program. This is not a one-time event. It's not a one-time audit. It's got to be a way of building and that's what makes it sustainable and secure. It sounds to me like what you've seen, Stevie, is really kind of a cultural transformation in terms of the C-suite recognizing compliance and security shouldn't be bolt-ons. They're vital to the success of our business because you talk about trust and these days trust is currency. That's absolutely right. Yeah, trust is a differentiator and that's what many of our customers now see. It's not just a checkbox exercise that they have to get done. It is truly something that they are putting forward as part of their offering to differentiate themselves as companies that build in a secure and compliant way. That sets them apart from the competition. It unlocks more revenue. It unlocks new markets and it puts them in a position to succeed. I think a lot of C-suite executives are starting to see it that way. It's no longer just a bolt-on. It really is table stakes and if you do it well and you do it right and you really invest in the quality of your compliance and security, you will see that it actually drives business outcomes. And that's what every business wants is to drive those outcomes. Speaking of, Jeff, back to you. Talk a little bit about some of the growth that Slappipe has seen since using Vanta and where are you finding that trust with your customers is a huge business outcome? Yes, so the best way to answer that is to look at the before and after. So the before is our sales cycles would just come to a halt because we would have prospects that just said we need this questionnaire filled and then we would fill it and then there would be five or six rounds of reviews of that where they're asking even more questions. And so it was just causing us to either have to walk away from certain deals because we just knew we wouldn't get through it or just spend too much time doing that. And we actually fell to a lot of cybersecurity technology companies as well. And so obviously, security is a number one on their radar. And so now that we have Vanta and we're now type two audited and certified as well, and we have the report and we can now proactively in our sales cycle, even before people ask for it, we say we know you're going to be asking for this. So here's our report. And sometimes we can send off some of those tough conversations before they even happen. But then when it is brought up, we can now just basically set that aside that the number of times now that we get a big security questionnaire to fill out is probably one tenth of what it used to be. There still are an occasional ones that we have to fill out, but it usually augments what's already in the report. It's usually a lot quicker. So so accelerating sales cycles is huge. And then being able to do business with more companies, especially cybersecurity software companies has been really contributed to our growth. It sounds like it. It sounds like when you were talking, I thought it sounds like time to revenues got to be faster. The sales cycle shorter workforce productivity has to be significantly improved. Lots of business outcomes that you guys have achieved. Jeff, great stuff there. Great. Yeah, absolutely. And then the one that you pointed out, the the efficiency of our sales people too, they don't have to spend time routing this around and checking with our CTO to make sure things were answered. They can spend more time now differentiating our solution and mapping it to the challenges that our prospects have, which is what I hired them to do. I didn't hire them to be security jockeys. Exactly. And I'm sure that's what they want to do as well. Good stuff there. Stevie back to you as Vanta continues to grow and to develop. What are some of the things that are top of mind for you? You know, for us, it's all about trust management. So expanding the ways in which we help companies secure their software, secure their business is what it's all about. So for us today, that means really extending the complexity of the environment that we're able to address. So we're certainly known for SOC too. That was our early days, bread and butter, and we do a lot of business powering SOC twos for startups. But there's so much more than that. There is this risk vector with vendors. Every company as a part of this process of becoming compliant has to do access reviews. You know, you would be shocked how often we work with our customers and they onboard the Vanta and we run them through our access reviews product and they realize that people that had left the company still have access to systems that they shouldn't have access to. This is shockingly common and you need a tool that is going to be able to help you see that and really take care of it and address the risk. So for us, it's all about making that even more useful. Jeff talked about questionnaires. We're also powering ways to make answering questionnaires even easier. We really want to meet our customers where they are and help them deal with all the ways that they have to secure their business to prove compliance and to prove trust. So if we can automate that, we'll be there to do it. We're going to make our customers' lives easier everywhere we can and make sure that they're able to build trust with their own customers. It's all about trust. Stevie, Jeff, thank you so much for coming on the Cube for the AWS startup showcase on cybersecurity. We appreciate your time, your insights into Vanta, how you're helping those 5,000 plus customers of which Slap5 is one. And Jeff, keep up the great work there with your customers too. We appreciate you guys. Thank you. Thank you for having me. Our pleasure. We want to thank you for watching and remind you to keep it right here for more action on the Cube. You can find all of our on-demand content on thecube.net. All editorial is on siliconangle.com. You're watching the Cube, the leader in tech coverage.