Tom Denham is an early engineer at Vanta (YC W18), automating security and compliance, starting with SOC 2, to protect customer data and build trust in internet businesses. Read more about his experience picking up full stack development and becoming a jack-of-all trades at the early stages of YC company.

Learn more about open roles at Vanta, or join Work at a Startup to create one profile to apply to hundreds of software engineering jobs at well-funded and actively hiring YC companies.


Ryan: So you’ve had a fair enough experience as an engineer — what drew you to look for a role on Work at a Startup?

I’d been working largely for the same company for the last eight years, and I was at a fork in the road. I was working for a startup which had spun out from the company I was working for previously and I’d really enjoyed the startup experience. The startup was successful but I was looking for a change. I considered moving towards a much larger company where I could have a defined career path, but part of me wanted to do something completely different and go really small.

Work at a Startup was great for finding a lot of smaller startups, and quickly. I was keen to find a company with some traction, product market fit. A lot of YC companies on it already have both.

Ryan: What was your experience using the site, and eventually finding Vanta?

I liked the directness and simplicity of Work at a Startup. I wasn’t being forced through some kind of system, or being forced to use a proprietary messaging platform. It was more open-ended, and let me explore companies I thought were interesting.

Even so, I almost straightaway received emails from various founders. And Vanta was one of them. Their office was close by, so I replied via email and met with Christina and Erik two days later. It felt really personal and was a great way to get to know the team — by sitting down and chatting with the founders.

Ryan: Anything in particular that stood out about Vanta?

At that time, Vanta was so small, and the opportunity was actually intimidating. I wouldn’t be leveraging all open source experience I’d built up contributing to the networking in Docker and Kubernetes. That felt like a bit of a step back in my career.

But it was ticking a lot of boxes. I would be getting in the ground floor at a startup, getting to shape things. I’d be able to learn a load of new technologies, and be a full stack engineer — front end, Typescript, React. My work would be shipped to production, which was a lot different than working on open source infrastructure libraries. And I’d still get to work a bit on infra and devops things that interested me; there were lots of opportunities to improve things.

But most important, I was very impressed with Christina & Erik — their technical ability, what they had already created, and their decision making. They were really sharp about exploring the market and validating their idea with a product that already had customers. It gave me a really good sense that the company would be successful.

Ryan: So then you joined. Was being at a startup all that people make it out to be?

They tell you about startup growing pains, and we had them for sure. In my first year, we tripled in headcount. There were a lot of growing pains; we had to go from one to four rooms, and at one point even the lunch room was filled with desks. I kind of liked early on, when we were a scrappy team in the Mechanics Institute Library, this 100 year old building with creaky pipes, dodgy wiring, and apparently the longest continuously operating chess club in the US.

And as we grew, I got to have a say in who I got to work with. I got to meet my direct manager, and ask myself, “Will I enjoy working for you?” At a larger company, you don’t get that — you interview with one set of people, and you might be working with an entirely different set of people on day one.

From a product perspective, it was a lot of fun building stuff with only a few customers. I mean before we introduced Circle CI, we would just hope our Javascript compiled, I suppose. Now we have a hundred customers, and it’s a fun challenge to ship product updates without causing problems for other customers.

We’ve had to grow up pretty quickly and put together best practices. I got to introduce Circle CI as our CD pipeline. And since then, I’ve worked on just about everything: our data pipeline, infrastructure, back end systems and even some front end changes. I got to implement DataDog for infra monitoring and Sentry for additional reporting. For all we do in security, observability is really important.

Ryan: Anything surprising you about working at such a small company?

As much as I’d like to have my own company and be a founder, I know I don’t have the skills. I like seeing how the business side works, but I’m glad there are better people than me understanding things like sales and marketing.

I also like the level of openness and sharing that we have at Vanta. In our meetings every week, we get to see the bank balance. Where else do the engineers get that level of transparency? Even before I joined, the founders shared with me their strategy, customer feedback, and what they’re even paying. Given an appropriate level of detail, it helps me better understand what we need to focus on — something I didn’t necessarily get at places I’d been previously.

Ryan: That’s awesome to hear. What do you think makes that possible?

It’s the culture that Christina and Erik have built. Founders have to sign up for that transparency and willingness. All external communications, all support emails, all sales calls — it’s available to us. We’re diligent on keeping notes about meetings, weekly syncs, and sharing them out. It’s a firehose of information. But one that I appreciate. I get to see a full view of the business, if I want to, or just focus on compliance and security if I don’t.