Scott Holden Joins Vanta as Chief Marketing Officer
Holden brings 20 years of marketing expertise in product-led growth and enterprise scale to Vanta.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
ISO 42001 & NIST AI RMF: Practical steps for responsible AI governance
As artificial intelligence continues to reshape industries, responsible governance has emerged as a business necessity. Organizations deploying AI face the challenge of maintaining innovation while mitigating risks related to bias, data privacy, security, and transparency. Two major frameworks – ISO 42001 and NIST AI Risk Management Framework (AI RMF)—have been developed to help businesses navigate this balance.
Bret Taylor of Sierra: How to sell to Enterprise Companies as an AI Startup | Frameworks for Growth
In this episode of Frameworks for Growth, Vanta CEO Christina Cacioppo sits down with Bret Taylor, Co-founder and CEO of Sierra, to discuss the evolution of technology, from the early days of cloud at Salesforce, to enterprise-ready AI companies—plus cultural lessons from companies like Google and Facebook, and what it takes to launch successful AI startups today. Bret shares insights from decades at the forefront of tech innovation—including his time as co-CEO of Salesforce and CTO of Facebook—offering advice for founders navigating today’s market and tomorrow’s challenges.
Why measuring your security maturity matters (And how we do it at Vanta)
Security maturity means different things to different organizations, but the one constant is that it needs to be structured. By consistently assessing where you stand and where you need to go against a solid framework, you're able to take what seems like an impossible goal and break it down into achievable and actionable checkpoints that actually move the needle. The key to making this work isn't just having the right framework but making sure the right stakeholders are involved in the process.
HIPAA violations in 2025: Staff mistakes and vendor blind spots
HIPAA violations don’t always come from malicious attacks or headline-making data breaches. More often, they stem from everyday mistakes, like misdirected emails and vendors that aren’t as secure as they seem. Even small slip-ups can expose protected health information (PHI) and invite major consequences. In today’s complex compliance landscape, those mistakes are alarmingly common.
HIPAA 2.0, Minimum Viable Hospitals, and Strategies for Cyber Resilience within Healthcare
Welcome to the Data Security Decoded podcast, brought to you by Rubrik Zero Labs. In each episode, we discuss cybersecurity with thought leaders and industry experts, getting their take on trends, themes, and how they see data security evolving. This is a must-listen for security and IT leaders looking to better understand trends shaping data security and how they can achieve cyber resilience.
What's the Cheapest Way to Comply with HIPAA Online Tracking Technology Rules?
The U.S. Department of Health and Human Services (HHS) clarified in 2022 and again in 2023 that tracking technologies like Meta Pixel and GA4 can expose Protected Health Information (PHI). This applies even if PHI isn’t explicitly shared—contextual data such as appointment searches or logged-in status on a patient portal can qualify.
Ransomware Strikes : The Final Conclusion (Part 4)
Moving into the Final Chapter of Our Ransomware Series! You've made it through the critical first hour—great job! Now, the real work begins. In this video, we go into the after effects and solutions to what happens after the initial containment, including the importance of a solid Incident Response Plan, whether to pay the ransom, engaging experts, and the crucial steps to recover and harden your defenses.
Continuous audit readiness: Multi-frame compliance for strategic advantage
Navigating the business environment calls for a proactive approach to risk management—particularly through continuous audit readiness. This strategy not only assures compliance across multiple frameworks, but it also drives operational efficiency, protects brand reputation, and supports strategic decision-making initiatives.
Who Owns CMMC Evidence Collection in a Small Business?
The Cybersecurity Maturity Model Certification, CMMC, is a critical part of ensuring robust and equal information security from top to bottom throughout the Department of Defense’s supply chain. A common misconception about CMMC, stemming from previous pre-CMMC security, is that it primarily applies to prime contractors and big businesses.