Overview
You cold call and email security leaders, compliance managers, IT directors, and sometimes CFOs/COOs at companies that need to get certified (SOC 2, ISO 27001, HIPAA, PCI-DSS, etc.). Your job is to book qualified demos for Account Executives by explaining how Vanta automates evidence collection and continuous monitoring. You're working with a product that's category-leading, but you're still making 50+ touches a day to hit your meeting quota.
Role Snapshot
| Aspect | Details |
|---|---|
| Role Type | Outbound SDR with some inbound distribution |
| Sales Motion | Balanced (inbound leads + outbound prospecting) |
| Deal Complexity | Consultative (buyers are solving compliance pain) |
| Sales Cycle | N/A (you pass to AE after qualified demo) |
| Deal Size | N/A (AEs close deals, likely $15K-$100K+ ACV range) |
| Quota (est.) | 15-20 qualified meetings/month, pipeline generation target |
Company Context
Stage: Series C+ (1,745 employees, mentioned as market leader)
Size: 1,745 employees
Growth: Actively hiring across sales org, serving 15,000+ customers, positioned as #1 in compliance automation
Market Position: Category leader - Vanta essentially created/dominates the automated compliance space, but now facing increasing competition as category matures
GTM Reality
Pipeline Sources:
- 40-50% Inbound - MQLs from website, content downloads, compliance certification searches, some free trial signups (companies researching how to get SOC 2)
- 50-60% Outbound - Cold calling/emailing companies in growth mode that need certifications for enterprise deals or compliance requirements
- ~5-10% Referrals/Partners - From existing customers, consultants, auditors
SDR/AE Structure: Dedicated SDR team feeding AEs (you're not closing deals, just booking qualified demos)
SE Support: AEs have SE support for technical demos, but you're doing initial discovery calls solo
Competitive Landscape
Main Competitors: Drata, Secureframe, Tugboat Logic (now OneTrust), plus manual compliance consulting firms
How They Differentiate: Largest customer base (15K+), 400+ integrations, AI-powered automation, strongest brand recognition in category
Common Objections:
- "We're already using [competitor]" - market is maturing
- "We'll just do it manually with our auditor" - education required
- "Too expensive" - pricing pressure from newer entrants
- "Not ready yet" - timing issues are common
Win Themes: Most integrations, fastest time to certification, continuous monitoring (not just point-in-time), enterprise-grade for scaling companies
What You'll Actually Do
Time Breakdown
Prospecting (50%) | Qualification Calls (25%) | Internal/Admin (25%)
Key Activities
- Outbound Prospecting: Make 50-70 cold calls per day to CISOs, VPs of IT, compliance managers, sometimes CFOs at Series A-C startups and growth companies. Most calls go to voicemail. You're looking for companies raising funding, chasing enterprise deals, or facing audit deadlines.
- Inbound Lead Follow-up: Work through Salesforce queue of website form fills and demo requests. Quality varies - some are ready to buy, others are early researchers or students. You need to qualify quickly and prioritize the real opportunities.
- Discovery/Qualification Calls: Run 3-5 discovery calls per day (15-20 min each) to understand their compliance needs, timeline, who's involved in the decision, and whether they have budget. You're qualifying for deal size, urgency, and authority before passing to AE.
- Sequence Management: Build and manage email/call sequences in Outreach or Salesloft. A lot of time goes into researching accounts (checking LinkedIn, funding news, job posts) to personalize outreach. You're trying to find companies that just raised money or are selling into regulated industries.
The Honest Reality
What's Hard
- Rejection Volume: Most cold calls don't connect. When they do, you often get "send me info" or "not interested." You need thick skin for 40-50 "no's" per day.
- Timing Is Everything: Compliance is often deadline-driven (need SOC 2 for enterprise deal, audit coming up). Lots of prospects aren't ready yet, so you're building pipeline 3-6 months out that may or may not convert.
- Education Required: Many prospects don't fully understand automated compliance vs. traditional consulting. You're often educating buyers on why this approach is better, which takes time.
- Crowded Space: You're competing against 3-4 direct competitors plus inertia ("we'll just hire a consultant"). Even as market leader, you're getting "we're already talking to Drata" regularly.
- Internal Process: CRM hygiene, hitting activity metrics (calls, emails), weekly pipeline reviews, forecast calls. There's administrative overhead beyond just prospecting.
What Success Looks Like
- Booking 15-20 qualified meetings per month that show up and convert to opportunities
- Generating $X pipeline per quarter (likely measured)
- Qualification accuracy - meetings you book actually turn into deals (AEs will give feedback if you're passing junk)
- Hitting 136% of quota like the team mentioned (they're setting a high bar)
Who You're Selling To
Primary Buyers:
- VPs of IT / CISOs / Security Directors at 50-500 person companies
- Compliance Managers / GRC Leaders at scaling startups
- CFOs/COOs at early-stage companies (Series A/B) where compliance lands on them
What They Care About:
- Speed to certification: Can we get SOC 2 in 2-3 months instead of 6-12?
- Reduced manual work: How much time will this save our already stretched team?
- Audit readiness: Will this actually get us through the audit, or just create documentation?
- Scalability: As we grow, will this support ISO, HIPAA, PCI-DSS, etc.?
- Integration coverage: Does it connect to our tech stack (AWS, GitHub, Slack, etc.)?
- Price vs. value: Is this cheaper than hiring a consultant + ongoing manual work?
Requirements
- 1-2 years in SDR/BDR role OR strong demonstrated prospecting/communication skills (they'll consider hungry entry-level)
- Comfortable making 50+ cold calls per day and handling rejection
- Ability to learn technical concepts (you need to speak credibly about compliance frameworks, security controls, integrations)
- Strong qualification skills - can ask probing questions to understand pain, timeline, budget, decision process
- Organized with CRM/tools (Salesforce, Outreach/Salesloft, LinkedIn Sales Nav)
- French language skills are a bonus (likely expanding into European markets)
- Coachable and competitive - they mention team culture/making work fun, but also hit 136% of quota