As businesses venture into this new landscape, security and compliance have shifted from being back-office concerns to taking center stage in product strategy.

We sat down with Vanta’s VP of Design, Deb Kawamoto, to explore how design teams can champion this shift, transforming security from a burdensome checkbox into a powerful engine for business growth and customer trust.

For large organizations, security and compliance are fundamentally a human challenge, not a technical one. Traditionally, the process is often a tangled web of manual follow-ups, permissioning mazes, and breakdowns in cross-functional communication. Deb describes it as an “invisible layer of customer experience, like wrangling cats.”

She describes the key challenges that large organizations face: “In security and compliance, there is a lot of manual work, where people have to ping someone to fill out a document or provide evidence.” 

Deb shares that the solution isn’t to force everyone into a new tool. Instead, it’s about designing workflows that meet people where they already are—in Jira, GitHub, or Slack. Vanta’s design team focuses on creating systems that respect existing behaviors rather than trying to overhaul them. One such feature allows tasks to be assigned first at a team level. A task could be assigned to the core platform team, and then from there, assigned to an individual to actually complete it.

“The way we navigate through these workflows is to adapt their natural ways of behaving instead of trying to conform to Vanta itself,” says Deb. This deep understanding doesn’t come from analytics alone; it’s born from qualitative conversations, where showing a customer a concept or pressure testing a workflow can unlock insights that abstract discussions never could.”

Vanta’s experience team frequently aligns with a few companies that are  “design partners”—often progressive, compliance, or security teams to co-develop solutions for complex challenges.

This model enables Vanta’s cross-functional teams to tackle real-world edge cases head-on, validating the solution before it’s built to scale. By collaborating with design partners, it reveals “interesting edge cases,"  which is a crucial step that not only de-risks the development process but also ensures the final product effectively meets the user’s needs.

As Deb puts it, “At least you solved it for a few real cases versus launching and nobody engages in the product at all.”

For too long, security and compliance have been seen as obstacles in the product development process—necessary evils that slow things down. But what if that framing is wrong? What if, instead of being a cost center, security could be a revenue generator?

Deb shares that the key is to reframe security not as an internal chore, but as an external asset that helps close sales deals.

“Compliance is not just for compliance’s sake,” Deb states. “In most cases, the motivation to get SOC 2 certified is to get that deal closed because a prospect will ask for it.”

“Vanta’s Trust Centers’ showcase a company’s security and compliance posture, turning it into a real business driver,” she explains. “To demonstrate a clear return on investment, we track how their customer engagement with the trust center translates directly into revenue growth.” By tying security directly to revenue, the conversation shifts from trade-offs to enablement.

No conversation about the future—or current state—of tech is complete without discussing AI. While the industry was initially hesitant, Deb has witnessed a rapid shift in attitude over the past year. Apprehension has given way to cautious optimism, provided that companies are transparent about how their models work.

“Our designers were talking to customers about AI a year ago, and were very cautious, ‘I don’t want to touch it, I don’t trust it.’ But now, you’re hearing “it’s okay as long as you cite your reference point, we get to approve it, share how we’re developing the model without their data,” she says.

For design teams, this means building trust isn’t about creating a “black box” of magic. It’s about showing your work. “One of the most critical pieces is informing the user what you’re actually processing and doing as if you were a human sharing, ‘I’m going to do these things,’ so that they feel more confident in the result,” Deb emphasizes. “The human-in-the-loop remains essential for establishing confidence, even as automation becomes more powerful.”

More profoundly, AI is unlocking compliance use cases that were previously impossible due to prohibitive time and cost. Deb’s team is currently working on a powerful set of features that could only really happen with AI.

Manually tracking commitments across hundreds of policy documents is an exercise in futility. But with AI, it becomes possible to automatically scan documents, extract specific obligations, and connect them to internal monitoring systems.

“Connecting those dots is so expensive that nobody can track it in real time,” Deb says. “AI opens a ton of doors and opportunities... where checking those things on an ongoing basis does make companies more secure from the inside.”

In the high-growth world of tech, design, and security teams share a surprising kinship. Both are often understaffed and forced to fight for resources against feature development that promises immediate growth.

“If you’re in a high-growth business, typically it’s growth at all costs. So quality or security measures are commonly deprioritized,” Deb observes. This shared experience as organizational underdogs forged a strong bond between her and security teams during her time in fintech.

For Deb, this connection highlights a fundamental evolution in the role of design. The job is no longer just about the pixels on the page; it’s about protecting the people whose data flows through the systems we build. To care for customer data is to care for customers, and this principle is at the root of a designer’s role.

This realization forces a necessary re-prioritization.

“I will care about visual design, but we have to make sure that the sequencing is appropriate. If I care too much about visual design, and not about customer data, am I doing the right thing for their customers? If I had a stack rank and made tradeoffs, I’m going to care about customer data first and foremost because that’s where the value lies for our customers.”

This is the new mandate for design trailblazers: to be the staunchest advocates for the customer, not just in usability, visual design, but in security. It’s a shift from designing interfaces to designing trust, ensuring that as we build the future, we build it on a foundation that is resilient, transparent, and secure.

At Insight Out 2025, Deb took the stage to discuss how trust is the real driver of product and design. Watch the talk on our YouTube channel.