Last week, Brittany Roberts (Senior Operations Manager at Aiwyn) and I had the chance to attend VantaCon 2025, and it was one of the most energizing conferences I’ve experienced in a long time. What stood out was not only the technology, it was the honest conversations which ranged from how AI is reshaping security to how security teams are evolving, and why SOC 2 compliance has become essential for companies that support accounting firms and other regulated industries.
Below are the insights that resonated most with me, particularly around how organizations grow, protect their people, and strengthen their culture of trust.
1. Security teams will look dramatically different in five years
A major theme at VantaCon was how rapidly security roles and responsibilities are changing. AI and automation are now core parts of the work, which means teams will be structured differently.
Smaller, more seasoned teams
Security organizations are shifting toward an apprenticeship model. They will have fewer people with a higher concentration of senior experience. These leaders will guide and oversee AI agents that take on Tier 1 and Tier 2 tasks. Human expertise becomes more focused on judgment, coaching, and decision quality.
A more modular way of building security tools
AI-assisted development makes it possible to assemble systems in a faster and more flexible way. Instead of building every solution from scratch, companies can compose tools like building blocks. This reduces technical burden and allows teams to focus on smart orchestration instead of reinventing the wheel.
Vulnerability management will move at machine speed
Threats are discovered and exploited faster than ever before. Even small and mid-sized accounting firms will need processes that keep up with this pace. Manual response will not be enough.
A world of machine versus machine conflict
Security leaders will spend less time fighting threats directly and more time supervising and guiding automated systems that take on the frontline work. The role shifts from doing the work to directing the work.
This is a people story. Skills, responsibilities, and expectations are changing quickly, and companies that prepare their teams early will adapt more easily.
2. Why SOC 2 compliance matters more than ever for accounting firms
This was the show-stopper.
Security doesn’t just help the business succeed… security prevents the business from failing.
One of the slides crossed out the old framing and replaced it with the truth:
“We prevent the business from failing.”
For accounting firms, and for the software companies that support them, SOC 2 now plays a central role in:
• Moving upmarket
• Winning larger and more complex engagements
• Passing vendor security assessments
• Building trust early instead of repairing gaps later
• Preparing for acquisition or IPO readiness
SOC 2 is now the minimum viable trust layer. It is the standard that signals a company protects data with consistency, discipline, and accountability.
As AI raises both opportunity and risk, SOC 2 becomes even more important for:
• Documented processes
• Access and identity controls
• Vendor oversight
• Incident readiness
• Data governance across the engagement lifecycle
Organizations that invest in these foundations early will not only be safer, they’ll be more scalable and more appealing to clients and partners.
3. Security work must tie directly to business impact
One of the most valuable sessions focused on how to communicate risk in terms that leadership teams understand. This is especially important for CFOs, managing partners, and boards.
A simple example illustrated this perfectly:
Daily active users at risk becomes potential revenue loss.
If 750,000 users are exposed, and the potential impact is two million dollars, the conversation changes instantly. The work is not about a security tool or a technical project. It becomes a conversation about business continuity and protecting the company’s ability to serve its clients.
This perspective is especially relevant for organizations that:
• Manage billable hours
• Store sensitive financial or tax information
• Rely on uptime and stability
• Require cybersecurity insurance
• Need to maintain trust at scale
4. AI is reshaping every layer of security right now
VantaCon made it clear that we’re not preparing for an AI future – we’re already living in it.
- Tier 1 security workflows can be automated today
- Security engineering is becoming faster with AI-assisted coding
- Digital forensics and threat intelligence are dramatically easier with AI summarization
- GRC tools can now map evidence and requirements automatically
- Corporate security workflows often begin with an AI first pass and end with human review
For accounting firms, where workloads spike seasonally and data flows are complex, these efficiencies will make an enormous difference.
Why this matters for accounting firms, fintech partners, and all scaling companies
If your organization wants to…
- Serve mid-market or enterprise accounting firms
- Protect client trust in a more complex threat landscape
- Reduce operational risk
- Win larger opportunities
- Build a durable business that can withstand scrutiny
- Stand out during vendor security reviews
…Then investing in SOC 2 compliance for accounting firms is no longer a future goal, but a present-day requirement.
Security as a people priority
What stood out to me most at VantaCon was how security has become so much more than a checkbox. It’s about the trust we build with our people and our clients every single day. When we invest in security, we’re really investing in stability and peace of mind for everyone who depends on us.
The conversations around AI and automation were eye-opening. As someone who thinks a lot about how we support and protect our team, I’m convinced that the firms who take SOC 2 and modern security seriously now are the ones who’ll be able to grow sustainably without burning out their people or compromising what matters most.
I left feeling genuinely inspired and grateful to Vanta for creating space for these conversations. It’s energizing to be part of an industry that’s thinking this thoughtfully about the future.
