
Vault Platform: VP Technology through the acquisition run-up
01 · Situation
A category-leading platform that needed engineering scaffolding for the next stage
Vault Platform was building the category-defining ethics and compliance reporting product for enterprise, competing at the sharp end of the SaaS market: regulated buyers, ISO / SOC-audited procurement processes, and a rapidly evolving legal landscape (EU whistleblower directive, US SEC rules).
The commercial trajectory was strong. But the engineering function needed the specific reinforcement that carries a Series B / late-stage company through both scale AND due diligence: a hardened platform, a properly structured team, and a technical narrative that would stand up to acquirer scrutiny.
I joined as the outgoing CTO was leaving, not long after Vault had closed a funding round the team had pushed hard to secure. What was meant to be a three to six month engagement became two years.
The starting point was two engineering teams, UK and Israel, 7 engineers between them, shipping fast but running on instinct: a monolithic codebase carrying real technical debt, no technical roadmap, and a release process that happened whenever the team could get to it. Product leadership was still shared across the wider leadership team rather than owned outright, and security, while nobody's fault, was early-stage for a company about to sell into buyers who'd expect otherwise.
02 · What I did
Restructured the engineering function around the acquisition path
The engagement covered the full remit of a permanent VP Technology: platform architecture, hiring plan, delivery discipline, security posture, board-level technical narrative.
- Platform architecture:The platform stayed a monolith. The fix wasn't a rewrite, it was reining in the debt around it. The bigger shift was infrastructure: built a proper DevOps function from scratch, moved to infrastructure as code, hardened the cloud environment with proper account separation and vulnerability management, and added multi-region failover so the platform could survive an outage rather than go down with it. Release process and git branching got formalised, and postmortems became routine.
- Engineering hiring:Grew the team from 7 engineers to 16, including contractors, across UK and Israel, with an engineering manager over team leads and an external team brought in to extend capacity. Built in the DevOps and data functions that are usually missing at this stage, backed by real one-on-ones and psychological safety. Retention was strong: hardly anyone left over two years.
- Delivery discipline:Releases went from ad hoc and dreaded to the lifeblood of engineering. Put a real Definition of Done in place, backed it with documentation, brought in pair programming, and ran full sprint ceremonies against a Scrumban hybrid rather than picking Agile or Kanban dogmatically. Delivery got tracked against DORA metrics to prove it was working, not just feel better.
- Security & compliance:Security had to be paramount for a platform handling this kind of sensitive data. Ran penetration testing twice a year, built automated vulnerability scanning into the release pipeline and across the cloud infrastructure, and brought in a dedicated Head of Security who sat inside the product lifecycle from day one rather than being bolted on at the end. Regular key rotation, SOC 2 and ISO 27001 certification, and a platform consistently commended by customers and auditors.
- Board & investor narrative:Owned the technical narrative the CEO took into the boardroom, translating what was happening in engineering, security, and delivery into language a board could act on. That included building out a data team with its own board-level reporting line, so the technical story stayed credible at the level where decisions actually got made.
The specifics (team sizes, uptime numbers, certifications, hire names, the sequence) are available on a call. Some are shareable, some sit under the Diligent NDA. If you're heading into a similar engagement and want the operating detail, book a 30-minute discovery call.
03 · Outcome
A clean acquisition by a category-leading buyer
Diligent, the governance software category leader (tens of thousands of enterprise customers), acquired Vault Platform in 2025. The technical diligence process ran on the picture the engineering function had been building for the previous two years, not on a rushed pre-deal cleanup.
The team grew from 7 engineers to 16 (including contractors) spanning UK and Israel, with dedicated DevOps, data, and security functions that didn't exist on day one. Vault secured SOC 2 and ISO 27001 certification. Release cadence went from ad hoc to a disciplined, DORA-tracked rhythm, and retention held throughout, hardly anyone left across the two years. Security was consistently commended by customers and auditors, right through to the acquisition.
Testimonial
Nick played a transformational role in our company. He joined at a critical inflection point and helped us rebuild the technical function (both the team and the culture) from the ground up. His calm, strategic presence and ability to earn trust across the organisation made a lasting difference. I'd work with Nick again without hesitation.
Preparing for a raise or exit?
Book a 30-minute discovery call. Honest conversation about the technical picture you'll need in the data room, and what it takes to get there.