Cyber Builders Unite! 🚀 Unlocking the Potential in Cybersecurity Entrepreneurship

4 Steps to Identify Opportunities and Transforming Ideas into Success Stories as a Cyber Builder

Hello 👋🏼

This week I start with a manifesto to see more Cyber Builders creating new services, products, and companies. You could be a builder within your organization, creating new services to protect other departments. You could be the CEO of a bootstrapped startup. You could moonlight and develop new software, eventually becoming CTO of a VC-backed startup. There are many ways to be a Cyber Builder.

I want to help by providing some thought framework for finding new ideas and hunting spaces where gaps still exist. We will cover four different ways to think about your next idea in cybersecurity. I hope this help.

Before we begin, I'd appreciate it if you could do me a favor. Would you mind sharing this post or the latest on "Resilience is the New Black" with one of your colleagues or connections? Thank you in advance for your support and for helping me to spread the word!

We need more entrepreneurs in Cybersecurity.

If you're a product manager in a B2B IT company or an entrepreneur looking for your next project, consider cybersecurity your next venture. You could design a new service package to help customers protect their assets or build a new company creating products to increase the cyber resilience of your customers.

The cybersecurity industry faces a shortage of 3.5 million professionals globally, underscoring the need for more individuals to enter the field. Cybersecurity is a technology-driven industry growing at a 12% CAGR, with the global cybersecurity market projected to reach several hundreds of billions per year.

McKinsey estimates the global addressable cybersecurity market would reach 2 Trillion US$. Total Accessible Market is an indicator of the size of the opportunity. As Wikipedia puts it:

Total addressable market (TAM), or total available market, is a term typically used to reference the revenue opportunity available for a product or service. TAM helps prioritize business opportunities by serving as a quick metric of an opportunity's underlying potential.

In 2022, the actual market - what was done - was around 150 B$. With 2T$ of TAM, it’s a 10x potential to build and sell more products and services in the coming years.

We need new people entering the industry. We need more Cyber Builders.

Exciting, no? 😍

We should see many people rushing to the opportunity.

Well, not really! ☹️

For many people I've met, entering the field is scary.

Cybersecurity is still an industry that's not that open to newcomers. Look at how the media depicts it: you have the defense expert, doing a TV appearance in a black suit, looking very serious and knowledgeable, or the young white male wearing hoodies who doesn't seem to care about others. Most people don’t want to look like that.

Moreover, this depiction is unfair, as the cyber industry is more diverse than it looks. Large IT companies like Cisco or Microsoft have built security empires, training thousands of engineers, product managers, security architects, and salespeople. Service companies offer various positions: Threat Intelligence analysts, where people are hired based on their geopolitics and linguistic skills; Awareness program manager to help spread the best practices inside companies; and a position where hiring is mainly based on soft skills. There is space for anyone within cybersecurity. We need to continue to be more inclusive.

Still, outside our industry, our matter feels complex, reserved for some special people, and hard to enter. In this post, I want to show how cybersecurity relates to the entire tech ecosystem and how anyone can discover good cybersecurity products or service ideas.

💡 Cybersecurity is not reserved for a security elite - everyone can do it.

I’m not pretending to have the magic wand to make you rich over the next five years. 😁 Still, I firmly believe there are ways to think about cybersecurity and understand the value a cybersecurity product or service delivers.

#1 - Hear what cybercriminals do

One way to find ideas is to start looking around you. Unless you live in a cave, you have noticed that cyber security issues have grown exponentially in a few years. Turning on the news without hearing about a cyber attack or data breach is difficult.

It is no longer the case that cyber-attacks only target large enterprises, such as banks, defense contractors, or public organizations, like ministry governments and well-known NGOs. Small businesses are now frequently targeted and often struggle to recover from the financial losses and reputational damage that result from such attacks. Worse still, hospitals, schools, and other critical infrastructure are becoming more common targets for cybercriminals.

It is essential to take the time to look at the latest cyber attacks in 2022 and delve deeper into the root causes of these incidents. For instance, ransomware campaigns have been increasingly exploiting small and medium-sized businesses lack of security readiness (SMBs), highlighting the need for better crisis management tools. These attacks also underscore the importance of delivering cybersecurity as a service by trained professionals who can provide comprehensive security solutions. By staying informed about the latest cyber threats and investing in robust security measures, individuals and organizations can minimize their risk of falling prey to cybercriminals.

Protecting and helping people save their businesses and their employees' jobs is a vital and valuable mission that more people need to embrace.

#2 Think about IT Computing Platforms

Over the last few years, information technologies (IT) changed how we live, work, get informed or entertained, or marry. Twenty-five years ago, we had no Internet, no smartphones, and computers were a way to input data into extensive databases to keep track of invoices or pay slips. They were seen as fancy typewriters or video game platforms for geeks.

Since then, the software has ”eaten” the world, as Mark Andreessen prophesied. New computing platforms have been invented.

Let’s have a look at the latest one: Cloud Computing. Fueled with API-driven services and elastic resource allocation, became a big thing since AWS pioneered the field. It ignited the SaaS business model, with many companies moving from on-prem shrink-wrap software to subscription-based, web-delivered software that is easy to update for the vendor and consume for users.

Any new IT computing platform creates new security threats, risks, and issues. For example, when mobile was introduced, it became easier to lose or have a mobile device accessible to physical intrusion. To combat this, mobile device management platforms with security features were developed. These platforms enable corporations to establish a company-wide policy for encrypting mobile devices, locking lost or stolen mobile devices, and defining password policies.

You should look at what's next in IT. What is changing? What is brand new? After the ChatGPT outbreak, Generative AI and LLMs will be new components of the software stacks. Apple unveiled the Vision Pro, a new spatial computing platform, early June 23. It is still early, but I expect these new “platforms” to create a new technology ecosystem, new usage, and new threats and security issues!

#3 - Look at the new usages

Another approach to enhancing cybersecurity is to consider all the new usages, such as Hybrid Work, and assess how these new technologies can be secured. In Q1 2020, with the COVID outbreak, the world switched from a “We work in the office” to “Work is what we do, not where we go.”. We work on our sofas, in trains, in hotels, at home, or in the office.

💡 One key question to find new ideas is: “How does this new usage impact security?”

For instance, remote access is becoming more common, which means that endpoints are often left in the wild and in the hands of users who may not be fully aware of the potential threats. To address these challenges, corporations must invest in more robust security solutions that can provide enhanced protection against cyber threats. This may involve implementing new security protocols, such as two-factor authentication or EDRs

“Digitization” - what an awful name! - means putting digital means into existing markets. Considering all the new domains that IT will transform (”Digitize” is a goldmine. Each time IT transforms an industry, new usages appear, changing the cybersecurity paradigms.

Let’s take another example with the digitization of physical processes, especially manufacturing. Before, even the most sophisticated machines were isolated elements not connected to a network and not communicating with each other. They were designed to be reliable, meaning they could withstand configuration errors or physical incidents such as missing parts or mishandling by an operator. If part of the machine broke, it would stop and go into a safety position, meaning it would not harm people around it or damage parts or products inside it. The digitization of the process transforms this machine into a set of data through sensors, the ramp controllable via software through motor actuators, and finally, the interconnection of all these machines creates new challenges in terms of cybersecurity. By grasping these issues, many startups, including Sentryo, the company I co-founded with Thierry Rouquet in 2014, launched themselves, considering that there was something specific to be done in this field of modern industry. We knew there was built-in safety, but cybersecurity remained uncharted territory in manufacturing networks.

Each area that undergoes digital transformation requires a specific approach to cybersecurity. Existing systems typically need to be migrated, and different types of architecture and software will coexist for years, creating unique cybersecurity challenges. However, cybersecurity can also be an enabler. Digitizing a process often reveals a very heterogeneous environment with existing systems, outdated software, small software, and other unmanaged components. Furthermore, as people change their behavior, new challenges emerge. Criminals may take advantage of these opportunities.

#4 - Talk to cybersecurity practitioners

The last approach you should take to find new ideas for cybersecurity products or services is to observe what security practitioners are doing. Instead, think about how you can help them. Engineering-driven founders often begin with a technological vision without considering the needs of those in the field.

Understanding what security practitioners do daily, where they spend time doing repetitive tasks, how long they spend on each task, and the end goal or value they deliver is crucial. Security practitioners rely on custom scripts, Excel spreadsheets, and wikis for many tasks, although they face new threats, usage, and technologies. Automating their day-to-day operations saves time, and more value can be delivered to practitioners.

Moreover, due to the lack of time and resources, there are many good practices that they cannot implement. With new, well-executed software, it is possible to democratize a good practice and make it available to the general public when it was previously only reserved for a handful of experts, often in large companies.

Understanding what cybersecurity professionals are doing today, or what is known as customer discovery in product management, can be particularly challenging in cybersecurity. This is because it often requires asking questions to understand the practices of potential future clients.

However, people in the security field tend to be hesitant to talk about what they do daily, what tools they use, or what problems they encounter. Sharing this information could aid a potential adversary, so people tend to be guarded. Despite this, it is necessary to establish trust with professionals and understand where they spend their time and their challenges. This is particularly important in a context where the world lacks 3.5 million professionals, with 15,000 needed in each major European country.

Conclusion

Cybersecurity is an industry that needs more people to enter the field. It may seem scary, but many ways exist to become a Cyber Builder and make a difference. Here are four ways to find the best cybersecurity ideas:

• Hear what cybercriminals do,

• Think about IT Computing Platforms,

• Look at the new usages,

• Talk to cybersecurity practitioners.

Following these approaches, we can discover new ideas and hunt for spaces where gaps exist. The potential is enormous, with the global cybersecurity market projected to reach several hundreds of billions annually. It's time to be optimistic and welcome more people to join the field as Cyber Builders.

If you enjoyed this edition, please give it a little 💚💙 by clicking on the heart.

Laurent. ❤️