From Cyber Dreams to Business Realities: Decoding the Success Formula for Security Startups
Vision to Value: A Guide for Aspiring Cybersecurity Entrepreneurs
Hello Cyber Builders 🖖
Embarking on developing a cybersecurity product or project presents a unique set of challenges and opportunities. At the outset, it's crucial to anchor our efforts not in the features we plan to build but in the business outcomes we aim to achieve.
This journey demands a deep understanding of our goals, a willingness to question assumptions, and a commitment to engaging directly with those who will ultimately use our solutions.
I am starting a new series to explain how I see the creation of a new cybersecurity startup, focusing more on the outcomes and practitioners' issues than on the technology. In the coming weeks, I will post more details on which methodologies aspiring entrepreneurs should use and which tools they must master.
But first, I wanted to share how important it is to align your new cybersecurity product (or new release if you are a product manager at an existing company) with the expected business outcomes.
Let’s dive in!
Setting the Stage: Aligning Cybersecurity Innovation with Business Impact
So, you've decided to create a new cybersecurity product or service but are unsure where to start. You have many ideas and a strong passion for your identified issues. You might even feel like you're the only one seeing these problems in the market despite having potential solutions.
You know it's not overly complicated to develop a service or software to address these issues, but the sheer volume of tasks can be overwhelming. How do you plan? How can you be sure of your course of action? What are the subsequent steps? What should you tackle first?
These questions might echo in your mind, dampening your excitement for your new business idea. But don't worry. I want to guide you through a process that will help you focus on suitable topics at the right time. But before we delve into that, let me share a story with you.
The Tale of CyberSecurity Startup Founders
Let me begin with a story about two individuals I've encountered multiple times. They are not real people but fictional characters who have founded a new cybersecurity company. These characters have worked in the security industry for several years, mainly providing expertise for large organizations. They've developed a deep understanding of certain areas in cybersecurity, such as identity and access management, incident response and forensics, and detection engineering.
They've recognized a problem - their colleagues often overlook parts of their job, leaving their customers underserved. These experts know what needs to be done to solve these issues.
They've decided to quit their jobs and start a cybersecurity start-up, building new software as the foundation for their venture!
They spent months focusing on creating their dream software, working tirelessly, and sacrificing their weekends and holidays. After about a year, they developed a functional product and launched a promotional campaign on social media. However, they received little to no feedback or traction.
They believed that the quality of their product alone would sell it, but they soon realized they were missing something. They start wondering what … One of the tech founders goes back to the compromises they made from their original plan to meet their launch deadline, resulting in a missing key feature.
So, they returned to work, focusing on developing this missing feature.
Guess what happened: three months later, they launched and promoted their updated product through a YouTube video. Despite reaching 100 views, they saw no significant increase in interest or sales.
It is 18 months since they started this new company, and they have ZERO customers and users. People around them start to question their progress. Wife and husbands discuss financial stability… are we going on this summer vacation trip, or will it be cut off as last year?
They continue to work harder, sometimes taking a few service contracts to improve their financials.
After another six months (24 months total), they finally made their first sale. Woo, that’s an achievement they must be proud of - I am not sarcastic here; it is always an achievement!
However, by the end of the 24th month, they had only two customers (another signed!) and decided to cease operations. One of the founders needed a job to maintain their financial stability. Despite their hard work and the potential of their software, they couldn't continue their entrepreneurial journey.
In conclusion, the founders decided to shut down their company and consider other career options. They acknowledged the hard work they had put into their venture, and they think they were “unlucky”, that the market “did not respond to the great technology”.
The Genesis of a Cybersecurity Vision
I hope this story resonates with your own experience. We all met this team. Let’s be honest; we all have been on this team at some point. We all have made the mistake of focusing too much on the product and too little on the market and the customers.
So, next time, you're on the brink of something big—either birthing a brand-new cybersecurity product or embarking on a significant project within your existing product portfolio. The big question looms: where do you kick things off?
In our next posts, we'll dive into several strategies to aid in designing, executing, and monitoring your project. But let's not get ahead of ourselves. The starting line is understanding the business outcome your new venture aims to achieve.
Foundation for Success: Understand the expected business outcomes.
“Understand the business outcomes.” What exactly do I mean by that? It's simple yet profound.
This isn't about the features you plan to roll out, nor the labor poured into crafting new interfaces or database schemas, or any addition to your tech arsenal, for that matter. The heart of the matter is the business outcome your efforts will bolster.
It's common to see a chasm between product development and sales. They operate in different spheres with distinct mindsets and day-to-day tasks. However, to think that the endeavors of product and engineering teams are in a vacuum, detached from the company's commercial pulse, is a critical misstep.
Create a new product company? What is your runway? How much revenue do you need to reach to “prove” something to potential investors? When are you broke, and will you be pushed to stop your entrepreneurial journey?
Entering a market? A stable and easy-to-use product is a must-have.
Aspiring to be recognized as the go-to solution? Again, the answer lies in enhancing your product.
Understanding the expected business outcomes for the upcoming year or quarter is crucial for any product development leader. Is growth on the horizon? In most cases, the answer is a resounding yes. But the real question is, where is this growth expected to come from?
It would help if you drilled down into the specifics. Is the anticipated growth tied to particular customers? If so, what are their unique needs and requests? Perhaps the development is expected to stem from a specific industry vertical. In that scenario, crafting solutions tailored to the nuances of that vertical becomes paramount.
Or maybe the growth drivers are something entirely different that you'll need to uncover. It's about connecting the dots between the expected business outcomes and your product's development, aligning your passion with the broader objectives.
Remember, while you might view yourself as the product guru, this journey isn't just about you or your vision. It's about empowering your colleagues and, most importantly, your users to achieve their goals. That's the essence of what we're aiming for.
Hypothesis-Driven Development: Consider your roadmap as a set of assumptions.
Now, onto the second and arguably most crucial advice: crafting hypotheses around what you're setting out to build. This step involves outlining your assumptions, a task that's far from straightforward. Your passion for the product might make you convinced you already know what needs to be done. Perhaps last year's challenges, like those heated discussions about missing features or the RFPs lost to competitors, have solidified your convictions about what's necessary.
You might feel equipped to map out a detailed plan with unwavering confidence, especially when your boss corners you for answers on this year's agenda. They expect you to have all the answers, to boldly state, "This is what we're building, and it's going to be fantastic." But here's the thing: don't pledge your commitment just yet.
The only genuine commitment should be to the business outcomes we've touched on earlier. What is the path to reaching those outcomes? That's a whole different narrative. This is where your hypotheses come into play—approach every 'certainty' with a grain of doubt.
Validate each hypothesis as you go, treating your plan not as a set of concrete steps but as a collection of assumptions awaiting confirmation. This approach isn't just about being cautious; it's about being intelligent and adaptive in uncertainty.
Step outside, engage with the real world and put your theories to the test.
Stepping Out: The Power of User-Centric Innovation in Cybersecurity. Go out of the building!
It's time to step out from behind your desk and venture beyond the building's walls. Your mission? To engage directly with the end users, the lifeblood of your product's success. Initiate open-ended conversations where the script is undefined, and the narrative is theirs to shape.
Listening is your greatest asset here. Allow their voices to guide the conversation and their experiences to unfold naturally. This isn't the stage for pitching or selling your vision. Instead, transform each interaction into a discovery session about their projects, challenges, and unique experiences.
Adopt the principles in "The Mom Test," a book for navigating customer conversations with genuine curiosity and minimal bias. Ask questions that delve deep into the realities of their needs and frustrations without leading them toward preconceived solutions. It's about uncovering truths that even they might not be aware of, insights that can pivot your hypotheses into actionable, validated directions.
I covered several of these techniques already in Ready to Level Up? Summer Watchlist for Every Cyber Builder
I am planning to share more next week.
Conclusion
In closing, the essence of developing a cybersecurity product lies in what we build and in understanding the why behind it.
It's a journey shaped by aligning with business outcomes, challenging our assumptions, and, most importantly, listening to our end users. As we navigate this path, let's remain adaptable, empathetic, and committed to delivering solutions that address current needs and anticipate future challenges.
Remember, true innovation starts with a conversation—a willingness to learn, adapt, and grow together.
Laurent 💚