Unlocking the Secrets of Cybersecurity Product Teams 🔓
Creating a future-proof cybersecurity product requires a great team! Discover the roles, strategy, and mindset required.
This week I am diving into a new topic: what is “Product” in a security startup? It is mainly misunderstood in many startups or scale-ups, especially in Europe. The different roles related to Product (Management, Marketing, Engineering) are unclear and often implemented with great confusion. I’ll add my contribution to the conversation and provide best practices.
Before we jump in, I would like to ask you a favor. Could you share this post or the latest on Six Pillars of CyberSecurity Platforms with one of your colleagues or connection? Please share it on LinkedIn, either. It will help me grow the readership.
In the beginning, there were Founders.
Let's look at a startup's typical product creation process. At the very beginning, two or three people brainstorm about creating a new business. They may develop ideas and a vision for solving issues or using innovative technology in a specific field.
The most successful founder groups typically have a CEO leading the way with a business vision and a pragmatic approach to capturing the market and solving urgent problems. They also have a hands-on CTO who is up-to-date on technology trends and understands their potential.
Let’s imagine we continue picturing a successful startup.
Jobs and Wozniak are two legendary co-founders. You can picture them in your mind for my little story here, back in the seventies!
The company has developed a product they sold to their first early adopters. They secured funding from venture capitalists or other institutional investors. In a few years, they aim to have a thriving business with 30 to 50 employees, serving customers and generating growth.
Over that time, the CEO and CTO roles became much more specific. The CEO leads the sales, closes big deals, and meets with strategic customers. He secures more capital and hunts for insights related to his business. On his end, the technical founder grows a team of engineers and hires junior and senior engineers with diverse skill sets. He created a product and engineering process to meet his deadlines and customers’ commitments.
Over time, the initial vision, under which they get together fades away. The product and why it exists is the least essential thing in the company compared to growing the business and managing the teams. After all, the company has customers asking for features. The sales are also asking for improvements to compete against new entrants. The founder/managers could think it would be just a matter of building these improvements in the product, taking commitments, and delivering releases to fuel the sales pipeline…
Even fairytales have limits.
Suppose you recognize your company in the above fairytale. Don’t worry. You’re not alone. It’s a made-up story, but you can see it often in the market, especially in Europe.
First of all, there is no shame in being in that situation. After all, the company has successfully created a product, sold it to a panel of customers, and has a nearly sustainable business. It may even be bootstrapped with little capital investment. Entrepreneurs and their teams must be proud of that!
The pattern is typical in very technological products like our cybersecurity industry. As technology and security domain knowledge is material, engineering tends to be the leading team for product inception. In many early days, engineering teams were product-oriented, as they joined a startup to build a new product. But when the company grows, the risk is to build up a “Frankenstein-type” product after ten years.
In European companies, the role of a Product Manager or Chief Product Officer may not be as established as in US businesses. However, this is rapidly changing as more and more scale-up companies emerge, especially in the Internet and Deep Tech fields. These companies invest in product roles, set up product teams, and hire product managers and UX designers.
Despite this progress, there is room for improvement, and many organizations still need better org charts, which can ultimately hinder growth. Nevertheless, I am confident that European companies can continue to thrive and stay competitive in the global market with the proper emphasis on product roles and teams.
Product community cheerleaders
Fortunately, product leaders like Melissa Perri and Teressa Torres educate the market with their consulting services and books. I recommend reading “Escaping The Build Trap” and “Continuous Discovery Habits.”
In today's competitive market, companies prioritize developing new features over creating a product that delivers real value to the customer. As said before, let’s chat with the most successful salesman and implement his request!
This is often due to a need for more understanding of the customer's needs and a focus on short-term gains. Identifying the different “user persona” and the value to deliver to them is material. However, building a scalable product organization requires a product strategy that connects the company's vision and economic outcomes with the development of the product.
To achieve this, it is essential to identify and pursue opportunities for value creation through an iterative product framework. This involves a process of continuous feedback and improvement, where the product is refined based on customer feedback and market trends. By doing so, companies can ensure that they are delivering a product that meets the needs of their customers and provides real value.
That’s why Perri and Torres emphasize the idea of “Product Discovery vs. Product Delivery.”
Good product discovery involves the customer in the decision-making process. Product discovery is deciding what to build, while product delivery is building, shipping, and maintaining the product. Some many tactics and frameworks are associated with product discovery, such as customer interviews, usability tests, A/B tests, demand tests, assumption tests, customer journey mapping, experience mapping, story mapping, assumption mapping, OKRs, opportunity solution trees, impact mapping, jobs-to-be-done, ethnographic studies, and customer visits.
But it is not just a set of techniques. It starts by establishing a new culture and a new mindset. Cultivating a culture that prioritizes successful outcomes is crucial for building successful products. This involves creating an environment where employees are encouraged to take risks, learn from failures, and continuously improve their skills. Leaders must ask for outcomes (”Grow user base by x%”) and not outputs (”Deliver these three features until the end of March”).
By doing so, companies can create a culture of innovation and growth essential for building scalable and successful products.
Product at a cybersecurity company
The Product roles for a cybersecurity company are not different than the Product roles in any other software or technology vendor.
A great product manager needs to balance intuition and evidence. He needs to understand his market and user persona to produce inspirational ideas. At the same time, he needs to use objective evidence like user feedback and industry data to shape his thoughts and earn stakeholder buy-in. It's crucial to sharpen intuition, hone analytical skills, and find the balance between trusting his gut and the data.
Moreover, for cybersecurity products, it includes understanding security…. Let me repeat, “It includes understanding security.” Feels odd?
What I mean is that to be a great product manager, you need to understand how your product fits in the security process of your customer. You must help the security practitioner in his journey. Your product - a tool - is not a magic wand. It is not solving all issues or detecting all threats. Your product is valuable for specific reasons, and you must frame them. It would be best if you are balanced and don’t overpromise.
If I am buying a cybersecurity product, the users within my organization must get value. They will be protected against a specific set of threats, or these threats will be detected. Vague value propositions need to be revised to understand the value of the cybersecurity product. It must be specific and clear.
Too many cybersecurity products fail to articulate their value proposition to users and buyers. The product team must train the sales or customer success team. These front-row teams must spend time with the users and customers to teach them. For sales or service people who have yet to sell software, it might be challenging to get.
As cybersecurity is a growing market, the product roles must be knowledgeable and pull up the teams around her. When interacting with Sales or Engineering, explaining, educating, and providing context are daily jobs.
Product Manager Role
Several roles are related to the product and must not be mixed up.
A Product Manager is a pivotal role within an organization. They are responsible for identifying the customer's needs, the larger customers, and the business objectives a product or feature will fulfill. They articulate what success looks like for a particular product and rally a team to turn that vision into a reality.
Martin Eriksson, a product leader, built this Venn diagram.
The diagram depicts product management as the intersection of business, technology, and user experience. This means that a product manager must deeply understand the business objectives, the technology required to achieve the goals, and the user's experience using the product.
The Product Manager is not an expert in all these activities. He is a facilitator or an aggregator.
I like to think of PMs as the masters of “Why.” Why does the product exist after all? Why does the customer have the need? Why the vendor selling the product needs it? It is a 360° “Why.”
And part the “Why” security is a big part of it. Working with security practitioners and solving their problems is critical.
The Product Manager tools are critical to the success of any product. They help create a product roadmap, outlining the key features and milestones over the next quarter and year. Additionally, the product vision provides a clear direction for the team and helps to align everyone around a shared goal.
Product Marketing Role
Product Marketing is crucial in any company that wants to promote and sell its products effectively. In addition to the required skill set of understanding the vertical dynamics, excellent writing skills, and the capacity to build up use cases, webinars, and customer testimonials, a successful Product Marketing professional should possess several other qualities.
For example, a Product Marketing specialist should deeply understand the target market, including the customers' demographics, preferences, and behaviors. This knowledge can help the specialist identify new opportunities for product development and promotion and craft compelling marketing messages that resonate with the target audience.
Another essential quality of a successful Product Marketing professional is the ability to work cross-functionally with other teams, such as Sales, Product Management, Security Researchers, and Engineering. This requires strong communication and collaboration skills and the ability to understand and balance the needs and perspectives of different stakeholders.
Technical Marketing Role
Technical marketing plays a crucial role in the product development process. Its responsibilities include building and designing product demonstrations, organizing webinars, creating engaging YouTube videos, and effectively communicating the product vision and value proposition to the target audience.
Technical marketers also represent the company and its products at trade shows. They can articulate and demonstrate their product's value, expertly answering complex RFPs and assisting sales teams in closing deals. Ultimately, technical marketing is vital to a successful product launch and ongoing marketing efforts, ensuring the product's value is effectively communicated to the target audience.
UX Designer
UX Designers are responsible for ensuring that the product is designed to be easy to use and visually appealing for the end-user. UX Designers are involved in the entire product development process, from initial ideation to final product release. They work closely with the Product Manager, Technical Marketing, and Engineering teams to ensure that the product meets both user needs and technical requirements. They use various tools and techniques to create user-centered designs, such as design thinking, prototyping, and user testing.
The challenge for UX designers in cybersecurity is to dive into the domain. The products Cyber Builders will build in the following years must be more than just a set of histograms and dashboards to count vulnerabilities or assets. It must guide the end user through an improvement process, pushing him to act and improve its security posture or investigate alerts. When interacting with domain experts and security practitioners, UX designers must extract why their requests make sense from a broader set of users and how they should democratize the advanced practices of these elites.
Product Owner Role
The Product Owner is a vital role within a company's engineering team. This person is responsible for creating value by breaking down projects into achievable chunks for the team. To do this effectively, the Product Owner Engineering must deeply understand the overall architecture and ensure that each feature they develop does not break it.
Additionally, the Product Owner Engineering must be able to effectively communicate with team members and stakeholders to ensure that everyone in the engineering team is on the same page and that the product is being developed most efficiently and effectively as possible. They must also be able to adapt to changing circumstances and priorities and adjust their plans when necessary.
The product owner role is a critical component of any successful engineering team, and one must possess diverse skills to excel in this role. Most often, great Product Owners are former software engineers who like to increase their scope, focusing more on the product without losing a deep understanding of the product-building process and technology.
Organizational Charts
Let’s start with the Product Marketing team. The Product Marketing team is an integral part of the company's structure. Its role is to report to either the VP of Sales & Marketing, who oversees Marketing, Events, and Sales, or the Chief Marketing Officer, who oversees Marketing and Communications. The reporting structure may vary depending on the company's organizational structure.
Then Product Managers must report to the Chief Product Officer (CPO), who reports to the CEO. This ensures a clear hierarchy of accountability and responsibility for the product's success. Too often, there are no CPOs, meaning no C-Level executives who own the product vision and participate in the same strategy and business meeting with the Chief Revenue Officer (Sales) and Engineering / CTO.
The chart below gives valuable insights into the company's product management organization chart. It is extensive, and every company does not need such leveled organization.
Product metrics
If you are a leader or interact with a Product person, you should understand their performance metrics. What are the excellent OKRs or KPIs for a product team?
I synthesized my views in the below table.
Metrics - Product Staff
Conclusion
In conclusion, I hope that this information has been helpful for founders and CEOs in the EU, as well as security practitioners, to understand their audience better. It is important to note that cybersecurity practices, like any other practices, will continue to evolve into more of a product. This means it is imperative to stay informed and up to date on the latest developments in the field.
Cyber Builder is here to provide information and resources and to participate in the ongoing conversation about cybersecurity. By working together and sharing knowledge, we can create a safer and more secure digital landscape for everyone.
Don’t hesitate to transfer this email to your friends. :)
If you liked this edition, please click on the little heart. It’ll help me to gauge how much you like (or dislike) what I’m writing:
And finally, remember that I’ll always reply to your emails! If you have a comment or feedback, you can always hit the reply button, and your message will land in my personal inbox.
Have a wonderful day.
Laurent. ❤️
Laurent, I just finished reading your article "Unlocking the Secrets of Cybersecurity" on CyberBuilders, and I must say it is packed with insightful content.
Firstly, I appreciate the book recommendations. I have already read "Escape the Build Trap" and can vouch for its value. "Continuous Discovery Habits" is now on my reading list, thanks to you.
Your emphasis on Product Discovery, promoting a customer-driven approach, as opposed to Product Delivery, is spot on. I share your sentiment on the importance of focusing on outcomes, such as growing the user base, rather than just churning out features.
You very sagely highlighted the need for cybersecurity companies to base decisions on both intuition and evidence, understand security intricately, and articulate values clearly to consumers.
I was particularly drawn to the section on the role of Product Managers. The point that they need to deeply comprehend business objectives, requisite technology, and user interactions, while acting as facilitators rather than experts, resonates deeply.
I found it thought-provoking when you broke down different product roles like product marketing, technical marketing, and Product Owner. It’s something I’m personally experiencing - juggling these roles can be quite the challenge!
Also, your mention of the UX designer’s role in guiding end-users through a process that encourages them to take proactive steps is incredibly important. It underlines the imperative nature of UX in security applications.
The chart you included is eye-opening, and it’s evident that there’s a crucial need to amplify the UX and analytics dimensions.
Your KPI section is commendable, though it’s a gentle reminder that many of us need to steer our efforts from the ‘bad’ side to the ‘good’ side.
In conclusion, CyberBuilders seems like a highly resourceful group, and I’m contemplating joining. Your article is an invaluable resource, and I thank you for the wisdom you’ve imparted.
Keep up the exceptional work!