Re: "Market Failures"

[Haroon Meer via Dailydave <dailydave () lists aitelfoundation org>]

Heya(s)

I knew if i did this long enough, i'd find a discussion where i disagreed
with Halvar..

On Wed, Aug 24, 2022 at 23:48:17, Thomas Dullien <
dailydave () lists aitelfoundation org> wrote:

> Dave's last paragraph hits on something that I have repeated to startup
> founders and other folks in security for the last few years.

We've been talking about the market-failure in infosec for a while. If
anyone is bored, we once gave an entire talk titled "The products we
deserve"  which some smart people said doesn't suck (
https://youtu.be/GHuQC1qLnJ4)

When I started optimyze, a lot of my acquaintances asked me: "Why not a
> security company?". And my reply was always a variant of the following:
> ...
> 3. Everything else. This is the category where your success will largely
> be driven by your sales org, as the economics of your product are not
> clear-cut. The quality of your engineering, or whether your product
> measurably works, is secondary here
> Security usually falls into category 3. So as a technical startup founder
> that is not good at building sales orgs, you're probably well-advised to
> stay away from security products, unless you somehow managed to find a way
> to be in (1) or (2). This is also a good explanation why RSA looks the way
> it does.

I deeply believe this is changing. That it is increasingly possible to
focus on your product/customer and win (without a huge sales org).

Some people thought that the "products we deserve" talk was a gloomy one
(because it spoke about things broken in the sec product market) but i
genuinely saw it as hopeful because we are seeing signs of it changing.

One of the frustrating things about the old-model, is how many of the
stupid practices are self-reinforcing.
- Companies do gimmicky booths and hand out cheap swag
- Smart customers have low expectations and avoid the showroom floor
(leaving ppl on the floor who just want to be entertained/care more about a
$50 starbucks card)
- The way to get those ppls attention is more gimmicks and less deep
discussions..
(rinse - repeat).

With booths specifically (for example), we've found huge value in showing
up with our engineers and support folks. People drop by and get to have
real, meaningful discussions.. We get to meet customers and hear success
stories which really charges up everyone and reminds us why we do what we
do.. Young-me hates it, but current-me has to admit that RSAC/booths work
amazingly well for us..  (longer post on booths here
https://blog.thinkst.com/p/we-found-expo-incredibly-worthwhile.html)

When we started having some commercial success with Canary, people often
remarked that it was cool but wouldn't scale. This response kinda changed
when we passed the $11m ARR mark with no outbound sales-team. (
https://blog.thinkst.com/2021/03/we-bootstrapped-to-11-million-in-arr.html)

We are comfortably past that now and still invest almost nothing in
outbound sales. A bunch of customers pay us hundreds of thousands of
dollars annually without ever having seen us in person or had a
sales-person try to upsell them.

Most of us wished the market would embrace this but most companies along
the way are convinced they have to do it the other way…

While focusing on the gimmicks, the coin-operated sales teams, the
president-clubs, the analysts and the airport ads, many companies stop
focusing on the product (and the annoying cycle repeats)... but… i'm
totally convinced there is another way (and for the most part, over the
past few years we see empirical proof that it can be done).

I'm totally convinced we can focus on the product/customer and win without
the historic vendor shenanigans in a way that wasn't possible before..

/mh

Ps. Dug Song often comments on spotting CEOs who can demo their company
product. For a long time the big infosec product companies were led by
sales/finance folks who efficiently allocated capital… One of the things i
loved most about the Steve Jobs/Apple era, was that he showed that the CEO
of a trillion dollar company could absolutely still be involved with
product details/decisions..

Haroon Meer | Thinkst Applied Research
http://thinkst.com/pgp/haroon.txt
Tel: +27 83 786 6637

_______________________________________________
Dailydave mailing list -- dailydave () lists aitelfoundation org
To unsubscribe send an email to dailydave-leave () lists aitelfoundation org