The difference between building a product and building a company, what would building a company look like, and why it’s important that at least some people in the industry dare to do it
You’ve stated the obvious, eloquently. To add, business , and by extension company building, can be learned. Building products that customers want and love is a craft. It’s something company builders fail at often.
Somewhat biased in favor of certain pockets of current cybersecurity landscape
I think that there are a couple of nuances to this opinion. First, the founder is different from the CEO. Meaning, when starting a business, you need someone who is obsessed with the product and features. Once the product has a defined place in the market or you hit some other milestone, it is time to grow and so having someone who understands hiring, process etc. becomes critical. But that is just for technology startups. Second, there is another business model focused on security services and consulting that is completely different. Generally, people who go out on their own and sell their services also have to wear multiple hats, but I think a CISO is fully prepared for it.
So you are saying that we should build the assembly line, make it function perfectly and then figure out what we want to build on it?!?
Great read. I think it's prudent to understand here that most security founders have technical background and usually see the business side of the world only when they build their own companies. In my personal experience while initially selling my product I realised I myself have little experience of purchasing software products and so it took sometime to understand the buyer's mindset.