The difference between building a product and building a company, what would building a company look like, and why it’s important that at least some people in the industry dare to do it
You’ve stated the obvious, eloquently. To add, business , and by extension company building, can be learned. Building products that customers want and love is a craft. It’s something company builders fail at often.
That is a very good point! Building business around the solution to customer problems that customers love might be easier that finding a solution around problems. Or, that could also be an illusion. Look at CrowdStrike as an example: they started as builders of the company, and developed one of the best endpoint solutions in process (not the other way around).
Maybe, although I am not really thinking in terms of current landscape. I spent a lot of my career outside of security (think retail, wholesale, ecommerce, fintech), and I've seen roughly the same trends there. What's more common in security is how niche some of the problems are, and how technical people must be to design good solutions. I've discussed it here before: https://ventureinsecurity.net/p/on-a-hunt-for-successful-cybersecurity
Definitely biased towards product companies; not familiar with services as much.
I think that there are a couple of nuances to this opinion. First, the founder is different from the CEO. Meaning, when starting a business, you need someone who is obsessed with the product and features. Once the product has a defined place in the market or you hit some other milestone, it is time to grow and so having someone who understands hiring, process etc. becomes critical. But that is just for technology startups. Second, there is another business model focused on security services and consulting that is completely different. Generally, people who go out on their own and sell their services also have to wear multiple hats, but I think a CISO is fully prepared for it.
Definitely agree on products vs services side - admittedly, I was mostly thinking about products (although I didn't transparently acknowledge that, so it's a good point). Having said that, if we look at service providers that are known as large, successful companies - it's typically more than "a CISO went out to do their own thing". Think Arctic Wolf, or Mandiant - there is much more thought that went into it from the business side.
On the first part, I'd challenge it. Specifically, that "when starting a business, you need someone who is obsessed with the product and features. Once the product has a defined place in the market or you hit some other milestone, it is time to grow and so having someone who understands hiring, process etc. becomes critical". It is true that sometimes, a founder who struggles to grow with the company may step back & let someone else be in charge. At the same time, let's look at some of the largest public companies in the industry - CrowdStrike, SentinelOne, Zscaler, etc - they are all still run by founders. I think it's critical that these things - systems, processes etc are established as the company grows, and that the person that grows the company is passionate about it. In some cases, - sure, you get follow the Palo Alto path and get a professional CEO, but PANW became a huge player before he was hired.
Basically, yes - there are nuances, but "let a feature-focused founder run a company and then have someone else come in" isn't a recipe to success, IMO (opinions may differ).
To be clear, I am not a fan of a founder being replaced (for some obvious reasons and some non obvious reasons) but a founder skillset does have to grow with the company. That is my point, actually. What you need to be good at early days is not the same as later days. But I still think that the same person can grow and evolve with the company ;)
I am not sure what part of this article have led to this conclusion, but regardless of what the answer is - no, that is not what I am saying.
Markets evolve, and so do customers & their expectations. Good products evolve to match customer needs, and as this evolution progresses - features change so much that the product the company started with doesn't look even similar to what it ends up with. This is the point number one.
Second, there are thousands of teams (and solo technologists) building great projects they are excited about and proud of. What makes some of them succeed? Many things - many more than I can recount in a brief comment. Among those things are the ability to attract talent, the ability to sell, the ability to evangelize the mission, get employees inspired, convince investors to allocate capital, strategically allocate capital, etc. Too many founders assume all they need to do is ship new features & hire more developers to build new features. There are too many great ideas that died because founders never cared about figuring out distribution. Equally many went downhill because they raised too much money and deployed it badly. So no, no " build the assembly line, make it function perfectly and then figure out what we want to build on it" - but much more nuances.
Great read. I think it's prudent to understand here that most security founders have technical background and usually see the business side of the world only when they build their own companies. In my personal experience while initially selling my product I realised I myself have little experience of purchasing software products and so it took sometime to understand the buyer's mindset.
@Ross Haleliuk So much great material here but I think the end hits home the most. Communication, feedback, expectations, and alignment are extraordinarily important for a young fast-growing company.
You can have the best teams and knowledge in your org. But if those teams don’t understand one or more of those four points above - it will hard to succeed.
You’ve stated the obvious, eloquently. To add, business , and by extension company building, can be learned. Building products that customers want and love is a craft. It’s something company builders fail at often.
That is a very good point! Building business around the solution to customer problems that customers love might be easier that finding a solution around problems. Or, that could also be an illusion. Look at CrowdStrike as an example: they started as builders of the company, and developed one of the best endpoint solutions in process (not the other way around).
Somewhat biased in favor of certain pockets of current cybersecurity landscape
Maybe, although I am not really thinking in terms of current landscape. I spent a lot of my career outside of security (think retail, wholesale, ecommerce, fintech), and I've seen roughly the same trends there. What's more common in security is how niche some of the problems are, and how technical people must be to design good solutions. I've discussed it here before: https://ventureinsecurity.net/p/on-a-hunt-for-successful-cybersecurity
Definitely biased towards product companies; not familiar with services as much.
I think that there are a couple of nuances to this opinion. First, the founder is different from the CEO. Meaning, when starting a business, you need someone who is obsessed with the product and features. Once the product has a defined place in the market or you hit some other milestone, it is time to grow and so having someone who understands hiring, process etc. becomes critical. But that is just for technology startups. Second, there is another business model focused on security services and consulting that is completely different. Generally, people who go out on their own and sell their services also have to wear multiple hats, but I think a CISO is fully prepared for it.
Definitely agree on products vs services side - admittedly, I was mostly thinking about products (although I didn't transparently acknowledge that, so it's a good point). Having said that, if we look at service providers that are known as large, successful companies - it's typically more than "a CISO went out to do their own thing". Think Arctic Wolf, or Mandiant - there is much more thought that went into it from the business side.
On the first part, I'd challenge it. Specifically, that "when starting a business, you need someone who is obsessed with the product and features. Once the product has a defined place in the market or you hit some other milestone, it is time to grow and so having someone who understands hiring, process etc. becomes critical". It is true that sometimes, a founder who struggles to grow with the company may step back & let someone else be in charge. At the same time, let's look at some of the largest public companies in the industry - CrowdStrike, SentinelOne, Zscaler, etc - they are all still run by founders. I think it's critical that these things - systems, processes etc are established as the company grows, and that the person that grows the company is passionate about it. In some cases, - sure, you get follow the Palo Alto path and get a professional CEO, but PANW became a huge player before he was hired.
Basically, yes - there are nuances, but "let a feature-focused founder run a company and then have someone else come in" isn't a recipe to success, IMO (opinions may differ).
To be clear, I am not a fan of a founder being replaced (for some obvious reasons and some non obvious reasons) but a founder skillset does have to grow with the company. That is my point, actually. What you need to be good at early days is not the same as later days. But I still think that the same person can grow and evolve with the company ;)
So you are saying that we should build the assembly line, make it function perfectly and then figure out what we want to build on it?!?
I am not sure what part of this article have led to this conclusion, but regardless of what the answer is - no, that is not what I am saying.
Markets evolve, and so do customers & their expectations. Good products evolve to match customer needs, and as this evolution progresses - features change so much that the product the company started with doesn't look even similar to what it ends up with. This is the point number one.
Second, there are thousands of teams (and solo technologists) building great projects they are excited about and proud of. What makes some of them succeed? Many things - many more than I can recount in a brief comment. Among those things are the ability to attract talent, the ability to sell, the ability to evangelize the mission, get employees inspired, convince investors to allocate capital, strategically allocate capital, etc. Too many founders assume all they need to do is ship new features & hire more developers to build new features. There are too many great ideas that died because founders never cared about figuring out distribution. Equally many went downhill because they raised too much money and deployed it badly. So no, no " build the assembly line, make it function perfectly and then figure out what we want to build on it" - but much more nuances.
Great read. I think it's prudent to understand here that most security founders have technical background and usually see the business side of the world only when they build their own companies. In my personal experience while initially selling my product I realised I myself have little experience of purchasing software products and so it took sometime to understand the buyer's mindset.
@Ross Haleliuk So much great material here but I think the end hits home the most. Communication, feedback, expectations, and alignment are extraordinarily important for a young fast-growing company.
You can have the best teams and knowledge in your org. But if those teams don’t understand one or more of those four points above - it will hard to succeed.
You’ve got a new subscriber!
Indeed, thanks Chris!