Discussing my learnings about PLG in cybersecurity over the past year, reasons why it can be a great way to grow security companies, and how PLG can really hurt and even kill security startups
I tend to think that the "shift-left" trend works well with PLG.
For example, in the world of secret management, Hashicorp's strategy was to offer vault for free (open source), drive adoption by development teams and then once an organisation has adopted vault they would contact the security team and offer them to improve their governance by signing an enterprise contract.
Yep, that said, developers don't typically look for and buy security tools as much as people think they do. Once some practice becomes a standard, they certainly look for ways to do it easily (i.e., secret management) but as of right now, I don't think we've found a good way to get security tools adopted by engineers. (from the limited sample size I've seen). We're trying but not there yet
Excellent read. Ross! As is your book! Shameless plug to my own substack
https://marketingmicrodose.substack.com/p/the-marketing-microdose-a-little-63f
Thanks Steve! Not to mention yours - a great read for anyone interested for PLG https://www.amazon.com/Marketing-Product-Led-Growth-Company-Credibility/dp/1544543085/
Great read, interesting perspective.
I tend to think that the "shift-left" trend works well with PLG.
For example, in the world of secret management, Hashicorp's strategy was to offer vault for free (open source), drive adoption by development teams and then once an organisation has adopted vault they would contact the security team and offer them to improve their governance by signing an enterprise contract.
It seems the challengers in this category are also using PLG: https://www.doppler.com/ & https://aembit.io/
Yep, that said, developers don't typically look for and buy security tools as much as people think they do. Once some practice becomes a standard, they certainly look for ways to do it easily (i.e., secret management) but as of right now, I don't think we've found a good way to get security tools adopted by engineers. (from the limited sample size I've seen). We're trying but not there yet