Shortening Time to Value for PLG cybersecurity startups: a founder’s guide
Talking about ways to achieve explosive growth, increase adoption, and reduce churn by improving onboarding and getting people to “wow” quicker.
Welcome to Venture in Security! Before we begin, do me a favor and make sure you hit the “Subscribe” button. Subscriptions let me know that you care and keep me motivated to write more. Thanks folks!
Thanks for supporting Venture in Security!
☝️ The quicker people can realize the value of your product, the more likely they will adopt it
💰 To increase the likelihood that people will try your product, be transparent about your pricing and product functionality, build trust by leveraging social proof, make it easy to get help, and make a free tier or a free trial available
🏝️ To make it easy to get started, offer a self-serve onboarding, ask for as little information as possible during account creation, don’t ask for payment details, and make it clear that hard decisions can be changed later
🎯 To make it easy to see the value your product offers quickly, focus on getting the user to complete a key action, avoid dropping people into the blank product experience, leverage “templates” and demo content, offer help with onboarding, personalize onboarding communications, and offer superior customer support
The concept of Time to Value and its significance for product-led growth
Product-led growth enables companies to scale adoption quickly and inexpensively by designing a journey where people can experience the product’s core value proposition, which should then make it easy for them to up their usage.
The amount of time it takes for a user to realize and experience the value a product offers, and the benefit of using it, is what’s referred to as Time to Value (TTV). The exact Time to Value will differ based on the market segment and the product. Some cybersecurity products such as Security Scorecard can offer an almost immediate TTV; Security Scorecard provides an Instant Report and Security Rating after you enter the email, first & last name, and the country. Others like LimaCharlie require users to configure a sensor before they can see the value the product offers.
People want to see the confirmation that your product solves their problem before they commit to using it. In the B2B space, someone generally acts as a champion of the new product, and they are expected to build a solid business case in support of their arguments.
The less time it takes for the user to realize the value of your product, the more likely they will adopt it and the less likely they will churn. Therefore, shorter time to value leads to increased revenue, word of mouth referrals, and lower churn. Here are some examples illustrating how this could look like:
Imagine there is a technical user that discovers and gets started with your PLG cybersecurity product. This person becomes an internal champion pitching your product to management and trying to convince them to get it adopted. If it takes months for them to realize the value of your offering, by the time the technical champion can make a compelling business case, they could have found and adopted a competitive solution or moved to another company altogether without having experienced what you promised.
If your product offers a 14-day free trial but it takes a month for the user to realize the value of the product, they will likely not develop enough conviction in time to adopt it.
To calculate Time To Value (TTV), first, identify the key activation event that makes your customers realize the “Aha!” moment, and then calculate the average number of hours or days it takes for the user to reach this event.
Time to Value in cybersecurity
Cybersecurity products are notorious for having a very long time to value. This is because historically, most (if not all) products in the space would fall into one of the three buckets:
Sales-led, B2B enterprise-focused tools. Companies in this category would require several demos, sales calls, and pre-qualifications before access to the tool can be granted. Then, after the sale was closed, an onboarding/setup would need to be completed (often with a white-glove service) before the user would see the value of the product. Since licenses would be purchased in advance and contracts were signed for a few years, time to value was less critical and people would endure this experience without churning (abandoning the tool).
Marketing-led, B2C tools. Companies in this category would employ fear-based marketing techniques to sell a “sense of security”. While a person would not necessarily be able to realize the product value right away, strong marketing would convince them that the tool keeps them safe. Similar to the previous category, licenses would often be purchased in advance and commitments were made for a year or more making the TTV less critical.
Open-source tools. Unlike the previous category, products that can be categorized under this bucket, have been open, transparent, and accessible. However, often time-consuming manual deployment/setup/configuration would be required before the value of the product can be realized.
This, however, has been changing in the past few years with the widespread adoption of SaaS and the product-led approach. Now more than ever, people and companies are not willing to wait for months before they can start seeing returns on their investment.
The number of vendors in the space, marketing fluff, and the reliance on expert recommendations made most cybersecurity buyers cynical and critical when evaluating new tools. One of the best ways to break through this cynicism is to show that they can accomplish in five minutes what it used to take them a few weeks. Short Time to Value is a powerful argument for people to spend more time exploring and further evaluating your product.
Shortening Time to Value for cybersecurity startups
In this section, I will discuss steps cybersecurity companies can take to shorten the time it takes users to get to the “Aha!” moment. I will primarily be using the examples from LimaCharlie — a product I am currently leading.
When I think about shortening the Time to Value, I think about three interconnected components:
Make it more likely that people will try your product
Make it easy to get started
Make it easy to see the value your product offers quickly
Let’s walk through each of these components.
Make it more likely that people will try your product
Reduce friction and build trust with transparency
While the most obvious area to focus on when it comes to TTV is the onboarding experience, it all starts long before onboarding. To make it easy for the prospect to take action, you will want to eliminate fear and ambiguity by being transparent about your product, including its functionality and pricing. The easiest way to expose the functionality is to make technical and support documentation easily accessible from your homepage. In the same way, to eliminate ambiguity about pricing, you will want to, well, make it visible.
I am going to assume that you are a founder of the product-led company, so you don’t need an explanation of why self-serve and transparent pricing is beneficial. Instead, I want to highlight something I have seen a few PLG companies in cybersecurity do that may not be the best idea. I am talking about not listing pricing on the marketing website but making it available inside the product. While I can understand the appeal behind it, it defeats the whole notion of transparency and prevents some customers from signing up and trying the product.
Almost as important as transparency is making sure that users get a consistent experience no matter the communication channel — in-app, email, marketing website, or help center. It should all feel complimentary and aligned with the core message, as opposed to being fragmented and contradicting one another.
Show that there are people who trust you
You will want to provide social proof to show people that others trust your product. Ask yourself when was the last time you went to a restaurant with zero reviews online? For me, it was a long time ago. In the age of Internet, we want to be sure that others have experienced your offering and were satisfied by it. If you don’t yet have paying customers — ask a few industry leaders to review your product or talk about your vision.
Lastly, try to get some media to feature what you do and use press as a proxy for social proof.
Make it easy to get help
One of the questions that sit at the back of our minds when we want to try something new is a question about available support. “If I run into a challenge or have a question, will there be anyone I can turn to for support?”. You want to be very upfront about the kind of support available and ways to access it. An Intercom chat window and a link to the help center will usually do the trick.
There are many more steps you can take to increase the chances that people will try your product: A/B testing your marketing copy, making sure there is always one call to action leading people to take the action you want them to take, etc. While all of these are about conversion optimization and do not directly relate to PLG, unless you have people signing up for your product, Time to Value will matter very little.
Make it easy to experience value for free
No matter what your pricing model is, you will want to ensure that the full value of your product can be experienced for free. In other words, a customer should not have to start paying before they can get to the “Aha!” moment. While this may sound obvious, I have seen several products in the space that require upgrading to a paid/higher tier before a customer can try the thing that makes this product stand out from the competition.
Make it easy to get started
To make it easy to get started, you will want to relentlessly optimize your onboarding experience. If a customer needs to hire an external consultant or go through ten pages of support documentation to get started with your product — you simply cannot call it product-led (and they will likely abandon your tool before finishing the sign up).
Onboarding is a critical step as this is the first time the user faces the reality after having familiarized themselves with the promises you make on the marketing website, blogs, and social media. You want this experience to be a “wow”, not a path of disillusionment.
Design automated, self-serve onboarding
It’s possible to hire a large customer success team and have them personalize the onboarding experience for every new user that signs up, but it’s much more scalable to design automated, self-serve onboarding users can go through without extra work.
Do not introduce unnecessary restrictions
Do not introduce unnecessary restrictions at the sign up step, except for those required to combat spam and abuse. There should be no reason to require that people use their corporate emails, validate their legal names, wait for manual approval before they can proceed with the account, attend a demo, or similar. You want to make it as easy as possible for anyone to get started — that’s the premise of being a product-led company.
Product-led growth relies on the ability of people to get started with the product or try it without ever contacting a human.
Ask the minimum amount of information that allows you to provide value
Even among the cybersecurity startups that attempt to become more product-led, it’s incredibly common to see signup forms that look like an application for a tourist visa to a country with strict immigration laws. You see companies asking for everything under the sun:
First and last name
Country of residence
Number of employees
Full company address
This list can go on and on, and I personally have seen each of the above asks at least once. Whenever I run into something like this, I can be 100% sure that either this company is sales-led, even if I can openly access their product, or their product managers put the stakeholder’s requests above customer experience.
When designing the onboarding experience, always put the customer first. It’s not about you and what your sales team asked for — it’s about them. If you want to decrease the time it takes for people to realize the value you offer, you will want to strip any onboarding question that does not directly benefit the customer. Does knowing the company address allow you to serve this particular user better? If not, you don’t need it. Does knowing the user’s phone allow you to serve this particular user better? If not, remove that question. There should be no reason for you to ask for their last name during onboarding into a cybersecurity tool, nor do you need to know the number of employees in their company. Your sales team can simply look at the user’s email domain (assuming the customer chooses to use their company email) and quickly look up the headcount on LinkedIn. If the user registered with @gmail.com instead — it probably means they don’t want you to look them up. Respect that.
When you focus on providing value to the user, you will only ask what is beneficial for them. For example, in LimaCharlie we have a simple three-question signup flow which then enables us to send customized onboarding email campaigns so that we only share what’s most relevant for that particular user.
The side effect of this mindset will be increased conversion (try to A/B test just how many people choose not to register for your product when asked for 15 pieces of info they would rather not share).
Don’t ask for payment details
Imagine you walk into a car salon and at the entrance they ask you to enter your credit card, “just in case, so that it’s easier to pay later”. I bet you would turn to the exit immediately.
Asking for credit card information at signup is an unnecessary burden that will drastically reduce the number of new users. A person creating the account does not yet know what your product does, how it works, and whether it solves their problem, so asking them for their financial details before they have a chance to answer these questions will only lead to bad results.
Reduce the fear of making an irreversible mistake
When somebody creates an account with your product, they likely have little information about the consequences of their choices. Simple decisions make us scared: “What if I break it? What if I choose an option that is not suitable for my use case, and lose the ability to change it later?” During the onboarding, we need extra guidance and attention even about the simplest decisions.
Reduce the fear of making an irreversible mistake by being very explicit about what decisions are irreversible vs what can be easily changed later. Simple user experience, clutter-free design, and things like tooltips can do the trick here.
For example, at LimaCharlie we offer the ability to create a pre-configured tenant by leveraging our infrastructure as code functionality (we call it “templates”). Since that concept is new to many of our users, we are very explicit that they can change their choice of a “template” at any point after they sign up. At the same time, the choice of data residency region is irreversible.
Enable them to see the value of your product quickly
It’s very unlikely that creating an account alone is enough to get people to see the value of your product. There are several steps you can take to make it easier for people to get to the “Aha!” moment.
Get them to complete the most important (key) action
Every product has a key action required for it to start being useful. For Facebook, it’s connecting with a few friends. For Asana, it’s creating the project with a few tasks. For an antivirus, it’s the installation on the endpoint. For us at LimaCharlie, it’s the installation of a sensor that brings the telemetry from any source (endpoint, network, cloud, external logs, browser, etc.). While LimaCharlie enables security teams to get the security capabilities they need, for however long they need them, and pay only for what they use, nothing of value is really possible before a new user connects at least one sensor.
I believe the key action should be a part of the onboarding experience. A user can be allowed to skip it, but it’s too risky to drop a person into the new product and let their minds wander instead of getting them to take that one action that truly matters. This is why project & task creation are a part of the onboarding when you join Asana. And, this is also why deploying a sensor is a part of onboarding when new users get started with LimaCharlie. While we allow them to skip this step & do it later, we do what we can to get them to complete this step as early in their journey as possible.
Depending on your product, typically cybersecurity products would need a combination of the following:
Some form of technical configuration
Integration with the customer’s environment and existing tools
Getting the customer’s data flow into your tool
Activation checklists can be helpful to make sure people go through all the necessary steps at onboarding. You have likely seen it before (think back to products showing that “you are 67% done with the onboarding — here are the tasks left to complete to get to 100%”).
Keep in mind that while you want users to be set up to fully benefit from your product when it comes to onboarding, less is more so avoid creating long onboarding flows. Focus them around one key action required for them to get up and running, and make the rest available in tutorials.
Design a repository of product knowledge
To make it easy for new users to get started with the product, you want to design an easily accessible repository of the product knowledge. This may include:
Frequently asked questions
Courses & Educational videos
Making it easy for people to answer questions and learn about the product functionality increases the chances they will adopt your solution and realize the value it offers. The self-serve nature of these materials makes it possible to scale and onboard more new users without incurring higher expenses of customer service.
Provide superior customer support
While providing onboarding guides, documentation, in-app tutorials, and educational resources will help immensely, there will be cases when people need more hands-on help. Invest in providing excellent customer support. You want to be known as a customer-obsessed company that is always there for your users, helping them overcome any obstacles and get to value as quickly as possible.
Whatever support channel you choose (chat, email, Slack, or similar), it’s important that you can respond as quickly as possible. The customer should never have to submit a support ticket and wait for a week before their problem gets looked at, and another month before it’s resolved.
Offering personalized, one on one support makes the onboarding quicker, especially in cybersecurity where people do not often feel comfortable asking questions in a public forum such as Slack.
Complement the self-onboarding with hands-on support
While you should strive to design a fully self-serve onboarding experience, there are cases when you will want to complement it with a white glove, hands-on support. This happens when a product requires complex integrations with other tools, custom configurations, or when getting a large customer set up quickly is important for the company’s strategic goals.
Hands-on, concierge onboarding is expensive and is hard to scale as your company moves past the early stage. You want to be strategic about how you spend your effort, so after each concierge hands-on experience, keep adding to the onboarding knowledge repository as well as automating parts that can be streamlined so that fewer users will have to rely on you for setup.
Keep onboarding emails focused & personalized
Educate your customers by sending them custom onboarding emails designed to move them closer to experiencing the product value.
In the first email, welcome them to the product and provide the information they absolutely need to know to get started, along with links to relevant resources if they want to learn more (help center, frequently asked questions, technical documentation, or similar). In a sequence that follows, encourage them to complete the steps required to get the full value of the product.
Automated email campaigns are a great way to make it easier for users to discover the parts of the product they would otherwise miss, and to guide people to go through the steps you want them to go through. Additionally, they help bring users back into the app so that they can keep exploring.
Avoid dropping people into a blank product experience
This can be a complex one to explain as each product is different. Let me use the example of our product to make it easier to grasp.
At LimaCharlie, we build security infrastructure as a service. As an infrastructure provider, we run into a unique challenge: by definition, security infrastructure is un-opinionated and fully configurable based on the customer’s needs. We don’t do anything for the customer, and instead, offer them the ability to choose what they want to happen in their tenant.
Now imagine you walk into a clothing store and see that all shelves and hangers are empty. You suspect that there might be some clothes in the storage but it’s not visible so no way to be sure. Not a great shopping experience, if you ask me. Now imagine an employee walks to you and says “we have anything you need — let me know what you would like to try and I will bring that from the storage room, or you can follow me to that room if you prefer”. Still not ideal but at least there is now a chance you will stay and find the pants you wanted.
To make sure we don’t offer a similar experience with our product, we do two things:
Offer users the ability to get started with an empty tenant, or choose one of the pre-configurations (“templates”) instead, and
Make it easy to discover available functionality within the product after they have created an account.
Your product may work differently, so this principle may or may not be applicable, but whatever you do, don’t bring users into an empty store (or at least offer them guidance so they don’t run out straight away). Offering pre-set configurations like what we do at LimaCharlie or sample implementations like what Tines does with its product are some of the examples to inspire your ideation.
Gradually introduce users to new features
Instead of unleashing a ton of information about all your great features and capabilities, introduce new people to your product gradually, step by step. It helps to define milestones reflecting different levels of the product adoption, and start by introducing features that are both core to their experience, and simple to get started with. Only after the user is comfortable and ready to explore more, you can move forward with less critical or more complex functionality that helps them realize the value of your product.
Make sure you focus on the parts of the product that are valuable for the user, not on the features you feel passionate about because you’ve just launched them and want people to check them out. Put the customer front and center of your in-app onboarding, email communications, and the overall product experience. It’s about them, not about you.
Use demo content
Some products require users to configure something or generate their own data for them to experience the product value. A way around it is pre-configuring some demo content which makes it easy for people to start exploring their product before they complete the setup or bring their data. This approach can work particularly well in cybersecurity where people do not always feel confident or even have the ability to share their production data with the new vendor.
At LimaCharlie, we don’t use demo content in the product itself but we have links to a sample detection and response repository which gives people the ability to see how detection and response rules are structured in our product.
An example of a cybersecurity product that uses demo content is Tines — a product-led security automation and orchestration platform. When a new user creates an account, they get a pre-configured sample workflow set up in their account that they can view, test, and tinker with when they are exploring the product functionality and looking to create their own.
Going beyond signup & onboarding
Replace empty states with useful instructions
There are times when a user lands on the screen and it’s not clear what actions they can take to get started with a new feature. This causes them to either navigate away or get frustrated instead of getting the value from your product.
To prevent that from happening, replace empty states with content that helps them to get started with the new functionality quicker, thereby reducing the time to value and improving new feature adoption.
Make it easy to upgrade
When a user has realized the value of their product, make it easy for them to upgrade and/or increase their usage. I have seen a number of PLG companies that offer a free trial (limited time for free) or a free tier (limited set of features for free) but do not have an easy way to upgrade instead requiring to contact their sales team. While combining the bottom-up PLG adoption motion with the top-down sales motion can be a powerful way for cybersecurity startups to acquire customers and increase revenue, there might not be as much value in delaying or making it harder for someone to enter their credit card details and start paying.
It may be a good idea to make the free to paid conversion point as easy and painless as possible while creating the opportunity for your sales team to offer additional solutions that can also be a fit for the customer.
Measure and learn
To make data-informed decisions, you want to ensure that you have full visibility into your product onboarding as well as the whole customer journey. To see where people get stuck, identify drop-off points and continuously shorten the time it takes for customers to get to the “Aha!” moment, make sure to track the customer behavior in your product.
Tracking the onboarding flow is not sufficient. You want to closely monitor the usage of different features (especially those that are core to your product’s value proposition) to uncover gaps in the experience, improve discoverability, and ultimately increase usage.
As for measuring the Time to Value itself, there are multiple metrics you will want to pay attention to:
Onboarding — the amount of time it takes for the user to be ready to start using the product. This includes the setup and configuration necessary for the product to be useful.
Free to paid upgrade — the amount of time it takes for the user to upgrade to the paid version of the product. Before deciding to pay more they would have experienced the value of the product.
Lastly, it can be a good idea to conduct onboarding surveys gathering feedback from people who have recently become your customers and went through the onboarding experience.
Design the sales motion to support PLG, not replace it
There is a myth that being product-led means you don’t need salespeople. This is not at all true as depending on the industry and the product, the sales team can be an important component of the PLG strategy: while people should be able to self-serve and use the product without ever interacting with a human, there is value in complementing the bottom-up adoption with the top-down sales motion.
Imagine the situation where an individual contributor from company A found your product, created an account, and got to a “wow” moment which convinced them there is a great fit. Should they go ahead, put in their credit card, and start paying? It would be fantastic if they could, but in real life, this isn’t how it often works. This person now has to convince their boss (and sometimes the boss of their boss) that the new product is worth adopting, that it will positively impact the company’s security posture, and that return on investment (ROI) makes sense. It works well if they can book a demo, invite the decision-makers from their side, and have someone with sales experience to guide the process. While this individual contributor can act as an inside champion, having a sales demo focused on business value, ROI, support, scale pricing, and similar is invaluable.
In the ideal world, you want to target individual contributors that are the decision-makers themselves. This move of the decision-making power to those doing the work has been strong in other sectors like software development (hence the success of companies like Twilio, Segment, and Auth0), but it is still at the rudimentary stages in other sectors like security, and rightly so. If you are selling to security teams, the final decision will likely be made by a committee as it is too impactful for the organization to be delegated to any one individual contributor.
The sales motion in a PLG company must be designed to complement product-led growth, not replace it. You don’t want to shift gears and become sales-led simply because you’ve built a sales team. Hire the right leaders who will build the sales function tailored to your go-to-market strategy, not those coming from the perspective of “we will do what worked for me at my last company”.
Whether or not you have a sales team, the customer should always remain at the center of your efforts, and whatever you do, should be focused on providing value.
Prioritize iterative improvements & avoid shipping half-baked features
When you spend tens of hours every week navigating your own product, it’s hard to put yourself in the shoes of a customer who is using it for the first time. While analytics can help shed light on some blind spots, nothing can replace the in-person user testing where you put your product in the hands of the people who have never used it before, and ask them to complete specific steps.
The culture of frequent iteration and shipping minimum viable products (MVP) is often misunderstood and misinterpreted to mean releasing half-baked, poorly designed solutions. This is a mistake as customers expect products to work as intended, to be easy, simple, predictable, reliable, and consistent. MVPs should be able to offer something valuable to the customers, so they need to be well designed and thoroughly tested.
While it’s tempting to focus exclusively on shipping big features with potentially large impacts on customers, it can be equally (and sometimes even more) impactful to prioritize small enhancements and user experience improvements. If people continuously run into tiny blockers and suboptimal experiences (unclear errors, confusing navigation, poor feedback, or similar), they will likely lose patience and abandon the product altogether instead of enduring pain in a hope of a bigger payoff.
Product-led onboarding is both an art and a science that takes practice to master. In this article, I summarized several steps that cybersecurity startups can take to shorten the time it takes new users to realize the value of the product, thereby increasing adoption and reducing churn. Treat this as a starting point, not as an all-encompassing checklist.
Short time to value isn’t common in cybersecurity, so it has been a great advantage for our product at LimaCharlie. In under 5 minutes, a new user can start receiving real-time telemetry, detections, and automate processes, to name a few.
For those looking for a deep dive on onboarding, I would highly recommend the Product-Led Onboarding™ if you want a deeper dive, or this short excerpt based on the same book if you are looking for the steps you can take immediately.