In today's episode, Andrew dives into the first inhibitor to growth in the cybersecurity marketplace: playing it too safe. With over 3,400 vendors competing for attention, many companies are falling into the trap of blending in rather than standing out. But fear not, Andrew has gathered insights from interviews and consulting work to share the innovative approaches that can set companies apart. From bold messaging to daring marketing campaigns, Andrew explores how cybersecurity startups can break free from the generic and mundane and make a lasting impact. Tune in as Andrew shares inspiring examples and challenges leaders and founders to question their approach, with the hope of igniting a spark of boldness in the industry. So grab your headphones and get ready to learn from the best in the business on the Cybersecurity Startup Revenue Podcast!
Andrew Monaghan on Linkedin
Follow me on LinkedIn for regular posts about growing your cybersecurity startup
Want to grow your revenue faster? Check out my consulting and training
Need ideas about how to grow your pipeline? Sign up for my newsletter.
In today's episode, Andrew dives into the first inhibitor to growth in the cybersecurity marketplace: playing it too safe. With over 3,400 vendors competing for attention, many companies are falling into the trap of blending in rather than standing out. But fear not, Andrew has gathered insights from interviews and consulting work to share the innovative approaches that can set companies apart. From bold messaging to daring marketing campaigns, Andrew explores how cybersecurity startups can break free from the generic and mundane and make a lasting impact. Tune in as Andrew shares inspiring examples and challenges leaders and founders to question their approach, with the hope of igniting a spark of boldness in the industry. So grab your headphones and get ready to learn from the best in the business on the Cybersecurity Startup Revenue Podcast!
Andrew Monaghan on Linkedin
Follow me on LinkedIn for regular posts about growing your cybersecurity startup
Want to grow your revenue faster? Check out my consulting and training
Need ideas about how to grow your pipeline? Sign up for my newsletter.
Andrew Monaghan [00:00:10]:
Welcome to the Cybersecurity Startup Revenue Podcast, where we help cybersecurity companies grow revenue faster. I am your host, Andrew Monaghan, and today we have a solo episode where we talk about one of the five inhibitors to startup growth. So through the podcast and all the interviews I've done with CEOs and CROs, and also through my consulting work where I work with early-stage companies, I get to observe what people are doing, and what they're not doing. Some things are doing well, some things are not doing so well. And based on a bunch of observations and findings, I put together a briefing for leaders at startup cybersecurity companies about the five inhibitors to their growth in general in the marketplace. So I thought what I would do on this episode is talk about one of them. The first one I talk about in the briefing and take you through the observation I've had and then also show you some companies that are trying not to have one of these inhibitors in place. The one I want to talk about today is what I'm terming companies playing it too safe.
Andrew Monaghan [00:01:16]:
So the background to this is if you go and look at the MarketScape for cybersecurity and MarketScape, I mean that diagram, that slides you see where it's just logos crammed onto the page and into different boxes on the page to try and group them together to try and make sense of all the different companies in cybersecurity. And right now there are over 3,400 vendors alone in cybersecurity, not including integrators and resellers and things like that, all trying to eke out their space. And it makes a very noisy world. So when we're trying to get attention, trying to get out there, trying to get people to notice us, often what happens is we're not doing enough to try and be noticed. And what I'm terming is that people are playing it too safe. What I see, and I saw black hat last week, and I think there's a prime example of this, is there are lots of vendors of black hat, I don't know how many, it looks like a few hundred. And what you do as you walk around, as I did, is you start seeing all the messaging being bland and blending together. It's almost as if some companies are using all the same buzzwords but in slightly different order.
Andrew Monaghan [00:02:29]:
They might have slightly different color booths, but more muted colors are generally the norm. And it's a well-worn path, right as you're coming out of stealth and you're trying to get there, get the first real live paying customers, and get beyond that into Series A, Series B. It's a well-worn path about how you do that and the messaging that you have and things like that. And you see value props out there. You see benefit-laden messaging, which is good. You also see a bunch of buzzwords out there, which is not so good, but it's all about them it's all about the product. We do this and value statements around it. It's just all the same sort of stuff, but just a slightly different order.
Andrew Monaghan [00:03:08]:
And often what I see when you look at the companies that are out there is they get quickly oriented around just their product, what the product does, very factually, logically, this is what the product does. And they start thinking a little bit small as well. They get focused on their little niche and the stage they're at and the things they can do right now and things like that. So I see this kind of general blending together of all sorts of different areas and then people sort of get very focused, very niche in what they do, very feature orientated when they're trying to get noticed out there. And I was lucky enough to have breakfast last week with my good friend Jerry Clayton, and he had a great observation, which now, in the past it almost seemed there was a Venn diagram of overlapping circles in cybersecurity of all different markets. And now it's almost like one big circle, right? Everyone's just in one big circle. And what we claim to do and what we do and all the rest of it just merges all together. And that's a challenging environment when you're trying to be noticed, right? And despite that, what I don't see too much of is companies trying to be bold or trying to do things differently.
Andrew Monaghan [00:04:18]:
And that results in most buyers not even knowing who you are. And I bet you there were companies, and individuals, walking the floor at Black Cat last week talking to some different booths about stuff. And if you asked them half an hour later what a company did or whatever, they probably couldn't tell you. They would have forgotten by that point, which is a shame because we're putting a lot of work into this, right? There's a lot of heartache and brains and real hard work going into trying to pull off some startups. It's a shame that it's being scuppered a little bit by messaging and things like that, which is bland and not differentiated. So what I believe, truly, is that every submarket in cybersecurity is crying out for someone to go out there, grab hold of it, do something different, say something different, tackle it from a different angle, and be loud and bold to get the attention and get the mind share of prospects to say, that's a company that I should go and listen to. So I'm going to give you five examples here of companies that I think are doing this or have done this in the past. I've got a couple of examples.
Andrew Monaghan [00:05:26]:
Well, two or three are actually from the past, and two or three are from right now. So the first one is right-hand cybersecurity. The Nasser is the CEO there and they're in the employee education space, security awareness training, a space which historically has been really bland. A lot of click-through stuff that is just mind-numbly boring, and no one really learns anything at all. It's just a case of clicking through some exercises to get through some compliance checks. Whereas what Right Hand is doing is approaching this a little bit differently. And in fact, what they did recently is they came out with a series of very quick videos describing well, it doesn't even describe what right-hand does. It's hard to explain, but there are two people, the husband at home and the wife at home.
Andrew Monaghan [00:06:11]:
And the husband is kind of going through the checkbox exercise and the wife is finding out that the didn't actually complete the whole task, but it was just a checkbox. So I encourage you in the show notes, I'll link this out. Go and look at what Right Hand has done with these adverts, right? There's just real thought going into them. It tackles the whole idea that security awareness training is just a checkbox in a humorous way that stands out as different. It's got colors that are coordinated and it's rememberable and they've really gone to the effort to make something different to how others are doing, trying to stand out in the awareness training space. So go look at what Right Hand is doing. Another one actually, I just released an episode last week, I forget what number is, probably number 222 or something like that with David Klein from Kentic. And for those that didn't listen to that episode, let me quickly summarize.
Andrew Monaghan [00:07:05]:
Kentic is in the network observability space. They're breaking into the enterprise market. It's not a pure-play cybersecurity company, although they do have some links into cyber just because of the observability they provide. But what they did is if you look at their YouTube channel, most of their videos get 100 to 150 views except for two. One has 26,000 views and one has 46,000 views. The 26,000 view one is where they describe the company Kentik in the form of a perfume advert. And the perfume is called Kentik. And I highly encourage you to go listen to it, and watch it, it's on YouTube.
Andrew Monaghan [00:07:45]:
It's just awesome, right? And there's a very different way to tackle how we describe what we do in a way that's not boring, that people might actually pay attention to. And the other video I talked about, the 46,000 views was Kentuck described as if it was a 1990s infomercial. Just hilarious, right? The wait, there's more and things like that. It's just really well done. And you can see just intuition will tell you, but the numbers don't lie. You go from an average of 100 views to 26,040 6000 people are paying attention, right? It's getting the attention that they're looking to try and get. So they're doing things a little bit differently. Another example I'll give you is Aqua security.
Andrew Monaghan [00:08:28]:
Slightly different in this one, right? The cloud security space is getting busier by the day as more entrants come in. There's a couple of acquisitions recently, so maybe some will slide out, but in general, there are more people there. Aqua has written on its homepage, we stop attacks on cloud-native applications. We guarantee it. And it's the we guarantee it. That's interesting, right? Because if you've been in cybersecurity for any length of time, anytime someone says you guarantee it, you go, oh yeah, how are you going to do that, right? What do you mean guarantee it? Right? It's one of these kind of pattern interrupt things that you go, well, that's a bold claim. I want to know why they guarantee it or how they guarantee it or what are they doing that they can guarantee it. It's probably polarizing.
Andrew Monaghan [00:09:15]:
I'd love to understand from their perspective how it's worked out for them. It's been on their web page for many, many months. So I imagine they've tested this out to say it's working for the. You're going to have those that are switched off by it immediately, right? Here's another vendor making claims they can't back up, blah, blah, blah, blah, blah, right? And maybe those people will never be your customer anyway, and there's going to be those that go, oh, that's interesting, I want to know more about that, right? And it might lodge in your brain to say aqua, oh, those are those guys that guarantee something, right? I want to know more about that. I want to know more about how they do cloud security, right? So they're using that bold claim as the pattern interrupt to try and get some attention that perhaps they wouldn't get if he just said, we stop attacks on cloud-native applications. I guess it explains what they do, but so what, right? Doesn't really capture my imagination or attention too much. It's that we guarantee it, which is the thing that does that. Another example going back a year or two was Silence.
Andrew Monaghan [00:10:15]:
So going back, I don't know, must be eight years now, maybe a bit more as the kind of next-generation anti-malware endpoint companies were coming into play, silence had to eke out their share, right? They're one of the leaders for sure, but they wanted to make sure that people paid attention, they could see the value, what they're doing, and how it was different. And what they created was what was termed the unbelievable demo. And basically, the idea was to bring your own malware, bring your own dream it up last night in your lab, write it up, create it, the whole thing packaged up, bring it in a thumb drive, and plug it into our laptop running Silence, and we'll see if we stop it, right? Again, very bold, right? And I don't know if they ever had anyone that they didn't catch or what, but just the fact that they're doing it is interesting. That's a bold claim in cybersecurity to say, we don't need to know what you have, just bring it and we'll see if we can catch it. And I think it must have worked pretty well because a couple of things, a couple of data points, they actually went on tour with it. They were running workshops around the country, around the world, in, I don't know, probably 20, 15, 16, something like that, where they would go and do the unbelievable tour, they called it, right? So they were getting attention and getting people to come to events in each of the cities they went to. And I remember personally one time, I was at RSA that year. I'm pretty sure it was RSA and the usual thing, every booth has 1015, five, whatever, as people kind of gathered around it, except for silence, where they looked like they had like 100 people.
Andrew Monaghan [00:11:45]:
And they were all waiting to see, as Malware was getting plugged into the laptop, what was going to happen and how it was stopping it and the whole thing. So they were getting their unfair share of attention by creating the unbelievable demo. I'll give you one more example, not from Cybersecurity, but going back many years. So Ruby on Rails was released as a programming language, I believe, in 2004, 2005, or something like that. And rather than just shove it out there and see what happens or do a press release or wherever you might be, the 37 Signals guys, David Heinemer Hansen, were the ones kind of behind this. And they decided to do things a little bit differently, as they do, right? They like to do things differently. So David Heidemer Henson went to a developer conference, went on stage in front of a few thousand developers, and said, I'm going to use this new thing called Ruby on Rails to build a blog platform in 15 minutes. 15 minutes.
Andrew Monaghan [00:12:43]:
I'm going to create something that's complex and hard in 15 minutes. And rather than just saying that and telling how you would do it, he actually did it live on stage. So there's a gutsy thing to do, right? Make a bold claim. I'm going to do something that previously you didn't think was possible, and I'm going to do it live. There are no gimmicks here. There's no slideware or shortcuts or whatever. You actually did it live on stage. And if you want to do some searching, as I've done recently, because I remember him talking about this years ago, but I find some examples of people talking about it recently.
Andrew Monaghan [00:13:16]:
You got people actually saying that was the single most effective open-source marketing ever done, right? Huge claims from people about the effect it had. Now, if you think about all the things they could have done that would be really boring and not interesting and all the rest of it, that was pretty powerful, right? To go out there and do that. So my takeaway from this is that there's got to be things that you can take from this that you look at what you're doing at the company, either as an individual contributor, as a leader, as a founder, to say, are we just conforming to the usual way to do things, or can we change it up? And one of the lessons from talking to some of these people that are doing things differently is it has to come from the top, that it's okay to try and do things that might seem a little wacky, might seem a little bit bold, might seem to be a little bit out there. You imagine David Klein at Kentick, right, with his perfume advert. I asked him on the episode, did you seek permission to release the advert? He said, well, not really. The CEO had been on board with the idea of trying things differently and going off and doing it. And when he created the perfume advert, he didn't go say, let's go get approval from the CEO of the board to do this. They just released it.
Andrew Monaghan [00:14:29]:
Right. And it was okay to do that because he was trusted that it was going to be effective. And in line with what they're trying to do, I'm sure along the way they'll make some mistakes, right? But if you enable people to go and try things differently, they're the ones that are going to come up with the new ideas that you haven't thought of yourself, and you're going to find that they're going to do much more good than bad by giving them that leeway. So that's my call to action, I guess, for you, if you feel like you're a little bit the same, a little bit samey, you're kind of taking a harsh look at yourself and wondering how we're doing things differently market, it okay, first of all, for things to be different. Otherwise, you'll find that everyone in the company just kind of falls along and tries to do things the same way as before. So there you have it. Thanks so much for joining me again today. I hope this is inspiring and interesting for you, and I look forward to seeing some more examples of people not playing it safe, but actually going out there and making a bold difference.
Andrew Monaghan [00:15:25]:
I'm.