RSAC 2024

John Funge On How Startups Can Make A Stir In The Cybersecurity Space

In an exclusive interview with Expert Insights, John Funge, Managing Director at DataTribe, discusses the main challenges that cyber startups face when trying to break into a crowded market, and the steps they can take to overcome those obstacles.

Expert Insights Interview with John Funge of DataTribe

The cybersecurity market is growing constantly, with an expected annual growth rate of 12.3% by 2030. This is partly due to the continuous demand for innovative new products that can combat the sophisticated, quickly evolving threats that we’re seeing today. But despite this demand, it isn’t aways easy to break into the market.

In an exclusive interview with Expert Insights, John Funge, Managing Director at cyber startup foundry DataTribe, discusses some of the main challenges that cyber startups are facing and the steps that they can take to overcome them.

Breaking Into A Crowded Market: The Challenges

Like all product-oriented startups, cyber startups typically need to raise outside capital to fund the development of their product. That, in itself, presents a number of challenges, Funge tells Expert Insights.

“They need to be efficient with capital, avoid mistakes and delays, find product-market fit, figure out how to market and sell the product, price it correctly, get a few referenceable customers to provide feedback that get real value from the product, ensure they have sufficient capital to not run out of cash, attract and hire the best possible talent, develop a culture and mission that gives people meaning and ensures team coherence, and then scale.”

But cyber startups also face unique obstacles that other product-oriented startups don’t necessarily face:

Selling To A Challenging Customer

To begin with, most cyber startups target larger enterprise customers within a B2B market, says Funge. This is because this audience is typically in a better financial position to pay for a new cybersecurity product than an SMB audience might be, enabling better product economics for the startup. However, Funge says, enterprises can be challenging customers.

“Product purchases can be protracted and involved numerous influencers in the purchase decision process. In addition, larger companies often have demanding product requirements (performance, robustness, functionality, etc.,) that can be hard to meet right out of the gate with a new product.”

On top of this, cyber startups must try to sell to a particularly challenging point of contact within those large enterprises: the CISO.

“CISOs are professionally trained to leave no digital fingerprints and to develop trust very gradually,” says Funge. “As well, about 10,000 CISOs worldwide are the target of literally billions of dollars of cybersecurity marketing firepower. The marketing channel is saturated.

“Add to this, many CISOs bring a mindset that may not hold sales and marketing in the highest esteem. Put all this together, and you have an especially challenging customer profile.” 

This mindset demands that the cyber startup develop a certain level of trust with their prospects before they’re likely to buy. And, unfortunately for startups, that demand is only further heightened by the fact that cybersecurity professionals are, by nature, distrustful of unproven or unknown solutions.

“Customers are less willing to experiment with unproven solutions or do business with partners that don’t come through some kind of trusted referral or have some other brand or certification that demonstrates trustworthiness,” says Funge. “Developing these trust signals can take time — one thing that is short supply for most all startups.”

Learning New Skills

Many founders in the cybersecurity space come from a technical background.

“Compared with other tech sectors, it’s comparatively harder for an early career entrepreneur with little cyber experience to dream up a new cyber product idea, go to market with it, and succeed,” says Funge. “It’s for this reason that most cyber founders come from having worked in the field for a number of years before launching a startup.”

While this means that most cyber founders have excellent technical product knowledge, it also means they typically don’t have much professional experience in sales and/or marketing. Because of this, says Funge, many cybersecurity founders are “learning sales and marketing on the job”.

But when sales pipelines can take months to close in some security categories, a mistake in sales or marketing could prove very costly, both in terms of time and money. Because of this, Funge recommends that technical founders seek the advice of trusted, experienced advisors to “help them to avoid mistakes and climb the learning curve faster.”

A People-Oriented Solution

There are four considerations that cyber startups can take to tackling the challenges outlined above, and each those involve the people they’re working with.

To begin with, it’s important that the startup not just secure an investment, but make sure they do so from the right investor.

“Investors that are staked in your success can be a big asset,” says Funge. “Cyber is an investment domain that is complex and thus is generally best done by cyber specialists. If you are able to find a cyber-focused investor to work with, their know-how and networks will help you mitigate many of the above challenges.”

Second, the startup must make sure they’re targeting the right customers.

“For your first few customers, it’s best to find a trusted mutual connection that can introduce you,” says Funge. “This is the most direct and fastest path to building the necessary trust with a prospect and well as to cut through the cybersecurity marketing noise.”

To achieve this, the startup might choose to enlist some CISOs as advisors that can provide those introductions, Funge recommends. Of course, not all CISOs are the same. Partnering with CISOs that are interested in startups and innovation can also be a good way to develop the product further:

 “Many CISOs are quite entrepreneurial and enjoy collaborating with startups,” explains Funge. “Try to find a few of these early-adopting, startup-loving CISOs and pull them into the fold with you. Invite them to be design partners and help shape your product.”

Third, it’s important not to oversell. While going to market as a startup in any industry involves some level of making the company seem more established than it is, it’s especially important in the cybersecurity industry not to exaggerate a products capabilities, says Funge. 

“Given the sensitive nature of what products do and the trust that is being built with customers, it’s important to not oversell and ensure that you can deliver on promises.”

And finally, cyber startups need to make sure they have an experienced, capable team – even if it’s currently a small one.

“Cyber is a field that demands experience,” says Funge. “As you build your team, it’s key that team members that are interacting with senior security leaders on behalf of the company have the right background to be credible. As well, it’s important that your product leadership also has the right cybersecurity depth to best align the roadmap with market needs.”

The Impact Of M&A On Startups

The cybersecurity industry has historically seen a healthy number of mergers and acquisitions (M&A), due to the fact that large public cybersecurity companies tend to acquire smaller, innovative startups in order to keep up with the latest trending technologies. This is furthered by the fact that CISOs are looking to consolidate their tech stacks, says Funge, which also drives market consolidation.

All of this is generally good news for cyber founders, says Funge, because while all founders should be focused on building brilliant companies, most founders and investors will eventually want to leave their startup investments. The most common way to do that is through a merger or acquisition.    

However, mergers and acquisition are typically a longer-term consideration and deal activity generally doesn’t have a large impact on cyber companies just starting out:

“Active M&A activity helps provide confidence that the chances of exiting down the line are feasible. It’s important to note that any company starting today likely wouldn’t be considering a sale for years. So, the M&A environment today is not quite as relevant as down the line for someone just getting going with their startup.”

DataTribe’s Investment Priorities

Many cyber startups decide to partner with highly supportive cyber specialists like DataTribe to help them overcome some of the challenges outlined in this article. DataTribe supports cyber startups with not only early-stage capital, but also expertise in key areas such as product management, go-to-market strategies, lead generation, and marketing; and connections with leading global executives, the San Francisco Bay Area venture capital community and the intelligence community.

When it comes to choosing which startups to invest in, DataTribe has an open mind, says Funge.

“We have great respect for the incredible ideas that founders come up with — way better than ideas we’ll come up with. As a result, we tend to stay very open minded to the wide range of ideas we encounter meeting with founders.

“That said, there are a few these that are particularly resonant looking ahead in 2024 and 2025: continuing to ensure that software teams have the tools to really fortify software product properly in the first place (so called ‘secure by design’), needs being driven from rapid AI adoption, and ensuring that data is properly audited, secure and tamperproof.”

And when it comes to causing a stir in the cybersecurity market, there are two things that a startup should do, he says.

“Given how many cybersecurity companies there are and how complex the product universe is for cybersecurity customers, it pays to really focus on ensuring that your value proposition is highly differentiated and simple.

“As well, time-to-value is really important. Given how busy security organizations are, any friction at all in adopting and getting value from a product can be make or break. Remove as much friction to customers using and getting value from your product.”

Expert Insights provides leading research, reviews, and interviews to help organizations make the right IT purchasing decisions with confidence.

For more interviews with industry experts, visit our podcast page here.

Note: This interview has been edited for clarity.