Connect with us

Hi, what are you looking for?


Management & Strategy

Start-Ups: 10 Tips for Navigating the Headwinds Against High-Growth

These strategies can help cybersecurity startups navigate the current market dynamics, focusing on modern buyer behavior, updated KPIs, brand awareness, and effective sales and marketing alignment.

Cybersecurity GTM Strategy

If the last two years have taught our industry anything, it’s time to retire to “cybersecurity is recession-proof” colloquialism. Not only have vendors seen cuts and challenges that they didn’t even face in the 2000 and 2008 downturns – but even internal security teams and budgets have been reduced, and defenders have fewer resources against adversaries.

Yet, if you’re at the helm of a startup that is trying to grow in the face of all this, especially knowing that you can help defenders scale their scarce resources, you need to cut through the economic headwinds and achieve your goals. I wish I was a soothsayer and could give you fail proof advice. But what I can give you are 10 suggestions based on what I’ve learned through the good, the not-so-good, and the fair-to-middling, and hope they help you hone your strategy.

  1. Acceptance: Isn’t this one always a pain? There’s not one of us who hasn’t done the “old man yells at cloud” fist-shake over the last two years, muttering about how such-and-such was the way it worked before. Well, it doesn’t, no matter your such-and-such. Start with surrendering to the fact that the buyer journey has changed and that the rules of sales and marketing that applied even in 2021 and early 2022 no longer apply to your business. We knew this in early 2023 so acceptance is overdue. The buyers make all of the rules and want to evaluate what you’re all about before even talking to you, which tosses old go-to-market (GTM) strategies on their bums.
  2. A New Measuring Stick: Stop using outdated KPIs: pipeline “sourced” by marketing compared to sales compared to channel. Cost of net new “top of funnel.” Social media followers. None of those account for today’s buyer behavior nor will give you predictability for growth. What matters more? How and when buyers are engaging. How and when leads are converting. How much share-of-voice and share-of-mind do you have (e.g. what level of awareness are you getting compared to competitors, or where buyers go to make decisions)? Cost-per-conversion. Cost-per-opportunity. Cost-per-trial. Cost-per-closed won deal. Your customer acquisition costs (CAC) should be examined across your entire GTM structure including sales and marketing, human capital, and programs, too. Fuel retention programs up front as part of your acquisition strategy.
  3. Brand is Not Dead: Related to measurement, do not forget that in 2024 (and back in 2023 and 2022, really, if you were paying attention), BRAND AWARENESS IS THE REAL DEMAND CREATION. So, why are companies cutting brand and public relations so fast? It used to be the first to go, and it made sense (in 2015). However, with the new buyer journey with the customer in control, you need the “outside-in” approach to get people’s attention. Beyond share-of-voice and share-of-mind, it is hard to measure, but if you’re measuring the right things for your business overall, that challenge is a non-starter. Tom Wentworth, Chief Marketing Officer of Recorded Future, talked about this in his keynote at Cyber Marketing Conference. Despite not being able to measure it the way you may want to, brand is in no way a waste, and he says you may not be able to measure even 50 percent of it. As much as I love data, even I concede that not everything has to be quantifiable and there’s a level of trust you need to give qualitative programs that get to your bottom line. You can’t attract without brand and strategic content placement. More importantly, you cannot convert without brand and strategic content placement.
  4. Keys to the Kingdom: A lot of people are tired of product-led growth (PLG) as an acronym but conceptually, it works, depending on how you do it (and it doesn’t have to get messy with product-qualified leads, or PQLs, either). Buyers want to avoid salespeople at all costs; not because they aren’t lovely but because defenders simply don’t have the time to waste. Give the buyers the ability to dig into what you have before even expecting them to talk to you. Whether it’s a freemium or community edition that gives them the basic foundation of what their enterprise might use; a clear video demonstration that shows them what it’s like in your environment (but not a video played during a meeting, for the love of peat); a choose-your-own-adventure walkthrough of your product; or, at the very least access to your tech docs so they can do an evaluation against their environments. The days of trying to control access until you guide the would-be customer to where you want them to be are over. Give them the proof upfront. If you can’t give it to them? They are going to wonder if what you have is real.
  5. Outcomes vs. Features: My friend Jaci Tomek, Chief Revenue Officer at Andesite, always says we don’t want to talk about the “beeps and boops.” She’s so right. The speeds and feeds wars of the late 1990s/early 2000s and the more detections battles of the late 2000s are over. What can you DO for the customer? What is the outcome they are going to achieve? How can they demonstrate that at both the technical level and the business level? How will it save them time and money? Can you prove near-term return-on-investment (ROI) if they purchase from you? Is that clear in your messaging? This is often a work in progress, especially for a startup (and one I’m personally hammering away at right now). The opposite is telling them what features you have or technologies you use (e.g. deep packet inspection or machine learning or artificial intelligence or a super cyber rocket launcher that runs on crypto…) and that’s not telling them much of anything. Ease of use, however, and how the product is constructed to give them that, is an entirely different story.
  6. Product Market Fit: Make sure you have this before you invest significantly in marketing or sales. How do you know? You can prove the defensibility and scalability of your product in an environment where it is actively being used – and, if you have that, you’ll see renewals vs. churn. This is a quick-and-dirty answer, of course, but at its bare bones, are you solving a problem companies currently have? During the RSA Conference, I had a CISO say, “So, this is ‘the-market-was-waiting-for-this-product-fit” and I loved that. One, because it helped me validate a strategy, and two, because it validated what shouldn’t need to be validated; that customers are seeking solutions for existing problems NOW give, again, those limited resources. This is not the market to wax a long-term vision for short-term gains. That doesn’t mean we don’t need vision and growth toward future problems, but we can’t yet solve the ones now. Defenders need tools that help them NOW; not something they need to convince their leadership will become fruitful when the market shifts in 24 months.
  7. Demand Creation > Generation: In the new world, we need to think about demand creation vs. demand generation. This sounds like semantics but it’s not. Demand generation is when you summon enough interest for your sales team to then take that interest and commence lead generation and get sales. Demand creation puts the onus on the entire GTM engine to work together to create awareness, develop one shared pipeline, engage strategically with the challenge, and execute some tried-and-true marketing activities while layering over account-based experience (ABX) to achieve predictability and repeatability (protip: do not replace everything with ABX up front without testing, or you will once again be sad. Even Snowflake says this). As part of demand creation, Sales Development Representatives (SDRs) become critical. SDRs get a bad rap because of the old world of “smile and dial” and if you are using them that way now, yes, you will get zilch. But if used strategically as the “human nurture” in your demand creation strategy, watching engagement and other strategic triggers, SDRs can unlock a whole host of opportunities for you – long before you even have a sales team. I’ve seen it, I’ve done it, I have the t-shirt.
  8. Build at the Right Time: Product market fit also predicates the timing for investment. Do not hire a sales team before you have a product-market fit. Do not hire a marketing team until you have a product-market fit. That does not mean don’t leverage sales and marketing resources (consultants, agencies, advisors, internal folks who wear multiple hats), but that is the fastest way to burn cash before you are ready. How do you know you are ready? The law of supply and demand, baby. Build your pipeline before you get your sellers. Now, one might say, “But Jen, you need a seller to create the pipeline.” Wrong. That’s the old model. In the time of demand creation, you can create a pipeline without sellers if your leadership team is capable of founder-led or executive-led sales. Do not get fooled into the outdated math of (1 seller = x pipeline = y closed won). That doesn’t scale, especially in SaaS-land, and most everything is SaaS. To that end, you don’t need a territory model either. If you’ve done demand creation, you’ve attracted a channel (and no, you don’t need a channel account manager, either). Work with your channel partners as a force multiplier for both of your businesses and let them get you into different markets if your product is ready for it. If you’re creating demand, the channel is being asked about you by buyers, so do not shut them down. ABCF (Always Be Channel Friendly).
  9. Sales Hustle: So, you’re ready to hire an account executive. Ideally, everyone wants to hire a power hitter with a big Rolodex, but people don’t buy from friends anymore (and if they do, they often churn if that is why they bought). It’s all about the hustle and the joint partnership with marketing, so you want sellers and marketers who see each other as pals for success vs. challengers. A bit ago I gave a presentation in which I said that marketing’s job was to feed sales, and it still is. However, if you have a sales organization that is waiting for the perfect leads from marketing, and isn’t willing to put in its sweat equity to qualify even the “maybes”, it’s going to show in your lack of growth. In addition, sales teams are now equally beholden to marketing and working their programs with them because of demand creation. It all starts with marketing and sales leadership partnering and managing their teams to interact with each other through mutual support (the new way) versus one serving the other (the old way). Like everything else in a company’s success, this lies in top-down management. Also, a rock star seller in cyber should be technical enough to not need a sales engineer in the first discovery call. Maybe even a second call. They should be able to demo your product and dig deep. It’s practical, it’s better for the buyer, and it reduces your CAC to use less resources. Get an account executive or account team that understands its cross-functional role as a full-fledged GTM player and will create demand alongside everyone else.
  10. Move at Ludicrous Speed: We’ve all heard hire slow, fire fast, and that still stands. Especially in an early-stage start-up, you need to balance speed and traction in all of your decisions – people, process, and product development. Be brutally honest with yourself about what is working and what is not and don’t be afraid to make change, even if it’s painful from a human perspective. When I was at Fortinet pre-IPO, I remember Ken Xie (Founder & CEO) saying something along the lines of, “One quarter to ramp, one quarter to win or lose, and then change.” I used to think it was cutthroat, but not only has Fortinet itself proven that strategy successful, but I can say with 100% certainty that the most successful companies I have worked for or with since have adopted that strategy.

There is a lot more I can say about how to achieve an optimal start-up GTM in the changed market dynamics and the uncertainty we’re still living in, but I do hope this little primer at least sparks discussion about how you can optimize for growth. I will say that I am both encouraged and a bit scared about the big capital raises we are starting to see again that are reminiscent of 2021. Encouraged because it shows signs of our market growth and some rebound; scared because so many companies got in trouble burning cash by assuming that recession-proof colloquialism was true. I think if we can avoid the latter, perhaps we can recover a bit and, most importantly, many of those affected by some of these cuts in the last two years can find new homes and help us regain our footing as an industry.

Written By

Jennifer Leggio is the Chief Operating Officer for Tidal Cyber, where she oversees all go-to-market, including sales, marketing, and revenue and business operations. Jennifer has specialized in startup growth over the last 24 years, and her expertise is built on companies emerging from stealth, building-to-exit, building-to-grow, and rebuilding-for-strength strategies. Beyond business, Jennifer has embarked on unique self-improvement journeys, applying her many lessons to leadership coaching, team building, and mentoring, for the humans behind the technology and processes that reduce cyber risk. Renowned for her tenacity, strategic vision, and no-nonsense approach, she also prioritizes calculated risks to disrupt the status quo and enhance diversity and inclusion in technology. She has relentlessly advocated for ethical marketing programs and the protection of security researchers, speaking on these and other topics at RSA Conference, DEF CON, Hack in the Box, Gartner Security Summit, and small invite-only hacker community conferences.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.


People on the Move

Retired U.S. Army General and former NSA Director Paul M. Nakasone has joined the Board of Directors at OpenAI.

Jill Passalacqua has been appointed Chief Legal Officer at autonomous security solutions provider

Cisco has appointed Sean Duca as CISO and Practice Leader for the APJC region.

More People On The Move

Expert Insights