Building products and companies in cybersecurity is not an easy task because in many ways, the industry behaves differently from others. To start, it is very crowded, with hundreds and thousands of undifferentiated solutions promising to solve all security problems and more often than not, falling short of their promises. Moreover, it is an incredibly dynamic space with the landscape sometimes shifting overnight.

As a product leader, I meet many entrepreneurs and startup founders and see over and over how the vast majority get slowed down by the same types of problems. In this post, I am looking at six challenges of building products in cybersecurity and ways to overcome them.

1. The challenge of customer discovery

In most industries, buyers and end users are open to talking to vendors because they recognize that software providers are there to identify their problems, pain points and inefficiencies, and build solutions that remove them. The same, unfortunately, cannot be said about cybersecurity where few leaders (Chief Information Security Officers or CISOs) or practitioners are open to having transparent conversations with strangers. There are several reasons why this is the case:

• Security teams are chronically overextended and understaffed, and therefore cannot prioritize talking to vendors over improving the security posture of their company.
• CISOs and practitioners alike are inundated by vendors who reach out from all fronts — calls, emails, social media messages and conferences, to name a few.
• Product managers and founders tend to ask the same types of questions that an adversary would (what products the company is using, where their gaps are, etc.) — questions that can only be answered if there is a level of trust between parties.

All this makes the lives of cybersecurity product leaders incredibly hard as it essentially makes them unable to do customer discovery, learn about pain points and brainstorm potential solutions. Here are some of the ways to address this:

• Build relationships with CISOs and security practitioners by attending events, workshops and webinars.
• Ask existing customers, VCs and design partners for introductions to people in their network.
• When PMs get an opportunity to talk to security people, use that time to ask questions and be curious, instead of pitching their products and solutions.

2. Using traditional product management frameworks