The CISO’s Guide To Working With Early-Stage Cybersecurity Firms
Cybersecurity has emerged as one of the hottest markets for venture capital investment over the past few years. With nearly 1,300 active companies with investments providing security software and services, there is in a way almost too much choice. Many security leaders complain that working with an established vendor and getting it to innovate is like getting an oil tanker to turn. Early stage and startup cybersecurity firms can solve this and more.
Despite the opportunity and benefit that accompanies working with early-stage cybersecurity firms, many CISOs are a bit shy of being the guinea pig.
While barriers to entry certainly exist for CISOs looking to engage more with these firms, our research uncovered that the pros frequently outweigh the cons for organizations. Indeed, during the process of doing this research, some of us skeptical authors have turned into genuine advocates of working with security startups. Here are some of the benefits of working with startups:
- CISOs can influence the roadmap of a startup, helping the CISOs solve their specific problem. Unlike with a more established vendor, when working with an early-stage firm, CISOs are able to advocate for features that suit their security needs. As they are far less bureaucratic, CISOs will have the opportunity to forge relationships with senior management, where their needs will be best heard. The benefits of this is that you have more opportunity to shape the solution roadmap to meet your needs while having the ear of the senior management team to help smooth out the inevitable bumps in the road. What is less obvious is the influence you will ultimately have over the entire industry, as well. Features that you co-create with early-stage cybersecurity firms could end up shaping the industry approach in the area that the startup competes in.
- Organizations can move faster and have greater flexibility with early-stage cybersecurity firms. Traditional providers can be slow with innovation because they must manage a multitude of customer requirements on their roadmaps. By comparison, early-stage firms can move more quickly, as they haven’t died from red-tape exposure yet. From inception to prototype, they are unencumbered by legacy technical debt, allowing them to act more rapidly. Partnering can enable CISOs to deliver business value faster and allows them to remain ahead of the curve. One CISO told us that they could deliver more quickly and, in some cases, had also removed a lot of cost from how their team delivers security to their organization.
CISOs who are interested in working with startups and early-stage cybersecurity firms need to prioritize review of emerging technology within their security team. Give formal responsibility for doing this to a member of your team. Back this by providing strategic focus areas and, importantly, an innovation fund to drive proofs of concept and testing of solutions in your environment. Use this innovation funding to bypass organizational inertia and red tape put in the way by other IT teams.
Security leaders interested in learning more about our research should look at our report, “Capturing Innovation In Your Security Program,” for more information on how to work successfully with security startups.
(Written with Kate Pesa, senior research associate at Forrester)