Get your free personalized podcast brief
We scan new podcasts and send you the top 5 insights daily.
SiteAdvisor's core insight was that security products focused on technical vulnerabilities, while new threats like phishing exploited human psychology. This mismatch created a market opportunity for a new protection category based on identifying social engineering attacks.
Related Insights
Competitors would simply alert clients to a security threat, leaving them to investigate. eSentire differentiated by handling the entire incident response: investigating the threat, kicking out the attacker, and providing an "all clear." This deeper service commitment was their key competitive advantage.
The best investment returns in cybersecurity will come from startups tackling security for emerging technologies. New attack surfaces, such as those from Agentic AI, represent a 'blue sky problem' where a startup can build a category-defining company without facing incumbents.
Doppel's founders didn't start with a specific user problem. Instead, they analyzed macro trends (AI, Crypto) and identified a high-level threat: the erosion of "digital authenticity." This broad vision allowed them to explore initial markets like NFTs before pivoting to cybersecurity.
When Axonius's founder discovered a major breach, the security team was surprisingly nonchalant. They couldn't act because they lacked basic asset visibility. This customer acceptance of a huge, unsolved problem was the signal for a massive market opportunity.
Chris Dixon contrasts his two startups. SiteAdvisor started with a clear problem (social engineering threats). Hunch, an AI company, started with a technology (machine learning) and then searched for a problem to solve, a path Dixon now views as a strategic error.
Huntress discovered that simply finding threats wasn't enough for its MSP customers, who lacked specialized cybersecurity staff for remediation. The product had to evolve into a fully managed, human-powered service that handled the problem end-to-end, moving from alerts to a 'click a button to fix' solution.
A company's biggest human security flaw often lies with its help desk. CrowdStrike's CEO points out that help desk staff are typically incentivized to resolve issues and close tickets as quickly as possible. This makes them susceptible to social engineering, as their motivation is speed and helpfulness, not rigorous security verification.
Don't overlook seemingly "boring" industries like cybersecurity or compliance. These sectors often have massive, non-negotiable budgets and fewer competitors than glamorous, consumer-facing markets. Solving complex, high-stakes problems for large companies is a direct path to significant revenue.
MSPs often avoid selling compliance services due to their complexity and perceived liability. However, 'human risk' is a required part of most frameworks and is far more tangible and easier to sell than technical controls. It acts as a wedge, allowing MSPs to enter the lucrative compliance market with a simpler, more relatable offering.
Security's focus shifted from physical (bodyguards) to digital (cybersecurity) with the internet. As AI agents become primary economic actors, security must undergo a similar fundamental reinvention. The core business value may be the same (like Blockbuster vs. Netflix), but the security architecture must be rebuilt from first principles.
