April 19, 2019

How to sell a CyberSecurity Idea?

Hi All,

A while ago I built a Blockchain SIEM(Security Incident and Event Manager -- a log aggregator ) POC (proof of concept) for a big company.

While building the thing, I got to see how this company had built their cybersecurity infrastructure, and saw a hole that I think might exist in other large enterprises -- API security via an API proxy.

After I finished up the SIEM POC, I took a month of "here and there" time and built a proof-of-concept ( it only runs on my box ) to test/prove to myself that an API proxy of this type could work to retroactively patch REST endpoints. ( This idea itself isn't new -- companies like Qualys and Imperva provide a Web Application Firewall that's really a proxy already -- I'm just adding better SIEM integration and distributed rules ).

But I don't know what to do next with it. It's not ready for sale -- it's a proof of concept -- that is, I can show in a debugger that it works as I imagine, and before I sink real time into making it a full sale-ready product, I need to know people would buy it.

I know big companies won't buy it -- because they only buy from big companies ( they want long-term maintenance, something a one-man-band can't provide ). Startups won't have the problem ( they have no Legacy APIs to patch with such a proxy ).

Any ideas -- how do I verify this thing is a product people would buy? How do I get my first alpha test customer for this type of security product?

#idea-validation

  1. 1

    If you are familiar with shared hosting companies (GoDaddy, Hostgator etc.) you might have noticed that there are a dozen "add-ons" to each hosting plan they offer. Backup is a good example. So those satellite companies -- once start-ups in the past -- partnered to the hosting companies so they could scale. Hosting companies in turn found a good opportunity to keep focused on their core-business while other companies add value to their services.

    You could follow that same path yourself. Find a niche of solution providers whose solutions are mostly API based. Offer them your product as being the "security layer" to their own product. At this point you and the API company will be real partners as you will share customer's money.

    Sky is the limit in terms of solution architecture. You may have your solution running as SaaS (you keep the infra running), running inside your partner's cloud or even on-prem, if your partner offers this modality to its customers. Pricing should take those scenarios into consideration because they represent different operational costs.

    So as a one man show, focus on running it. Let others find a way to sell it as value added to their own solutions. Good luck!

  2. 1

    It has to be a medium sized or big company itself. It’s not that big company won’t buy from startups they will as long as you can assuage their risk and security concerns and also showcase that you are in it for the long run

    There are many ways to do this not including

    • make your company setup and registration documentation fool proof

    • talk about what if scenarios in your pitch to these companies

    • agree for a code audit after a signed NDA

    • agree for long term maintenance and if you have a signed contract i am sure you can hire/contract the right kind of person to support these tasks.

    • best pitch for you is any publicly available stories about something similar cause a cyber security issue and the ramifications of the same.

    • one approach would be make it into a service project for one company that will pay to build it for them with you owning all rights to the code.

    DM me happy to chat more.