Kicking down B2B barriers

Hey everyone!

I've been lurking on this site for a little while, but am finally beginning to make some progress on my little idea. My current day job is essentially consultancy, enabling established businesses sell into large enterprises - the stereotypical 7/8-figure deal - and I want to bring this insight to SMEs as a form of productized service.

This problem manifests itself in a bunch of different ways when attempting to sell: examples include getting the dreaded "vendor security questionnaire", or (worse) being asked for a copy of the latests SOC 2 Type 2 report. What I see founders doing in response is what I refer to as the Bureaucracy Bulls**t Blizzard: they think that the right way through this mess is to generate paperwork, and boy howdy do they come through with that.

Suddenly their business has Policies and SOPs for everything, and it feels like the right thing - this is what grown-up businesses do, right? - but the second-order consequences kick in quickly. Developers start slowing down delivery because each release goes through Change Management (TM). You can't store this data or run that service because of GDPR, or CCPA, or HIPAA (no-one's quite sure what, but they know it's not allowed). That beautiful product release cycle gets slower, and slower.

My mission is to fix this. I offer a form of corporate jujitsu service to bypass this, and as I said, I want to bring this to SMEs. I'm going to be attempting to build this in public - at least in part! - and I'm absolutely knocked out by the quality of work that people are sharing on this site; you all have set an extremely high bar.

While I'm getting on with this - if CGRC (the baffling bulls**t acronym for Cyber Compliance, Risk, & Governance - i.e The Rules) is getting you down, please get in touch. I would love to help serve this community sell into larger businesses and enterprises. It's not easy and I won't pretend it's not a lot of work (it's huge!) but equally, there are plenty of short cuts and cheatcodes available. I genuinely believe it's a great time to bootstrap products aimed at B2B.

Thank you all for the content I've already consumed, and I hope to contribute in the future.

  1. 1

    Nice idea. I agree that it's something needed particularly as startups look to sell to enterprise. I'm on both sides of the equation running my own business in the HR space and working as a lawyer for a global HR services business.

    We buy all sorts of tech and I have seen some very questionable policies (literally copied and pasted from the internet) that bear no relevance to the supplier's business but they "have to" have it.

    Enterprise businesses tend to fall into one of two categories and I speak from having been on the selling side to them in my day job.

    1. Those who have a decent process for onboarding tech. I think we do. Any vendor goes through OneTrust for privacy and security requirements and we ask for supporting evidence aligned to the sensitivity of the data being processed.

    2. Companies who mandate that the vendor has a SOC II Type 2 and mandates the level of encryption for data and mandates the length of your passwords etc. They impose their security requirements on the vendor irrespective of what data is being processed.

    I have found that on the second, most will make accommodations but you need to be able to quickly spot where the gaps are between what the customer wants and what the vendor can provide.

    1. 1

      That experience resonates with my own, thank you for sharing. I think unfortunately case (2) is really common - it's a checklist approach of the "no-one got fired for buying IBM" type, but you're right, it's often more negotiable than people realise.

  2. 1

    I'm interested to see how you can turn this into a product. If I can offer some advice, it would be to get a little more focused on the customer profile. SMEs is not a niche enough customer profile. Is there a sector that you're most interested in helping?
    Feel free to reach out on Twitter - just followed you

    1. 2

      Thanks Michael, much appreciated! I agree with your feedback: I do need to niche down; that's one part I haven't figured out yet. I need to niche down by geography at least (because of both regulations but also customs/expectations) and so I'm going to focus initially on the UK - but that's as far as I've got.

      My current feeling is that I'm building something for founders / execs / consultants who are not governance professionals, but trying to sharpen up their businesses' game so that it survives external inspection/audit. There's this weird window where a business can be trying to sell a service/product for e.g. ~$10K/year, and it's not enough to hire a compliance lead internally, but the procurement process is substantial enough that it either takes a very long time or indeed they even lose the sale for not meeting requirements.

      In my heart I would like to be aiming this at SaaS founders who are stepping up with proper enterprise versions of their product. My head tells me that my tribe right now is probably fellow consultants and I should start there first...

Trending on Indie Hackers
My year-long passion project is live on Product Hunt! Coffee Chats is like if Calendly and Carrd had a baby. 25 comments Micro-Communities | and why you should start one too 16 comments 👋 I just got my first 💸 Customer 12 comments This is how I am validating my idea currently. Help me to understand, where I am going wrong? 4 comments I Got 22,000 App Downloads In One Weekend with A $0 Budget 2 comments What to do when I hate marketing? 1 comment