Solve First, Shout Later
Why cybersecurity vendors don’t win with bold claims, and what they should do instead
In the early days of ESET, we didn’t win because of a bold vision or a polished marketing message.
We won because of two things that mattered deeply to the people we were trying to reach: small update sizes and low system resource consumption. That was it.
Our updates didn’t bring already slow connections to a halt. Our software didn’t bring underpowered computers to a crawl. These things may sound minor today, but back then, for many users and resellers, they were real, immediate problems. And we solved them. Better than others.
That’s what got us in the door. And to become later the largest endpoint security vendor by revenue from the European Union.
This edition of Cybersecurity & Business is sponsored by:
The problem with bold statements
Cybersecurity vendors — especially startups and scaleups — often feel pressure to say something bold. Something visionary. Something that makes them sound like leaders.
But bold statements alone don’t win deals. Especially not in the beginning when nobody knows you.
There’s already too much noise in cybersecurity. Too many companies saying the same things, in the same way, with the same vague promises. "Next-generation protection.","AI-powered prevention.","Unified, proactive defense".
Statements like these aren’t wrong. They’re just not enough to cut through the noise.
They don’t tell the buyer what problem is actually being solved, or why this or that vendor is the one to solve it. They sound good in a pitch deck, but fall flat in front of a buyer who has already seen 15 other vendors say the same thing.
What buyers are actually looking for
Here’s what often gets overlooked: most buyers don’t have the time, interest, or ability to test every product. They default to one of three things:
What they already use
What their trusted network recommends
What’s available from their existing service providers or distributors
For a new vendor to break through, you need to give them a very specific reason to consider you. That reason must connect directly to a problem they care about, ideally one that others don’t address well, or don’t communicate clearly.
Where that insight comes from
You won’t find that message sitting in a conference room with your team.
You find it by getting outside and talking with end users, service providers, distributors, MSSPs. Attending events and conferences. Understanding what their actual pain points are, not just the ones you imagined when building your technology and your product.
At ESET back in the day, we spent a lot of time doing just that. The insights that helped us grow didn’t come from strategy slides: they came from regularly testing the competition, from our support tickets, events, channel conversations, and feedback loops we created with our early partners and users.
That’s how we learned what really mattered.
From tech, to product, to solution
Many startups begin with a piece of technology. Something novel, interesting, or genuinely clever and they tend to think that is what will make them win.
But technology alone doesn’t win.
You have to turn that technology into a product: something that people can actually use, deploy, and rely on.
Then you have to go a step further and turn that product into a solution: something that solves a specific, recognized pain in someone’s workflow or infrastructure.
That last step doesn’t happen unless you deeply understand the user’s world. Which means talking to them, a lot.
When you are able to articulate how your product can solve that specific pain or problem in a way that end users feel and understand, that is when you really have a chance to win.
What you should (and shouldn’t) do
Here’s what I’ve seen work for vendors who break through:
What to do
Spend time outside the company, with users, implementers, and channel partners
Listen for the small but persistent pain points
Watch for the patterns behind unexpected wins
Build messaging around what you remove — friction, complexity, noise — not just what you add
What not to do
Assume your "key innovation" is what customers care about most
Rely only on feedback from CISOs or top-level execs, instead of listening also to the implementers and users
Over-rotate on vision and category creation before you’ve won a base
Copy messaging from the market leaders and hope to sound credible
What we would’ve missed
If we had only talked about “advanced heuristics” at ESET, we wouldn’t have become the largest European cybersecurity vendor by revenue.
The way we implemented heuristics was important, a true innovation — no question. But that wasn’t the reason people became our fans and chose us in the beginning, no matter how in love we were of our technology.
The reason was simpler. Updates were smaller. Systems ran faster. Partners didn’t get as many complaints.
Back in those days, IT administrators needed to update their endpoint security solutions at night to avoid their internal networks to overload, and users saw how their computers were suddenly running very slow when the antivirus was updating or performing a scan.
That’s what we solved. That’s what got us traction. The rest came later.
Another example: In the early days of Crowdstrike, what the customers were caring the most about was their Overwatch service. That is what was resonating the most with many of them.
Solve first. Shout later.
The security market doesn’t need more bold yet generic statements. It needs vendors that remove friction, solve real problems, and explain those things clearly.
If you’re a cybersecurity startup or scaleup trying to grow don’t focus on saying you are bold. Focus on being useful.
