Practical Tips for Creating and Managing Security Products

This cheat sheet offers advice for security product managers at startups and enterprises. It covers product manager responsibilities, defining capabilities, market segmentation, go-to-market strategy, pricing, delivery, trust, platform strategy, and how product management differs at startups vs. large firms.

This cheat sheet offers advice for security product managers at startups and enterprises. To print it, use the one-page PDF version; you can also edit the Word version to customize it for you own needs.

Responsibilities of a Product Manager

Determine what to build, not how to build it.
Define product evolution strategy and align roadmap to business goals.
Prioritize feature requirements, defect correction, and technical debt work.
Drive product adoption through customers, partners, and internal stakeholders.
Act as subject matter expert in pre-sales and post-sales discussions.

Product Capabilities

Identify pain points your product addresses that current solutions miss.
Define the smallest feature set that will attract your first customers.
Decide which capabilities to build and where to integrate or partner.
Assess your AI advantage if a frontier model vendor adds similar capabilities.
Identify proprietary data you can accumulate that competitors cannot replicate.
Ensure AI agents can interact with your product as effectively as human analysts.

Strategic Market Segmentation

Determine which geographic, industry, and size-based segments to target first.
Understand how security needs and price expectations differ across segments.
Assess whether your expected deal size supports the sales force needed.
Identify which personas will evaluate, champion, and use your product.
Consider how you’ll reach prospective customers in each market segment.

Sales Engagement and Go-To-Market

Understand where your sales team has gained traction and what drove those wins.
Determine whether you can reach customers directly or need a channel partner.
Evaluate whether a bottom-up adoption model fits and how to measure usage.
If open-sourcing a component, decide what stays proprietary for monetization.
Gather objections and concerns that prospects have raised about your product.
Structure POCs to demonstrate differentiated value within a defined timeframe.

The Pricing Model

Ensure your pricing model rewards customers when your product reduces their risk.
Consider how customers will predict and control costs during incidents.
Price based on customer-perceived value, not just your costs.
Align pricing structure with sales compensation that motivates your team.
Plan how to retain existing customers and expand within their accounts.

Product Delivery and Operations

Determine integration depth with customers’ CI/CD and DevOps workflows.
Assess effort needed to deploy, configure, and maintain the product over time.
Assess whether you have staff for complex customer implementations at scale.
Offer hosting options that meet customers’ data residency requirements.
Clarify responsibilities between parties for monitoring, upgrades, and support.

Earning Customers’ Trust

Determine security evidence buyers will require before purchasing.
Plan how your security program will scale as your customer base grows.
Identify which compliance frameworks are table stakes vs. differentiators.
Reduce third-party risk management friction in the sales cycle.
Secure your software supply chain and publish a vulnerability disclosure policy.

Platform Strategy and Ecosystem

Decide whether to build a comprehensive platform or integrate with existing ones.
Identify integrations essential for customers’ procurement workflows.
Balance ecosystem participation with competitive differentiation.
Plan how to stand out if a platform vendor builds your capability natively.
Help customers justify your product alongside a competing platform.

Product Management at Startups

Ability and need to iterate faster to get feedback
Willingness and need to take higher risks
Lower bureaucratic burden and red tape
Much harder to reach customers, often fewer resources for the roadmap
Fluid designation of responsibilities

Product Management at Large Firms

Access to an established sales organization.
Potentially conflicting priorities and incentives within the organization.
Rigid organizational structure and bureaucracy.
Potentially easier access to funding and expertise.
Well-defined career development roadmap.

Post-Scriptum

Authored by Lenny Zeltser, who has been responsible for product management of cybersecurity solutions at companies large and small. This cheat sheet, version 2.0, is released under the Creative Commons v3 “Attribution” License.

About the Author

Lenny Zeltser is a cybersecurity executive with deep technical roots, product management experience, and a business mindset. He has built security products and programs from early stage to enterprise scale. He is also a Faculty Fellow at SANS Institute and the creator of REMnux, a popular Linux toolkit for malware analysis. Lenny shares his perspectives on security leadership and technology at zeltser.com.

Learn more →