First Impression Tips for Security Startups

First impressions matter for people as well as companies. When approaching prospective customers or partners, it’s easy to waste the precious initial moments that set the tone for subsequent discussions. Having been on the receiving end of many cybersecurity startup pitches, I’d like to share a few tips for making the right first impression during such interactions.

Research Before the Initial Contact

Let’s start with the basics: Perform background research on the organization and individuals whom you’re approaching before you initiate contact. I’m surprised how often startups haven’t taken the time to prepare for the discussion and begin the conversation with a phrase like “Tell us about yourself and the challenges you face,” instead of demonstrating that they prepared for the conversation and signaling that the potential relationship is important to them.

In one example of the wrong way to approach a prospect, some person with an information security title asked to connect to me on LinkedIn. I’m not particularly selective on that site, so I accepted the request. Within minutes, I received a long, canned message that began with the following:

“Thank you very much for connecting on LinkedIn. I assume that you are interested in Product Name Redacted in regards to significantly increasing IoT System Security in IT/OT and if so there is some good additional information in this e-mail.”

It’s a pity when a company loses the opportunity for a meaningful interaction. Before reaching out to the potential business partner or customer, do you homework and open with a statement that demonstrates your understanding of the other company’s business and the person’s roles and objectives.

The need to do such homework might not apply when the initial contact is informal and unexpected. It’s OK not to know about someone’s role if you’ve just meet at a social function or a trade show. However, in some cases, companies that participate in an industry event can get a sense or a formal list of the attendees, and can perform preemptive research on the relevant companies or individuals.

Establish Your Credibility Early

As you start speaking with the prospect, make it easy for the person to find a reason to take you seriously. Displaying your understanding of the individual’s needs helps with that, but it’s not enough. You need to assume that the person’s default state will be that of skepticism and that establishing your credibility will take effort. This is especially important for a young firm, which rarely has a well-known brand that an established company might enjoy.

Why do you believe you or your company should be taken seriously in the discussion? Here are some ideas for your consideration:

  • Have you worked for a company that had similar cybersecurity needs as the firm you’re engaging? If selling an incident response product, for instance, talk about your expertise performing IR work in an enterprise setting to signal your knowledge of the space.
  • Do you have experience working with other organizations in the same industry? How have they solved a meaningful problem using your company’s product? Did they save money, lower risk, or achieve another objective that might resonate with the company you’re approaching?
  • Maybe you’ve been involved with other, better-known cybersecurity companies before joining the startup? For instance, if you’ve held a key role at a well-regarded firm, explain how that experience is relevant to your new endeavor.
  • Perhaps you’ve worked for a respected government agency in a role relevant to your startup’s area of focus? Like it or not, organizations such as the FBI and NSA have cybersecurity brands that can reflect positively upon the individuals who used to work there.
  • Were you referred to the person by someone they know? Do you have a common friend or former colleague? A shared connection can help break past the initial defensiveness of someone who’ve heard too many irrelevant sales pitches.

I’m talking about first impressions here, so you only have a minute to present an initial signal that might appear superficial in another context.

Many security professionals hesitate to praise themselves or aren’t allowed to share the details of their earlier projects. However, briefly touching upon your strengths and relevant experience in the beginning of the conversation will set the tone for the rest of the discussion. If the listener doesn’t know who you are or why they should listen to you, they’ll have a hard time paying attention to what you have to say.

Customize Your Elevator Pitch

Startups understand the importance of the elevator pitch, which is a pithy statement about the company that could be delivered to an investor, partner or customer in the span of a brief elevator ride. The most effective pitch is not only succinct, but has also been customized to the situation and delivered with the understanding of the listener’s needs.

The pitch should clarify the nature of your product and outline its key benefits from the perspective of the other party’s needs. This helps the listener confirm that they are about to engage in a discussion that’s relevant to them. Does your technology minimize the effectiveness of client-side exploits? Or maybe it helps enterprises find intruders by laboriously sifting through security logs? Perhaps it blockades adversaries’ command and control activities? Detects lateral movement? Whatever the benefit, make sure you don’t sound like every other security firm that touts solutions for high-level needs such as compliance, risk management, threat analytics or cloud services.

Clarify how you’re different from other products on the market that the listener might perceive as being similar. Your approach to solving some security problem might be unique, but there are probably other companies aiming to provide similar benefits. Explain how you’re different (and presumably superior), based on your understanding of the other party’s constraints or priorities. No need to get into details, since you have to be succinct, but it’s good to mention a few key technologies or other means that make your company stand-out.

Don’t attempt to educate the other party about the needs of the industry at large, such as the increasing sophistication of attackers, the challenges of keeping up with vulnerabilities, the disappearing network perimeter, bring-your-device-to-work trends, etc. During your opening statement you can assume that the person knows this; otherwise, they wouldn’t have agreed to have the exploratory conversation in the first place.

Template for the Opening Statement

You might have only 1-2 minutes to make an impression on the other party. One approach to fitting in all the details outlined above in a brief statement is to use a template like this:

  1. Signal your personal credibility in the space relevant to your listener to indicate that you have the potential of assisting the company with their needs.
  2. Acknowledge a few key challenges that you know the listener is facing, hopefully referring to the way your startup has helped other firms in a similar situations.
  3. Share your elevator pitch, briefly explaining the nature of your product in a manner that accounts for the other party’s objectives.
  4. Pause and let the person react to your pitch, so they become engaged in the discussion and so that you know how to proceed based on their feedback.

You’ll encounter a variety of situations. There are plenty of scenarios where these tips for forming a good first impression need to be adjusted. Perhaps this advice helps you define a foundation that you’ll tweak based on you own experiences and other unique aspects of your situation.

Updated

About the Author

Lenny Zeltser is a seasoned business and tech leader with extensive cybersecurity experience. He builds innovative endpoint defense solutions as VP of Products at Minerva Labs. Beforehand, he was responsible for security product management at NCR Corp. Lenny also trains incident response and digital forensics professionals at SANS Institute. An engaging presenter, he speaks at industry events, writes articles and has co-authored books. Lenny has earned the prestigious GIAC Security Expert designation, has an MBA from MIT Sloan and a Computer Science degree from the University of Pennsylvania.

Learn more