5 Counter-Intuitive Go-to-Market Lessons from Cleafy’s Journey in Cybersecurity

5 Counter-Intuitive Go-to-Market Lessons from Cleafy’s Journey in Cybersecurity

Sometimes, the most valuable startup lessons come from those who break the rules. In a recent Category Visionaries episode, Matteo Bogana, CEO of Cleafy, shared how ignoring conventional wisdom helped build a successful cybersecurity company.

1. Choose Your Market Entry Point Based on Problem Complexity, Not Size

While most cybersecurity startups rush to the US market, Cleafy deliberately started in Europe. “The most important GTM decision that I made has been not to start in the United States,” Matteo reveals. This decision proved strategic as European regulations created more sophisticated fraud challenges, allowing Cleafy to develop deeper expertise before entering the US market.

2. Build Trust Through Knowledge Sharing, Not Sales Pitches

Instead of traditional sales approaches, Cleafy established credibility through their threat intelligence unit, Cleafy Labs. “We prefer to have a market in which we create trust, describe into the market what we are able to see, to identify and to manage in a very neutral way,” Matteo explains. This approach led to presenting at closed-door NATO, Interpol, and FBI events, building trust with key decision-makers.

3. Adapt Your Message to Organizational Structure

Cleafy discovered that messaging needs to vary significantly between traditional enterprises and modern fintechs. With established banks, they navigate organizational silos. As Matteo notes, fintech companies “already have in place a mindset in which there are no silos and no barriers. There is no difference between cybersecurity, application security, fraud management and integrated financial risk.”

4. Time Your Fundraising to Market Maturity

Rather than raising large early rounds, Cleafy grew organically after initial seed funding. “If I would have collected plenty of investments at the very beginning, probably I would have failed,” Matteo reflects, “because the capability of the company to have market and very aggressive and the hypergrowth space at the beginning was not there.” This patience allowed them to wait for market readiness.

5. Embrace Being Early, But Plan for the Long Game

Early market entry required strategic patience. “The market was not actually there. We arrived quite early for the kind of technology that were developing,” Matteo shares. Instead of forcing growth, they spent time building consensus and trust with prospects, creating conditions for future success.

Looking ahead, Cleafy sees AI transforming both attack vectors and defense mechanisms. However, Matteo emphasizes that while AI will automate routine tasks, human expertise remains crucial: “You cannot imagine that there’s going to be an automatic system capable to all the job on its own.”

These lessons challenge common startup assumptions about market entry, fundraising, and growth. By taking the counterintuitive path – starting in a smaller but more complex market, growing organically, and focusing on trust-building over rapid scaling – Cleafy built a sustainable business in the competitive cybersecurity space.

Their journey shows that sometimes the best go-to-market strategy isn’t about following the established playbook, but about understanding where your unique value proposition aligns with market complexity and customer needs.