5 Critical Go-to-Market Lessons from Gombach’s Journey in Cloud Security

5 Critical Go-to-Market Lessons from Gombach’s Journey in Cloud Security

In a recent episode of Category Visionaries, Ian Amit, founder of Gombach, shared candid insights about building a cloud security remediation platform. His journey offers valuable lessons for founders navigating the complex B2B tech landscape, particularly in cybersecurity.

1. Sometimes Slower is Better: The Value of Deep Tech Development

The pressure to launch quickly can be overwhelming for founders, but Ian’s experience challenges this conventional wisdom. “It took a year. It took even a little over a year,” he reveals about securing their first paying customer. This wasn’t due to inefficiency, but rather a deliberate choice to solve fundamental problems: “This is actual deep tech where we’ve had to build AI algorithms that did not exist before, they only existed in the academic world.”

The lesson? When building transformative technology, rushing to market can be counterproductive. The key is setting appropriate expectations with investors and stakeholders while maintaining focus on solving core technical challenges.

2. Marketing to CISOs: The Anti-Spam Revolution

Having been on the receiving end of countless vendor pitches, Ian developed a radically different approach to marketing: “I refuse to nag people. I refuse to add them to endless mailing lists and kind of bombard them with relentless questions.” Instead of high-volume outreach, his team focuses on research-backed, targeted engagement.

“Take a couple of minutes to take a deep breath and do a little bit of homework,” he advises. “Try to understand what’s the company’s operating environment, what’s the history of the company, of the executive that you’re trying to approach.”

3. Choose Your Target Audience Strategically

Perhaps the most crucial go-to-market decision wasn’t about tactics but audience selection. “It is defining our target audience as the security leaders,” Ian explains. While their product delivers code-level solutions that DevOps teams implement, they recognized that security leaders own the pain point and purchasing decision.

4. Category Creation Requires Patience

Instead of forcing their solution into existing categories, Gombach is helping define a new one. “We don’t necessarily have a defined market category,” Ian acknowledges. This approach allows them to address an emerging need: cloud security remediation. As he notes from conversations with peers, “I do not want any more detection. This is becoming a liability for me to know more about the issues that I have in my environment.”

5. Build for Long-term Value, Not Quick Wins

Rather than creating another security dashboard, Gombach focused on solving fundamental problems. “What we’re doing is essentially taking away a lot of the toil and the grunt work that engineers are doing when they’re building and maintaining their cloud environment,” Ian explains. This approach positions them for expansion beyond security into broader cloud infrastructure management.

The success of this strategy relies heavily on maintaining strong relationships with early adopters. “We still have really phenomenal design partners that stood by us and provided feedback all along the way, and that allowed us to be really accurate and provide solutions that actually address real world problems that CISOs are experiencing.”

For founders building in the cybersecurity space, these lessons highlight the importance of authentic, patient growth over quick wins. Success isn’t just about having superior technology – it’s about understanding your market deeply, choosing your audience strategically, and building relationships that support long-term growth.

As Ian’s experience shows, sometimes the best way to disrupt an industry is to resist the urge to move fast and break things, instead focusing on solving fundamental problems in ways that create lasting value for customers.