6 Go-to-Market Lessons from Building a New Cybersecurity Category

6 Go-to-Market Lessons from Building a New Cybersecurity Category

Creating a new category in cybersecurity isn’t just about building innovative technology – it’s about fundamentally changing how enterprises think about security management. In a recent episode of Category Visionaries, Onyxia founder Sivan Tehila shared insights from her journey pioneering the cybersecurity performance management category. Here are the key go-to-market lessons that emerged:

1. Start with a Widespread, Manual Pain Point

The most compelling GTM strategies often begin with discovering widespread inefficiencies in enterprise processes. Sivan’s breakthrough came from a surprising discovery: “Almost any Fortune 500 CISO I spoke with showed me an Excel sheet that they’re managing since they started their position as a CISO in any company.” This manual approach to security management in billion-dollar companies signaled a massive opportunity.

2. Don’t Let Analyst Categories Constrain Your Vision

While analyst relationships are important in enterprise software, Sivan warns against letting their category definitions dictate your product strategy. “We don’t want to build a product that is aligned necessarily with what Gartner’s defined category. We want to solve a problem,” she explains. This focus on problem-solving over category conformity has helped Onyxia maintain its innovative edge.

3. Leverage Regulatory Tailwinds

Timing your GTM strategy to align with regulatory changes can accelerate adoption. Sivan noticed this effect with new SEC requirements: “Many companies I spoke with a while ago got back to me recently and they told me, ‘hey, Sivan, we’re thinking about your product with their relation to the SEC regulation.'” The regulation requiring companies to disclose security programs and strategies created natural momentum for Onyxia’s solution.

4. Focus on Enterprise-Ready Features Early

When targeting enterprise customers, product development must prioritize their specific needs. “Companies that are less mature usually don’t have enough security products, so we can’t give them the value they need,” Sivan notes. This insight led Onyxia to focus on mid-sized companies and enterprises where security stacks are more complex and the need for management solutions is more acute.

5. Build Strategic Investor Relationships

Rather than treating fundraising as a transaction, Sivan emphasizes relationship building: “I really felt that I need to build a relationship with my investors.” This approach has paid dividends beyond capital: “Now any investor in my cap table brings value to the company that is not just the money they were putting in.”

6. Differentiate Through Precise Problem Definition

In a crowded cybersecurity market, clear problem definition is crucial. “Because cybersecurity is a very overwhelming space… really doing your research around the problem and define the solution in a very clear way could be very helpful,” Sivan advises. Without this clarity, “often when investors hear your pitch, they really feel like they heard that 100 times before you showed up.”

For B2B founders, these lessons highlight a crucial truth: successful category creation isn’t just about technology innovation – it’s about identifying and solving widespread enterprise problems in ways that challenge conventional approaches. As Sivan’s experience shows, sometimes the biggest opportunities lie in automating processes that have remained stubbornly manual, even in the largest enterprises.

The key is to maintain focus on solving real problems while building the infrastructure and relationships necessary for enterprise adoption. As security requirements become more complex and regulatory pressures increase, the companies that succeed will be those that can translate deep industry understanding into solutions that make security leaders’ lives meaningfully easier.