7 Go-to-Market Lessons from Calamu’s Category Creation in Cybersecurity
Most cybersecurity companies fail before they start. They show up at Black Hat with the same fear-based messaging, the same layered security approach, the same promises everyone else makes. Then they wonder why decision-makers tune them out.
In a recent episode of Category Visionaries, Paul Lewis, CEO and Co-Founder of Calamu, shared how his company is creating an entirely new category—cyber storage—by protecting data itself rather than adding more infrastructure layers. The GTM lessons from their journey offer a masterclass in breaking through noise, educating markets on mindset shifts, and building a new category from scratch.
Lesson 1: Question the Entire Industry Approach, Not Just Your Competitors
The biggest breakthroughs come from questioning foundational assumptions. Paul spent years in incident response watching companies get “hammered in cyber attacks, like over and over again.” But instead of building a better version of existing solutions, he questioned whether the entire approach was flawed.
“I was going to all the security conferences, and really, quite literally, I got tired of seeing like, 3000 companies selling the same ten things, and none of those things really were working,” Paul recalls. “So I thought there had to be a better way. We have to think about how can we protect the data in a way that we’re not doing so today?”
This led to Calamu’s core differentiation: “Instead of putting layered security on the infrastructure, and instead of trying to protect the network that holds the data, Calamu protects the data itself, regardless of what infrastructure happens to be on.”
For founders, the lesson is clear: if everyone in your industry is solving the problem the same way, that’s your opportunity. The constraint isn’t better execution—it’s better thinking.
Lesson 2: Abandon Fear-Based Marketing in Mature, Saturated Markets
When everyone uses the same playbook, using it louder doesn’t work. Paul recognized that security decision-makers had become numb to doom and gloom messaging.
“It’s not about doom and gloom and it’s not about trying to scare people into buying our product. It’s about understanding that there is a better way,” Paul explains. “We’re not trying to say, hey, you’re going to be the next victim or watch over your shoulder, or you’ve got all these problems with your infrastructure. We’re saying, hey, we live in a real world and there are real world problems and we’re just a solution to help you and help your organization continue to stay in business.”
The contrast with industry standard messaging is stark. “Maybe it worked 15 years ago, but I think today everybody knows all the stats, everybody knows all the problems. Everybody’s tired of hearing about the problems,” Paul notes. “It’s innovative solutions that I think they’re getting the attention and the CEOs are responding, right. They don’t want to hear about how can I be same old and just put another layer of security on or build a bigger wall around the wall.”
When your entire competitive set uses fear, optimism becomes differentiation.
Lesson 3: Start with the Premise That Validates Your Solution
Calamu’s messaging framework begins with an acceptance that traditional approaches fail: breaches will happen. This premise makes their solution essential rather than optional.
“We start with the premise that the bad actor has reached the data. So there’s been a failure somewhere in the system and they’ve actually reached the data,” Paul explains. “So we’re trying to cut through the noise by putting out messaging that the attack has happened. And we need to be comfortable with the fact that attacks continue to happen even with great technologies and great emerging technologies to protect the data. Eventually the data is reached and when the data is reached, that’s where Kalamu kicks in.”
This framing does two things: it positions Calamu as complementary to existing security investments (reducing sales friction), and it creates urgency by focusing on the real problem—what happens when prevention fails.
Lesson 4: Work with Analysts to Shape the Category, Not Just Get Coverage
When creating a new category, analyst relations isn’t about getting mentioned in reports. It’s about education that changes how the market thinks.
“I think analyst relationships are very important and we are working with different analysts. We’re trying to educate. Right?” Paul says. “So we’re not trying to obviously we’d love to get market, we’d love to see if we can get exposure in market, but it’s really more trying to educate because what we’re going through is a change in mindset.”
Gartner now recognizes cyber storage as an emerging category. That validation didn’t come from pitching coverage—it came from educating analysts on a fundamental shift in approach: “We’re changing from this layered security model where we’re layering on more and more security onto the infrastructure, into we don’t have to worry about that so much because we’re really now just trying to protect the data.”
Lesson 5: Expect Adoption at the Bell Curve Ends First
Conventional wisdom says start with early adopters in the middle market. Calamu found the opposite.
“We’re really seeing a real bell curve here. So we’re seeing small, medium businesses are kind of signing up pretty quickly. They get it. They see the value prop. They get it. And then we’re getting a lot of attention from large enterprise, which is interesting to me,” Paul shares. “It’s really the two ends of the bell curve that we’re seeing the most activity right now.”
The reason? Different motivations at each end. SMBs move quickly on clear value propositions. Large enterprises, despite their size, “are innovators. While they typically move slowly, they don’t move slowly, necessarily with cyber. And they see emerging technologies as being very important to their future.”
This pattern challenges standard GTM sequencing. Sometimes the extremes adopt before the middle.
Lesson 6: Solve a Specific Pain Point to Enter, Even with Broad Platform Vision
Calamu’s vision spans all data protection. But their entry point is narrow and specific.
“The first applications that we’re seeing are typically around sensitive data, where there’s a long term data requirement and data has to be moved from on prem to the cloud. And this is a great solution to make that happen,” Paul explains.
This beachhead addresses a critical enterprise concern: “When you go to the cloud, you’re actually putting your hands, your data into the hands of a third party. Right? So for the first time, you’re taking it out of your complete control and you have to control one of the hyperscalers, whether it be Amazon or Microsoft or Google oracle or whoever else. But you have to trust another company. And that’s scary.”
Paul acknowledges they’re actively working to narrow focus further: “We’re kind of multifaceted with benefits that we bring. So we feel like we bring so much benefit, but we can’t boil the ocean. So what we’re trying to do is we’re really trying to zone in on the one thing that is really going to allow us to get to scale.”
Broad platforms win eventually. Specific solutions win initially.
Lesson 7: The Biggest Challenge in Category Creation Is Mindset Shift, Not Product Complexity
Paul is direct about Calamu’s primary GTM challenge.
“The single greatest challenge for us is it’s a change in mindset, right? So nobody really before was thinking about protecting the data at the data layer. They were thinking about protecting the infrastructure. And there’s billions, trillions of dollars spent protecting the infrastructure,” he explains.
But the education curve is shorter than expected. “So we’re not saying you don’t need to do that, but we’re saying, look, that’s not working as well as we all hoped it would work. So let’s look at protecting the data. Even if the data is removed from your control. So changing that mindset is really the greatest thing, the greatest challenge that we’ve had partly education, not a lot of education, because as soon as we kind of talk through it and explain the process and how it works, people kind of get it right away, and then they get excited about it.”
The insight: people resist new categories not because they’re hard to understand, but because they require unlearning old approaches. Once that mental model breaks, adoption accelerates.
Crossing the Chasm in Real Time
Paul’s candid about where Calamu sits in their category creation journey: “We’re right in the middle of crossing it. So we’re in that kind of scary land where we’re not quite at scale. We’re just getting to that point.”
For founders building in crowded markets, Calamu’s approach offers a clear alternative to competing on features or price. Question the fundamental approach everyone else accepts. Message differently. Start with a premise that makes your solution essential. Work with analysts to shape thinking, not just get coverage. Find your specific beachhead even with platform ambitions. And recognize that the hardest part of category creation isn’t building the product—it’s changing how people think about the problem.
The companies that succeed aren’t building better mousetraps. They’re questioning why everyone’s focused on catching mice in the first place.
Twitter
facebook
linkedin