Why Opal Security Chose Engineers Over Compliance Officers as Their ICP

Why Opal Security Chose Engineers Over Compliance Officers as Their ICP

Every B2B product faces a fundamental question: who feels the pain most acutely, and who controls the budget to solve it? These are rarely the same people. Identity governance historically belonged to compliance officers—they owned the regulatory requirements, controlled procurement, and defined success metrics. But they didn’t implement the systems, manage the workflows, or deal with operational failures. In a recent episode of Category Visionaries, Umaimah Khan, CEO and Co-Founder of Opal Security, explained why her team made the counterintuitive choice to target engineers as their ideal customer profile—and how that single decision cascaded through every aspect of product development, go-to-market strategy, and customer success.

The choice wasn’t about market size or buying power. It was about building for the people who would actually use the product.

The Misalignment in Legacy Identity Governance

Traditional identity governance tools reflected their buyer persona. Built for compliance officers, they prioritized audit trails, policy documentation, and regulatory mapping. User experience was secondary. Integration depth didn’t matter—these systems operated as standalone compliance databases, not operational infrastructure.

The problem emerged after purchase. Compliance teams bought the software. IT and engineering teams inherited the implementation. The tools were difficult to integrate, inflexible in practice, and created operational overhead that technical teams resented. Adoption stalled. Workarounds proliferated. The expensive compliance tool became shelf-ware with data quality problems.

Opal saw this dysfunction and made a different bet. “We really focused on engineering led sales,” Umaimah explains. “So our ICP was companies who had an engineering culture, who are building technology.” This wasn’t just go-to-market positioning. It was a foundational product philosophy: build for the practitioners who live with the system daily, not the executives who approve the purchase.

How ICP Selection Shapes Product Architecture

Choosing engineers as the primary buyer fundamentally changed product requirements. Engineers don’t tolerate clunky interfaces or limited flexibility. They expect comprehensive APIs, robust integrations, and the ability to customize workflows. They evaluate tools based on how well they integrate into existing systems, not how they function in isolation.

This meant Opal needed API-first architecture from day one. The product had to integrate seamlessly with the infrastructure tools engineers used—AWS, GitHub, Okta, Snowflake, internal systems. It needed to support programmatic access control, not just point-and-click interfaces. Documentation needed to be technical, comprehensive, and accurate.

“We found our best customers were those companies where an engineer discovered us, started using the free tier, then brought us into their organization,” Umaimah notes. This bottoms-up adoption only works when the product genuinely solves practitioner problems without requiring executive mandate or extensive change management.

The technical depth became a competitive moat. Legacy vendors couldn’t easily retool their compliance-focused products for engineering users. The architecture decisions, integration patterns, and workflow designs were fundamentally different. Opal wasn’t just a better version of existing tools—it was a different category built for different users.

The GTM Implications of Engineer Buyers

Targeting engineers required completely different go-to-market mechanics than selling to compliance officers. Engineers discover tools through technical channels—developer communities, GitHub, engineering blogs, word-of-mouth. They evaluate products through hands-on testing, not vendor demos. They adopt tools that solve immediate problems, not long-term strategic initiatives.

Opal’s GTM strategy reflected these behaviors. Product-led growth became the primary acquisition motion. Free tiers let engineers test the product before involving procurement. Technical documentation served as marketing content. Integration guides functioned as sales materials.

The sales process itself changed. “We really focused on engineering led sales,” Umaimah says. Early conversations centered on technical implementation, not business cases. Proof of value came from engineers using the product to solve real problems, not ROI presentations to executives.

This approach accelerated adoption velocity. When engineers chose Opal to solve their access management problems, implementation was fast because the people deploying the system were the same people who evaluated it. No handoff friction. No misaligned expectations. No enterprise change management overhead.

The Retention Advantage

Perhaps the most significant impact of choosing engineers as ICP came in customer retention and expansion. When the people using your product daily are the same people who chose it, adoption is organic. Usage is high. Value realization is immediate.

Traditional top-down software purchases often struggle with adoption. The executive who approved the budget isn’t using the tool. The team implementing it didn’t choose it. Resistance and workarounds emerge. Value realization takes quarters or years.

Opal’s engineer-first approach created natural expansion paths. Teams that adopted Opal for access management discovered additional use cases. Other engineering teams heard about it internally. Usage expanded organically without sales intervention. The product proved value through daily operational impact, not quarterly business reviews.

This retention profile fundamentally changed unit economics. Lower churn, higher net dollar retention, and expansion revenue driven by product usage rather than sales cycles. The initial sale might be smaller than enterprise compliance deals, but lifetime value was higher.

When Engineer Buyers Become Executive Champions

The engineer-first strategy created an unexpected advantage when Opal eventually moved upmarket to enterprise accounts. “When we started going upmarket and selling to Fortune 500 companies, we realized we needed to change our messaging,” Umaimah says. “We weren’t just selling to engineers anymore. We were selling to CISOs, to boards, to compliance teams.”

But the technical credibility Opal built with engineers became foundational for executive sales. When CISOs evaluated identity governance tools, their engineering teams had opinions. If engineers vouched for Opal’s technical approach, executive conversations started from a position of credibility rather than skepticism.

The transition to enterprise required new messaging—connecting technical capabilities to business outcomes, speaking to risk reduction and audit efficiency. “We started talking about identity governance as a strategic initiative, not just a compliance checkbox,” Umaimah explains. But the product didn’t change. The technical depth that engineers valued became proof points for executive claims about capabilities.

The Compound Effects of ICP Clarity

Choosing engineers over compliance officers as ICP created cascading effects throughout Opal’s business. Product development prioritized API flexibility over compliance reporting. Marketing focused on technical content over executive thought leadership. Sales hired people who could discuss system architecture, not just business value. Customer success measured usage metrics, not just satisfaction scores.

Each of these decisions reinforced the others. Technical depth attracted engineering buyers. Engineering adoption drove organic expansion. Product usage created retention. Retention validated the product strategy. The flywheel accelerated because all the pieces aligned around the same core user.

What This Means for ICP Selection

Opal’s story demonstrates that ICP selection isn’t just about market sizing or buying power. It’s about alignment between who feels the pain, who evaluates solutions, who implements them, and who lives with the outcomes. When these are different people, friction emerges. When they’re the same people, everything moves faster.

The lesson for technical founders: consider targeting the practitioners who will use your product daily, even if they’re not traditional budget holders. Build for their workflows, evaluation criteria, and operational needs. Create bottoms-up adoption paths that prove value before requiring executive approval. The initial deals might be smaller, but the retention, expansion, and word-of-mouth growth can create more sustainable businesses than traditional top-down enterprise sales.

Opal chose engineers over compliance officers because engineers felt the identity governance pain most acutely and would actually use the solution. That clarity shaped everything else—and drove the company to $50 million in ARR.