From Noise to Signal: How Onyxia Built a Category in the Crowded Cybersecurity Market
Fortune 500 companies running their security programs through Excel sheets – this wasn’t just a rare occurrence, but a widespread reality that shaped Onyxia’s path to category creation. In a recent episode of Category Visionaries, founder Sivan Tehila revealed how this surprising discovery led to building a new category in cybersecurity.
Finding Signal in the Noise
The cybersecurity market is notorious for its noise. Every vendor claims to solve critical problems, making it increasingly difficult to stand out. But Sivan’s approach to differentiation started with a counterintuitive discovery: “Almost any Fortune 500 CISO I spoke with showed me an Excel sheet that they’re managing since they started their position as a CISO in any company.”
This revelation highlighted a crucial gap: while companies invested heavily in security tools, the management of security programs remained surprisingly manual. “It’s just unbelievable that in 2023, Fortune 500 companies, sea level people, still need to manage all their efforts in an Excel sheet,” Sivan notes.
Breaking Free from Category Constraints
Instead of fitting into existing categories like GRC (Governance, Risk, and Compliance), Onyxia chose to create a new one. “When I started, no one was talking about security performance at all,” Sivan explains. “Most of the products in this space were related to GRC governance, risk and compliance, and those more of a traditional risk quantification products.”
This decision to forge a new path came with challenges, particularly in fundraising. However, Sivan maintained her focus on solving the core problem rather than conforming to established categories. “We don’t want to build a product that is aligned necessarily with what Gartner’s defined category. We want to solve a problem,” she emphasizes.
Targeting the Right Market Segment
Rather than trying to serve everyone, Onyxia made a strategic decision to focus on more mature organizations. “We’re focusing on mid sized companies and enterprises,” Sivan explains. “Companies that are less mature usually don’t have enough security products, so we can’t give them the value they need.”
This focus helped Onyxia avoid the common startup trap of trying to be everything to everyone. Instead, they concentrated on organizations where the pain point was most acute and where their solution could provide the most value.
Leveraging Regulatory Tailwinds
The emergence of new SEC regulations provided additional momentum. Sivan notes how this external factor validated their category: “Many companies I spoke with a while ago got back to me recently and they told me, ‘hey, Sivan, we’re thinking about your product with their relation to the SEC regulation.'”
Building for the Future
Looking ahead, Onyxia isn’t just creating a new category – they’re reimagining how security leaders work. “Were talking about performance, or performance management, but the way I see Onyxia is really becoming a platform that combines different solutions for security leaders to manage all their security efforts in one place,” Sivan explains.
For B2B founders looking to create new categories, Onyxia’s story offers several key lessons. First, look for widespread manual processes in large enterprises – they often signal significant opportunities. Second, don’t let existing category definitions constrain your vision. Finally, focus on solving real problems rather than fitting into predefined boxes.
The most successful category creators often don’t set out to create categories – they set out to solve problems that existing categories have overlooked. In Onyxia’s case, that meant challenging the assumption that Excel sheets were an acceptable tool for managing enterprise security programs.
Twitter
facebook
linkedin