Ready to build your own Founder-Led Growth engine? Book a Strategy Call
Frontlines.io | Where B2B Founders Talk GTM.
Strategic Communications Advisory For Visionary Founders
David’s journey shows that unconventional backgrounds can lead to significant innovation in tech. Encourage diversity of experience in your team to foster unique problem-solving approaches.
The origins of Mayhem in academic research underscore the value of university projects as springboards for startup ideas, especially in deeply technical fields like cybersecurity.
Mayhem’s shift towards PLG highlights its effectiveness in the tech industry. Focus on building a product that sells itself through its utility, enhancing both user acquisition and expansion.
David’s approach to redefining market categories and educating analysts and customers alike emphasizes the importance of clear communication about your product's value proposition and the new categories it may create.
The vision for Mayhem to fully automate the cycle of finding and patching software vulnerabilities exemplifies how automation can be a game-changer for scaling solutions in complex fields like cybersecurity. Invest in technologies that automate critical, yet repetitive tasks to enhance efficiency and effectiveness.
Breaking Through the Cybersecurity Echo Chamber: Mayhem’s Unconventional Path to Growth
The halls of Black Hat and RSA conferences echo with near-identical pitches: “Without us, you’ll get hacked.” “The last breach cost a billion dollars.” But in a recent Category Visionaries episode, Mayhem founder David Brumley revealed how rejecting this fear-based paradigm has powered their growth trajectory.
“That’s kind of like saying everyone should buy tornado insurance because the last person who had a tornado had their house destroyed,” David explains, highlighting the industry’s problematic relationship with fear-based marketing. Instead, Mayhem took a radically different approach: brutal honesty about their limitations.
From Academic Theory to Market Reality
The journey began with a controversial academic paper in 2010 that proposed automating the discovery of zero-day exploits. “We got made fun of by a lot of people in industry at that time,” David recalls. “I remember sweating over Christmas once as a very famous security person in the enterprise space was making fun of the work.”
But rather than engaging in public debate, the team doubled down on proving their technology. The breakthrough came through DARPA’s Cyber Grand Challenge, a $60 million initiative to develop autonomous security systems. Mayhem’s victory not only validated their approach but provided $2 million in seed funding to commercialize their technology.
Redefining the Value Proposition
Early interest came from defense and offense-focused organizations, but Mayhem made a critical strategic decision. “We’re not really interested in becoming an offense company,” David explains. “We wanted to protect computers to make them safer.”
This led them to focus on companies where security and business operations are inseparable. “When you look at our customers, like Cloudflare and Roblox, a hack brings down their entire business,” David notes. “If someone takes down a Cloudflare node, they’re not making money.”
The PLG Pivot
Initially following the traditional enterprise sales playbook, Mayhem noticed a recurring problem. “What we’re finding sometimes is we’d have the leader who wanted to buy had the pain point and the leader had his team implemented it, but the implementation team was overworked,” David shares.
This led to a strategic shift toward product-led growth (PLG) eighteen months ago. The move yielded unexpected benefits beyond just bottom-up adoption. “The old way is you set up a sales team and everything on your website is getting someone to fill out a contact me form,” David explains. “The other kind of unexpected advantage of the PLG Motion is it just reduces the time for those enterprise customers to do a pilot because often they’re already using it.”
Breaking Through Market Noise
In an industry where vendors race to report the most vulnerabilities, Mayhem took the opposite approach. “We’re never going to tell you that we found every issue. People who do are flat out lying to you,” David states. “But for us, our goal is just to every time we tell you something, we can show you an actual exploit, we can prove it.”
This commitment to quality over quantity has driven strong land-and-expand dynamics. As David notes, “I don’t think we’ve had anyone reduce the size of mayhem.”
Navigating Category Creation
Rather than trying to create or fit into analyst-defined categories, Mayhem focuses on technical differentiation. “I think that the categories are really defined by the analysts, and the analysts really don’t know what they’re doing,” David candidly shares. Instead, they educate analysts on “what are the real differences between the tech out there and why one might succeed and one might not.”
Looking Forward
Mayhem’s vision extends beyond just finding vulnerabilities. “What really changed, why we’re different and why DARPA had this challenge was we designed our approach so that the whole system could be autonomous,” David explains. Their system can find bugs, propose patches, test them for security and performance impacts, and deploy them – all within 30 seconds.
The company’s journey demonstrates that even in a mature, noisy market like cybersecurity, there’s still room for companies willing to challenge conventional wisdom. By focusing on technical excellence over fear-based marketing, embracing PLG while maintaining enterprise sales capabilities, and prioritizing customer value over analyst categories, Mayhem has carved out a unique position in the cybersecurity landscape.
CEO, Co-Founder of Strike Graph
Justin Beals, CEO of Strike Graph: $12 Million Raised to Build the Future of Automated Security and Compliance
CEO of Nisos
David Etue, CEO of Nisos: $33 Million Raised to Build the Future of Managed Intelligence
CEO & Co-Founder of Nudge Security
Russell Spitler, CEO & Co-Founder of Nudge Security: $17 Million Raised to Build the Future of SaaS Security
CEO and Co-Founder of Opal Security
Umaimah Khan, CEO & Co-Founder of Opal Security: $32 Million Raised to Build the Future of Identity Security
CEO of CrowdSec
Philippe Humeau, CEO of CrowdSec: $21 Million Raised to Build the Future of Cyber Threat Intelligence
CEO and Co-Founder of Anjuna
Ayal Yogev, CEO and Co-Founder of Anjuna: $42 Million to Build The Future of Confidential Computing
CEO of Qohash
Jean Le Bouthillier, CEO of Qohash: $20 Million Raised to Build the Future of Data Security
VP of Marketing of ThreatModeler Software
Why 99% of Cybersecurity Marketers Are Doing Demand Gen Wrong
CEO and Founder of HacWare
Tiffany Ricks, CEO and Founder of HacWare: $2.6 Million Raised to Build the Future of Security Awareness
CEO and Co-Founder of Perygee
Mollie Breen, CEO and Co-Founder of Perygee: $6.4 Million Raised to Build the Future of IT/OT Security
Founder and CEO of Onyxia
Sivan Tehila, Founder and CEO of Onyxia: $5 Million Raised to Build the Future of Cybersecurity Performance Management
CEO, Advisor, GTM IT/IS, xCMO CEO, Advisor, GTM IT/IS, xCMO of Marticulate
Should You Really Become a Fractional CMO? (Ft. Carolyn Crandall)
Founder of Sweepatic
Stijn Vande Casteele, Founder of Sweepatic: $4.4 Million Raised to Build the Future of External Attack Surface Management
CEO and Co-Founder of VISO Trust
Paul Valente, CEO and Co-Founder of VISO Trust: $17 Million Raised to Build the Future of Third-Party Cyber Risk Management
Vice President of Marketing of iVerify
How iVerify’s First Marketing Hire Built a Research-Driven Engine
CMO of Blackbird.AI
How to Create a Category: Dan Lowden’s 8-Exit CMO Playbook
CEO & Co-Founder of ElastiFlow
Robert Cowart, CEO & Co-Founder of ElastiFlow: $8 Million Raised to Power the Future of Network Performance and Security Analytics
CEO and Co-Founder of Prelude
Spencer Thompson, CEO and Co-Founder of Prelude: Over $30 Million Raised to Build the Future of Continuous Security Testing
CEO and Co-Founder of CalypsoAI
Neil Serebryany, CEO & Co-Founder of CalypsoAI: $38 Million Raised to Power the Future of AI Security
CEO of StrongestLayer
How StrongestLayer achieved 85% meeting-to-POC and 100% POC-to-win rates using transparent one-week pilots | Alan LeFort
CEO and Co-Founder of Tamnoon
Marina Segal, CEO & Co-Founder of Tamnoon: Over $5 Million Raised to Build the Future of Cloud Security
CEO & Co-Founder of Cloaked
Arjun Bhatnagar, CEO of Cloaked: $25 Million Raised to Build the Future of Data Privacy
Marketing Director of Right-Hand Cybersecurity
Rodrigo Leme, Marketing Director at Right-Hand Cybersecurity: Standing Out in a Crowded Market – Niche Targeting and Customer-Centric Approach
CEO & Co-Founder of Entro Security
Itzik Alvas, CEO & Co-Founder of Entro Security: $24 Million Raised to Build the Future of Non-Human Identity Management
CEO & Founder of Silent Push
Ken Bagnall, CEO & Founder of Silent Push: $22 Million Raised to Transform Threat Intelligence Through Adversary Infrastructure Monitoring
CEO and Founder of Dropzone AI
Edward Wu, CEO & Founder of Dropzone AI: $20 Million Raised to Build the Future of AI SOC Analysts
CEO & Founder of VU Security
Sebastian Stranieri, CEO & Founder of VU Security: $24 Million Raised to Build the Future of Digital Identity & Fraud Prevention
CEO and Founder of SecurityPal
Pukar Hamal, CEO and Founder of SecurityPal: $21 Million Raised to Power the Future of Customer Assurance
CEO & President of Intrusion
How the ex-White House CIO turned around a failing cybersecurity company by fixing the product first | Tony Scott
Co-Founder and Co-CEO of Permiso Security
Jason Martin, Co-Founder and Co-CEO of Permiso Security: $10 Million Raised to Build the Future of Cloud Security
CEO & Founder of Trusona
Ori Eisen, CEO & Founder of Trusona: $38 Million Raised to Power the Future of Account Takeover Prevention
CEO & Co-Founder of Huntress
Kyle Hanslovan, CEO of Huntress: $160 Million Raised to Build the Future of Managed Security
CEO & Co-Founder of Dasera
Ani Chaudhuri, CEO & Co-Founder of Dasera: $21 Million Raised to Build the Future of Data Security
CEO of Beyond Identity
Tom “TJ” Jermoluk, CEO of Beyond Identity: $200 Million Raised to Build the Future of Multi-Factor Authentication
CTO & Co-Founder of Vali Cyber
Austin Gadient, CTO & Co-Founder of Vali Cyber: $15 Million Raised to Build the Future of Linux Security
CEO of Glasswall
Danny Lopez CEO of Glasswall: $60+ Million Raised to Make the Content Disarm and Reconstruction (CDR) Category Mainstream
Founder and CEO of Calamu
Paul Lewis, CEO of Calamu: $20 Million Raised to Build the Cyber Storage Category
Chief Marketing & Alliances Officer of DataDome
Aurelie Guerrieri, Chief Marketing & Alliances Officer at DataDome: 20 Years in Silicon Valley – Insights on the Evolving Tech Landscape
CEO of Allure Security
Josh Shaul, CEO of Allure Security: $6 Million Raised to Help Businesses Win the Battle Against Online Scammers
CEO of SolCyber
Scott McCrady, CEO of SolCyber: $20 Million Raised to Build the Future of Managed Security
CEO and Founder of Gomboc
Ian Amit, CEO & Founder of Gomboc: $5 Million Raised to Build the Future of Cloud Security Remediation
Founder & CEO of Anagram
Harley Sugarman, Founder & CEO of Anagram: $10 Million Raised to Transform Human-Driven Security
CEO & Co-Founder of Monad
Christian Almenar, CEO of Monad: $19 Million Raised to Solve the Cybersecurity Big Data Problem
CEO of Clear Skye
John Milburn, CEO of Clear Skye: More Than $20 Million Raised to Build the Future of Identity and Access Governance
CEO & Co-Founder of Hush
Mykolas Rambus, CEO & Co-Founder of Hush: $7.5 Million Raised to Build the Future of Data Privacy
Senior Director of Product Management and Marketing of Axiado Corporation
Building Marketing Guidelines That Actually Stick Across Teams
CEO & Co-Founder of Vaultree
Ryan Lasmaili, CEO of Vaultree: $16 Million Raised to Build the World’s First Fully Functional Data-in-Use Encryption
CEO & Co-Founder of Cyrebro
Nadav Arbel, CEO & Co-Founder of Cyrebro: $51 Million Raised to Build the Future of ML-Backed MDR
CEO of SnapAttack
Peter Prizio Jr, CEO of SnapAttack: $8 Million Raised to Power the Future of Threat Management
Head of Marketing of Exein
Long Game Marketing: Building Trust in High-Stakes B2B Sales
CEO and Co-Founder of IriusRisk
Stephen de Vries, CEO and Co-Founder of IriusRisk: $40 Million Raised to Build the Future of Threat Modeling
CEO and Co-Founder of Gem Security
Arie Zilberstein, CEO and Co-Founder of Gem Security: $34 Million Raised to Power the Future of Cloud Detection and Response
Director of Marketing and Communications of Peak Metrics
How PeakMetrics Turns Product Data Into Marketing Gold
CEO & Co-Founder of Staris AI
Adam Cecchetti, CEO & Co-Founder of Staris AI: $5.7 Million Raised to Build Total Context Security for Application Protection
CEO & Co-Founder of Vicarius
Michael Assraf, CEO of Vicarius: $29 Million Raised to Build the Future of Vulnerability Prioritization
CEO and Founder of Strata Identity
Eric Olden, CEO and Founder of Strata Identity: $42 Million Raised to Build the Identity Orchestration Category
VP of Marketing of Shift5
From the Pentagon to B2B: Colby Proffitt’s Journey and ABM Insights
CEO and Founder of XONA
Bill Moore, CEO and Founder of XONA: $30 Million Raised to Build the Future of OT User Access
CEO and Co-Founder of Cleafy
Matteo Bogana, CEO & Co-Founder of Cleafy: $12 Million Raised to Build the Future of Online Fraud Prevention
CEO & Founder of Chainguard
Dan Lorenc, CEO & Founder of Chainguard: $250 Million Raised to Power the Future of Software Supply Chain Security
CEO and Co-Founder of OneLayer
Dave Mor, CEO and Co-Founder of OneLayer: $15 Million Raised to Protect Private Cellular Networks
Founder & CEO of Hivewatch
Ryan Schonfeld, CEO of Hivewatch: $25 Million Raised to Build the OS of Physical Security