When CrowdSec’s CEO Philippe Humeau told investors, “We’re not going to do any money,” it seemed counterintuitive. Yet in a recent episode of Category Visionaries, he revealed how this unconventional approach helped build a network of 110,000 users and secure $21 million in funding. Here are five crucial go-to-market lessons from their journey.

1. Network Effects Trump Early Revenue

Many startups rush to monetize, but CrowdSec took a different path. “We’re not even planning on making money at that stage. We just plan on expanding our network exponentially,” Philippe explains. This strategy required conviction and clear communication with investors: “We told them like, we’re not going to do any money. Right? You are conscious of that?”

The bet paid off because they could articulate the long-term value: “Then we will make money because the value of the signal getting out from the network will be worth a tad.” This approach attracted investors who understood that network effects could create more value than early revenue.

2. Don’t Force-Fit Your Category

Rather than squeezing into existing categories, CrowdSec embraced what Philippe calls a “blue ocean strategy.” He observed how others struggled with category definitions: “They’re all pretending to be XDR. I was like but what you do is a CM. Actually, yes, but people have budget for XDR and not for CM.”

Instead of playing this game, CrowdSec focused on solving real problems. As Philippe notes, they built something that crosses traditional boundaries: “We are probably the biggest CTI owners so far because we collect from 100,000 different machines in 175 different countries… Are we just this? No, we’re also an IDS and an IPS.”

3. Product-Led Growth Works Best When You’re Small

While many cybersecurity companies struggle with PLG, CrowdSec made it work by starting early. “PLG is comfortable when you’re a small company,” Philippe explains. “I don’t know how doable it is when you’re a larger one.”

The key? Being able to iterate quickly. As Philippe observes about larger companies: “Even at places like CrowdStrike or Sofos, they are listening to the feedback of their users. But if you can tell like, okay, it will be in the next release next week. No, come on, it’s going to take months.”

4. Open Source Requires Clear Value Creation

Building an open-source business presents unique challenges. Philippe dismisses the idea that developers should work for free as “bullshit,” noting that “if you want your software to be maintained on the long run by qualified people… you need to pay them.”

This reality creates a funding challenge: “Bringing an open source company to the market is not easy already because you’re telling the investors, guys, we are giving something for free. But trust me, we have a plan.”

The solution? Create clear value beyond the open-source product. For CrowdSec, this meant building a valuable network of security signals: “We see 16 million threats per day… We cannot all get them into a block list. It would not be curated enough, it would trigger false positives.”

5. Solve Real Problems, Not Theoretical Ones

CrowdSec’s success came from addressing real-world challenges rather than theoretical ones. As Philippe explains, traditional threat intelligence relies on honeypots, but “the problem with this approach is it’s nothing realistic.”

Instead, they focused on real businesses: “Our clients and our users are sitting in a vertical. They are running real businesses, real machines, belonging, providing real services and being attacked by very real cybercriminals willing to make real money.”

Applying These Lessons

These lessons from CrowdSec’s journey suggest a different approach to building B2B security companies:

1. Focus on network effects early: Build a valuable network before focusing on monetization.
2. Transcend categories: Solve real problems rather than fitting into existing market definitions.
3. Start with PLG: Don’t try to retrofit it later.
4. Create clear value in open source: Have a plan for sustainable value creation.
5. Address real problems: Focus on actual customer challenges rather than theoretical ones.

As Philippe’s experience shows, sometimes the best go-to-market strategy is counterintuitive. By prioritizing network growth over immediate revenue and focusing on real customer problems rather than market categories, CrowdSec built a foundation for long-term success.

Their journey demonstrates that in cybersecurity, as in many B2B markets, the path to success isn’t always about following conventional wisdom. Sometimes it’s about having the courage to take a different approach entirely.