“We’re not even planning on making money at that stage. We just plan on expanding our network exponentially,” Philippe Humeau, CEO of CrowdSec, told his early investors. In a recent episode of Category Visionaries, Philippe revealed how this bold strategy helped his cybersecurity startup secure $21 million in funding while building a network of 110,000 installations – all before focusing on monetization.

The Unconventional Pitch: Network First, Revenue Later

Most startups pitch investors on their revenue potential. CrowdSec took a different approach. “We told them like, we’re not going to do any money. Right? You are conscious of that?” Philippe recalls of his early investor conversations. Instead of immediate revenue, he sold them on the value of the network effect.

This strategy worked. Early investor Breega understood that the true value lay in the network’s potential, not immediate monetization. As Philippe explains, “We’re not even planning on making money at that stage. We just plan on expanding our network exponentially and then we will make money because the value of the signal getting out from the network will be worth a tad.”

Product-Led Growth in a Sales-Led Industry

While most cybersecurity companies rely on enterprise sales teams, CrowdSec embraced product-led growth (PLG). “It’s absolutely PLG,” Philippe emphasizes. “Our clients are mainly in the first place, our users. We are an open source company, an editor.”

This approach has three key components:

1. A free, open-source security tool
2. A console for managing security data
3. Premium signal intelligence services

The strategy creates a virtuous loop: free users generate security signals, which improve protection for all users, which attracts more users, generating more valuable signals.

Why Cybersecurity Companies Struggle with PLG

Philippe offers unique insight into why PLG remains rare in cybersecurity: “For once they are overloaded. There is so much business around that they are very occupied.” This creates a catch-22 for established companies: “It’s really hard for them to be back in the PLG motion because it’s all about listening constantly to your user and modify the product only based on your user feedback.”

He illustrates this with an example: “Even at places like CrowdStrike or Sofos, they are listening to the feedback of their users. But if you can tell like, okay, it will be in the next release next week. No, come on, it’s going to take months.”

The Open Source Challenge

Building an open-source business presents unique challenges. As Philippe explains, there are “two branches if you want in the open source tree.” One believes developers should work for free, which he dismisses as “bullshit.” The other recognizes that “if you want your software to be maintained on the long run by qualified people… you need to pay them.”

This reality creates a funding challenge: “Bringing an open source company to the market is not easy already because you’re telling the investors, guys, we are giving something for free. But trust me, we have a plan.”

From Network to Monetization

CrowdSec’s network has grown to “probably 110,000 installation in two years. And we are going toward a million.” This growth has attracted significant interest: “We had contact with the DoD in the US with tones of banks, of insurance, of ecommerce companies, CMS.”

The company is now entering its monetization phase. With their A round secured, Philippe notes, “This is time for us now to go monetization route.” Their massive network of security signals positions them well for this transition.

Lessons for B2B Startups

CrowdSec’s go-to-market strategy offers several key lessons for B2B startups:

1. Network effects can be more valuable than immediate revenue
2. PLG works best when you’re small and nimble
3. Free users can create substantial enterprise value
4. Open source can be a powerful growth engine if properly funded

For startups considering a similar path, Philippe’s experience suggests that betting on network effects – even at the expense of early revenue – can pay off if you have investors who understand the long-term value creation potential.

In an industry dominated by traditional enterprise sales models, CrowdSec’s product-led, network-first approach stands out as a bold experiment in building value through community before monetization. As they enter their revenue phase, they’ll test whether this unconventional strategy can deliver on its promise of exponential returns.