Conversation
Highlights

I’ll write a long-form article based on the interview with Ian Amit of Gombach, focusing on his go-to-market journey and lessons learned.

From Security Executive to Founder: How Real-World Pain Points Shape Better GTM Strategies

Most cybersecurity startups begin with a technical solution searching for a problem. In a recent episode of Category Visionaries, Ian Amit shared a different path: building Gombach from the perspective of someone who lived through the pain points firsthand.

“My career is essentially the story of stepping up the ladder one step at a time, building a lot of experiences and learning from the field,” Ian explains, describing his journey from pentester to CISO. This progression wasn’t just career advancement – it was accumulating insights that would later shape his approach to building and marketing a security product.

The Reality Check: A Year to First Customer

While many founders rush to market with minimal viable products, Ian took a different approach. “This is not your typical ‘oh, let’s build a security product that’s a single pane of glass,'” he shares. “This is actual deep tech where we’ve had to build AI algorithms that did not exist before, they only existed in the academic world.”

This commitment to solving fundamental problems rather than creating surface-level solutions meant a longer path to market. “It took a year. It took even a little over a year,” Ian admits about landing their first paying customer. This timeline might seem slow in an industry that celebrates rapid deployment, but it reflects a deeper truth about building transformative security solutions: sometimes, doing it right takes longer than doing it fast.

Marketing Philosophy: The Anti-Spam Approach

Perhaps the most striking aspect of Gombach’s go-to-market strategy is how it’s shaped by Ian’s experience on the receiving end of security vendor marketing. “In one word, painful,” he describes his experience as a CISO dealing with vendor outreach. This firsthand experience led to what he calls an “in your face realistic” marketing approach.

Instead of the common spray-and-pray tactics, Ian’s team focuses on understanding prospect contexts before engagement. When challenged about this targeted approach versus traditional high-volume strategies, he offers a compelling counter-argument: “You’re right. This is a numbers game. And if you aim correctly and you do your homework, you’re going to get a much higher hit rate for the shots that you do take versus just spamming the entire world.”

The Power of Market Category Creation

One of the most interesting aspects of Gombach’s journey is their approach to market category definition. “We don’t necessarily have a defined market category,” Ian explains. While this might seem like a challenge, it’s actually an opportunity. By focusing on cloud security remediation, they’re helping to define a new category that addresses a critical gap in the market.

This category creation approach isn’t just marketing – it’s tied directly to customer pain points. “I do not want any more detection,” Ian quotes his peers saying. “This is becoming a liability for me to know more about the issues that I have in my environment.”

The Critical Go-to-Market Decision

When asked about his most important go-to-market decision, Ian’s answer reveals a sophisticated understanding of B2B dynamics: “It is defining our target audience as the security leaders.” This might seem obvious, but it’s more nuanced than it appears. While their product delivers code-level solutions that DevOps teams implement, the decision to target security leaders acknowledges where the real pain point and buying power intersect.

Looking Beyond Security

Ian’s vision extends beyond just security fixes. “What we’re doing is essentially taking away a lot of the toil and the grunt work that engineers are doing when they’re building and maintaining their cloud environment,” he explains. This broader vision suggests a path to expansion that stays true to their core value proposition while addressing adjacent problems.

For founders building in the security space, Ian’s journey offers valuable lessons about the power of experienced-based product development, thoughtful go-to-market strategies, and the importance of solving fundamental problems rather than chasing quick wins. Sometimes, the best way to disrupt an industry is to first understand it deeply from the inside.