Conversation
Highlights

The Hidden Complexity of Enterprise Cybersecurity Sales: Lessons from Qohash’s Journey

Most cybersecurity startups begin with technical innovation. But as Qohash CEO Jean Le Bouthillier discovered, success in regulated markets demands something less obvious: a methodical approach to building trust and distribution.

In a recent episode of Category Visionaries, Jean shared how his company faced an unconventional challenge. Rather than starting with smaller customers, Qohash targeted enterprise accounts from day one. “We started with enterprise accounts first, and so it’s really daunting if you’re launching a new product to find a launch customer, and you’re going to go deploy across 50,000 users from day one,” he explains. “Very difficult and a lot of risk for the customer.”

This enterprise-first approach revealed a crucial insight about the post-COVID cybersecurity landscape. “Cybersecurity buyers are basically overwhelmed,” Jean notes. “They don’t want to be talking with the next 100 startups that have a shiny object. They want to be talking to trusted advisors that have been with them for a while, where they know they’re going to get an unbiased opinion.”

The Path to Channel Partnership

This reality forced Qohash to rethink conventional startup wisdom about rapid scaling. Instead of rushing to channel partnerships, they had to first prove their direct sales capability. As Jean explains, “Why would a channel partner bring your new unproven product to market? You have to sell it directly first. You have to demonstrate you can sell it. You have to have a sales process for the channel partners to decide to take it on.”

The investment in direct sales proved crucial. Channel partners offered access to “a much vaster pipeline of qualified opportunities where they have trust, credibility and attention,” Jean observes. “And these are the three things a startup can’t buy, no matter how much capital it raises.”

The Customer Advocacy Challenge

Even with channel partnerships in place, Qohash faced another unique challenge in cybersecurity: getting customers to publicly advocate for their solution. “We are lucky that we have some customers that have given us the authorization to publish case studies, in some cases videos,” Jean shares. “But it has happened to us a few times where we’ve done the case study, we’ve done the video, and at the last minute, the risk department won’t allow it to be published.”

The reason? Companies are wary of revealing their security stack. “They’re fearful about two things,” Jean explains. “Number one, adversaries knowing what they’re using. They don’t want it to be too publicized. And number two, if something ever happened, they don’t want to have statements out there or different comments, especially about their data security posture.”

Building for the Future

Despite these challenges, Qohash has maintained strong growth, with Jean noting they “just wrapped up at about 75% growth” this year. Their focus has shifted from pure growth to efficiency metrics like “reduction of our customer acquisition cost, reduction of the sales cycle, CAC payback.”

The company is now expanding beyond its initial data security posture management category. Jean envisions creating “an AI security analyst” that can automate risk analysis tasks, and potentially integrating cybersecurity insurance into their product. “We have at cohesion, unparalleled view of the real risk as it relates to sensitive data,” he notes. “I think we can do a much better job at modeling the risk than the current 400 year old questionnaire based underwriting approach.”

For founders entering regulated markets, Qohash’s journey offers a crucial lesson: technical innovation alone isn’t enough. Success requires methodically building trust through proven sales processes, strategic channel partnerships, and careful attention to customer advocacy challenges. As Jean puts it, “You have to ensure that people know what you’re doing. It’s also very crowded, so I would qualify it as important but challenging.”