The Front Lines
SubscribeContent Studio
Sivan Tehila.
Founder and CEO · Onyxia
Guest
Sivan Tehila
Founder and CEO
Company:
Onyxia
Location:
New York, New York, United States
Funding:
$5M Raised
Loading episode...
Listen onApple PodcastsSpotify

Building a Category in Cybersecurity: When Excel Sheets Run Fortune 500 Security Programs

Excel sheets running billion-dollar company security programs – this was the reality that drove Sivan Tehila to build Onyxia. In a recent episode of Category Visionaries, the former IDF cybersecurity officer shared a startling discovery that shaped her company's trajectory: "Almost any Fortune 500 CISO I spoke with showed me an Excel sheet that they're managing since they started their position as a CISO in any company."

This revelation exemplifies a broader challenge in enterprise cybersecurity: while companies invest heavily in security solutions, the management of these programs remains surprisingly manual. "It's just unbelievable that in 2023, Fortune 500 companies, sea level people, still need to manage all their efforts in an Excel sheet," Sivan notes.

The journey to address this problem wasn't straightforward. When Sivan first approached investors with the concept of cybersecurity performance management, she encountered significant resistance. "When I started, no one was talking about security performance at all," she explains. "Most of the products in this space were related to GRC governance, risk and compliance, and those more of a traditional risk quantification products."

Rather than conforming to existing categories, Sivan chose to focus on solving the core problem. This decision would prove crucial in navigating the complex dynamics of category creation. "We don't want to build a product that is aligned necessarily with what Gartner's defined category. We want to solve a problem," she emphasizes, highlighting a key lesson for founders creating new market categories.

The emergence of new SEC regulations has created additional momentum for innovative approaches to security management. As Sivan explains, "Companies need to disclose their security programs and strategies, and to have at least one board member with cybersecurity expertise." This regulatory shift has prompted companies to reassess their security management approach: "Many companies I spoke with a while ago got back to me recently and they told me, 'hey, Sivan, we're thinking about your product with their relation to the SEC regulation.'"

For founders entering the cybersecurity space, Sivan emphasizes the importance of precise problem definition. "Because cybersecurity is a very overwhelming space... really doing your research around the problem and define the solution in a very clear way could be very helpful," she advises. The alternative? "Often when investors hear your pitch, they really feel like they heard that 100 times before you showed up."

Looking ahead, Sivan envisions transforming how security leaders start their day. "My dream was to be able to wake up in the morning, like I'm asking Alexa 'how's the weather today?' To be able to go to one place and ask 'what are the top three things I should be afraid of today?'" This vision of seamless security management extends beyond traditional web interfaces – Onyxia has built both web and mobile applications, recognizing that modern security leaders need flexibility in how they access and manage their programs.

The company's approach to fundraising offers another valuable lesson for founders. Rather than rushing to secure capital, Sivan focused on building meaningful relationships with potential investors. "I really felt that I need to build a relationship with my investors," she shares. "Now any investor in my cap table brings value to the company that is not just the money they were putting in."

As cybersecurity continues to evolate, the need for better program management becomes increasingly critical. By focusing on solving a specific, widespread problem rather than fitting into established categories, Sivan demonstrates how founders can successfully navigate category creation while building solutions that address real customer needs.

For B2B founders, the key takeaway isn't just about identifying a problem – it's about having the conviction to solve it in a way that might not fit neatly into existing market categories. As Sivan's experience shows, sometimes the best opportunity lies in challenging the status quo, even if that means taking on the additional challenge of category creation.

Five takeaways from this conversation.

Actionable for Cyber security Builders founders

  1. Leverage Regulatory Tailwinds to Drive Adoption
    Sivan highlights how recent SEC regulations requiring companies to disclose security incidents, programs, and strategies have increased demand for Onyxia's solution. By staying attuned to the regulatory landscape and proactively positioning your product as a compliance enabler, you can ride the wave of urgency and budget allocation that often follows new mandates. Founders should monitor relevant regulations and adapt their messaging accordingly.
  2. Prioritize Investor Fit Over Brand Name in Fundraising
    In her first fundraising experience, Sivan learned the value of building genuine relationships with investors who bring more than just capital to the table. Rather than chasing big-name firms, she focused on finding investors who believed in her vision, provided valuable expertise, and made meaningful introductions. Founders should prioritize investor fit and long-term value alignment over short-term signaling.
  3. Differentiate Through Crisp Problem Definition in Crowded Markets
    To stand out in the noisy cybersecurity market, Sivan emphasizes the importance of crisply defining the specific problem you're solving and articulating why your approach is unique. By avoiding generic buzzwords and focusing on tangible customer pain points, you can cut through the clutter and capture investor attention. Founders should strive for clarity and precision in their problem statements.
  4. Design for Executive Ease of Use with Mobile-First Experiences
    Onyxia differentiates itself by offering a mobile app that enables CISOs to quickly access key insights and manage their security efforts on the go. By designing for the unique needs and workflows of executive users, the company creates a stickier and more valuable experience. Founders should consider how mobile-first design can empower their target personas and drive adoption.
  5. Focus on Solving Customer Problems, Not Conforming to Analyst Frameworks
    While acknowledging the influence of analyst firms like Gartner in shaping market categories, Sivan cautions against building products solely to align with their frameworks. Instead, she advises founders to stay laser-focused on solving real customer problems and trust that the category definitions will evolve to reflect the value they deliver. Don't let analyst taxonomies dictate your roadmap at the expense of customer needs.

More episodes

Joni Klippert
Founder / CEO · StackHawk
Mehul Revankar
Co-Founder & CPO · Quantro Security
Idan Bar-Dov
CEO and Co-Founder · Heka Global
Denny LeCompte
CEO · Portnox