Conversation
Highlights

Building a Category in Cybersecurity: When Excel Sheets Run Fortune 500 Security Programs

Excel sheets running billion-dollar company security programs – this was the reality that drove Sivan Tehila to build Onyxia. In a recent episode of Category Visionaries, the former IDF cybersecurity officer shared a startling discovery that shaped her company’s trajectory: “Almost any Fortune 500 CISO I spoke with showed me an Excel sheet that they’re managing since they started their position as a CISO in any company.”

This revelation exemplifies a broader challenge in enterprise cybersecurity: while companies invest heavily in security solutions, the management of these programs remains surprisingly manual. “It’s just unbelievable that in 2023, Fortune 500 companies, sea level people, still need to manage all their efforts in an Excel sheet,” Sivan notes.

The journey to address this problem wasn’t straightforward. When Sivan first approached investors with the concept of cybersecurity performance management, she encountered significant resistance. “When I started, no one was talking about security performance at all,” she explains. “Most of the products in this space were related to GRC governance, risk and compliance, and those more of a traditional risk quantification products.”

Rather than conforming to existing categories, Sivan chose to focus on solving the core problem. This decision would prove crucial in navigating the complex dynamics of category creation. “We don’t want to build a product that is aligned necessarily with what Gartner’s defined category. We want to solve a problem,” she emphasizes, highlighting a key lesson for founders creating new market categories.

The emergence of new SEC regulations has created additional momentum for innovative approaches to security management. As Sivan explains, “Companies need to disclose their security programs and strategies, and to have at least one board member with cybersecurity expertise.” This regulatory shift has prompted companies to reassess their security management approach: “Many companies I spoke with a while ago got back to me recently and they told me, ‘hey, Sivan, we’re thinking about your product with their relation to the SEC regulation.'”

For founders entering the cybersecurity space, Sivan emphasizes the importance of precise problem definition. “Because cybersecurity is a very overwhelming space… really doing your research around the problem and define the solution in a very clear way could be very helpful,” she advises. The alternative? “Often when investors hear your pitch, they really feel like they heard that 100 times before you showed up.”

Looking ahead, Sivan envisions transforming how security leaders start their day. “My dream was to be able to wake up in the morning, like I’m asking Alexa ‘how’s the weather today?’ To be able to go to one place and ask ‘what are the top three things I should be afraid of today?'” This vision of seamless security management extends beyond traditional web interfaces – Onyxia has built both web and mobile applications, recognizing that modern security leaders need flexibility in how they access and manage their programs.

The company’s approach to fundraising offers another valuable lesson for founders. Rather than rushing to secure capital, Sivan focused on building meaningful relationships with potential investors. “I really felt that I need to build a relationship with my investors,” she shares. “Now any investor in my cap table brings value to the company that is not just the money they were putting in.”

As cybersecurity continues to evolate, the need for better program management becomes increasingly critical. By focusing on solving a specific, widespread problem rather than fitting into established categories, Sivan demonstrates how founders can successfully navigate category creation while building solutions that address real customer needs.

For B2B founders, the key takeaway isn’t just about identifying a problem – it’s about having the conviction to solve it in a way that might not fit neatly into existing market categories. As Sivan’s experience shows, sometimes the best opportunity lies in challenging the status quo, even if that means taking on the additional challenge of category creation.