The Front Lines
SubscribeContent Studio
Umaimah Khan.
CEO and Co-Founder · Opal Security
Umaimah Khan is the CEO and Co-Founder of Opal Security. With a rich background in data science and cybersecurity, Umaimah leads Opal with a vision to redefine identity security. Her innovative approach focuses on integrating technology, people, and processes to create robust security solutions that address the complex challenges of identity and access management.
Guest
Umaimah Khan
CEO and Co-Founder
Company:
Opal Security
Location:
United States
Funding:
$32M Raised
Loading episode...
Listen onApple PodcastsSpotify

From Compliance Checkbox to Strategic Imperative: How Opal Security Redefined Identity Governance

Most security tools sell themselves as compliance necessities—features buried in procurement queues, evaluated by junior analysts, approved with minimal executive involvement. Umaimah Khan, CEO and Co-Founder of Opal Security, took the opposite approach. In a recent episode of Category Visionaries, she revealed how transforming identity governance from a compliance obligation into a strategic business priority helped Opal reach $50 million in ARR.

The shift wasn't accidental. It required rethinking everything from product positioning to sales methodology to how technical depth translates into boardroom conversations.

Building for Technical Buyers Who Actually Deploy

Opal's early GTM strategy centered on a crucial insight: identity governance fails when it's purchased by compliance teams but deployed by engineering teams. "We really focused on engineering led sales," Umaimah explains. "So our ICP was companies who had an engineering culture, who are building technology."

This meant designing for practitioners first. Unlike legacy identity governance tools that catered to compliance officers with clunky interfaces and limited flexibility, Opal built for the people who would actually implement and maintain the system. The product needed to integrate seamlessly into existing workflows, support API-first architectures, and handle the complexity of modern cloud environments.

The technical-first approach created a natural expansion path. "We found our best customers were those companies where an engineer discovered us, started using the free tier, then brought us into their organization," Umaimah notes. These weren't top-down mandates—they were bottom-up adoptions driven by teams solving real operational problems.

The Enterprise Sales Pivot That Changed Everything

Despite strong product-market fit with technical teams, Opal hit a ceiling with mid-market deals. The breakthrough came from recognizing that enterprise sales required fundamentally different positioning. "When we started going upmarket and selling to Fortune 500 companies, we realized we needed to change our messaging," Umaimah says. "We weren't just selling to engineers anymore. We were selling to CISOs, to boards, to compliance teams."

The shift required elevating the conversation beyond technical specifications. Identity governance needed to connect to business outcomes: audit readiness, risk reduction, operational efficiency. "We started talking about identity governance as a strategic initiative, not just a compliance checkbox," Umaimah explains. "These were conversations about how identity sprawl creates business risk, how access creep increases attack surface, how manual reviews waste engineering time."

This messaging evolution unlocked larger deals with longer sales cycles. But it also introduced new challenges. Enterprise sales meant navigating complex procurement processes, managing multiple stakeholders, and proving ROI to finance teams who viewed security as pure cost center.

Navigating Technical Complexity in Sales Conversations

One of Opal's biggest GTM challenges was explaining technical depth without losing executive audiences. Identity governance involves intricate concepts—just-in-time access, privilege escalation workflows, entitlement mapping across dozens of systems. "You're trying to explain why dynamic access is more secure than standing privileges, but the person across the table just wants to know if this helps them pass their SOC 2 audit," Umaimah describes.

The solution was creating multiple narrative layers. For CISOs and board members, conversations focused on risk frameworks and compliance outcomes. For VP Engineering, discussions centered on developer productivity and operational overhead. For security engineers evaluating the product, Opal went deep on technical architecture and integration capabilities.

"We had to get really good at reading the room," Umaimah says. "Sometimes you're presenting to a mixed audience—CISO, CFO, and head of engineering all in the same meeting. You need to address everyone's concerns without losing anyone."

Category Creation Through Customer Education

Opal wasn't just selling a product—they were creating a new category. Identity governance existed before Opal, but primarily as a legacy IGA (Identity Governance and Administration) market dominated by tools built for on-premise environments. Cloud-native identity governance was largely undefined.

"We spent a lot of time educating the market," Umaimah explains. "Writing content, doing webinars, speaking at conferences—all focused on why identity governance needs to evolve for modern infrastructure." This content strategy served dual purposes: generating inbound leads while establishing Opal's thought leadership in the space.

The educational approach extended to sales conversations. "We often spent the first meeting just explaining the problem, not even talking about our solution," Umaimah notes. "Many companies didn't realize they had an identity governance problem until we showed them their own access data."

Building Sales Infrastructure for Scale

Reaching $50 million ARR required building enterprise sales infrastructure from scratch. "We had to professionalize everything," Umaimah says. "Hire experienced enterprise AEs, build out sales engineering, create proper deal review processes, implement Salesforce correctly—all the blocking and tackling of enterprise sales."

The team invested heavily in sales enablement. "We created detailed battle cards, competitive positioning documents, ROI calculators, reference architectures," Umaimah explains. "Our sales team needed to handle objections about budget, timing, competitive alternatives, and technical requirements—often all in the same deal."

Perhaps most critically, Opal aligned compensation with strategic goals. "We structured our sales comp to reward larger deals with better margins," Umaimah notes. "We wanted our team focused on enterprise accounts, not churning through small deals."

The Path Forward

Opal's GTM evolution from engineering-led bottoms-up to strategic enterprise sales demonstrates how technical products can scale by connecting deeply technical value to business outcomes. The lesson isn't about choosing between technical and executive buyers—it's about serving both simultaneously with different narratives that ultimately converge on the same solution.

For founders building in complex technical spaces, Umaimah's approach offers a framework: start with practitioners who feel the pain most acutely, prove value in production environments, then systematically build the positioning and processes needed to sell strategically into enterprise accounts.

Five takeaways from this conversation.

Actionable for Cyber security Builders founders

  1. Leverage Personal Experience for Product Development
    Umaimah used her background and recurring themes from her career in cryptography and startups to identify and address gaps in identity security. Founders should look at their unique experiences and insights to find niche problems they are uniquely qualified to solve.
  2. Focus on Early Research and Networking
    Before fully launching Opal Security, Umaimah spent significant time researching and talking to industry experts to shape her understanding and approach to the product. This highlights the importance of foundational research and networking to validate and refine business ideas.
  3. Prioritize User-Friendly Design in Enterprise Solutions
    Umaimah emphasizes the need for enterprise solutions to have high-quality UI/UX to facilitate wider adoption, drawing a parallel to how Slack transformed user expectations. Tech founders should ensure their solutions are accessible and intuitive, regardless of the complexity behind them.
  4. Adapt Go-To-Market Strategies to Fit Product and Market Needs
    Adapt Go-To-Market Strategies to Fit Product and Market Needs: Opal Security’s marketing strategy focuses on cutting through industry noise by being transparent about their product's value and educating potential customers. Startups should consider how they can use educational marketing to stand out and build trust in crowded markets.
  5. Adapt Go-To-Market Strategies to Fit Product and Market Needs
    Instead of following conventional go-to-market strategies, Opal Security developed a bespoke approach that aligns with their enterprise focus and product complexity. This takeaway encourages founders to customize their go-to-market strategies based on specific business conditions and customer requirements.

More episodes

Joni Klippert
Founder / CEO · StackHawk
Mehul Revankar
Co-Founder & CPO · Quantro Security
Idan Bar-Dov
CEO and Co-Founder · Heka Global
Denny LeCompte
CEO · Portnox