| I disagree. I manage a multi-million security tools and services budget for a Fortune 20. MY ADVICE:
Focus on go-to-market strategy and value proposition before figuring out security. REASONS: 1. We dodge salespeople like the plague. There’s a reason enterprise sales timelines are 18 months. If we don’t want you first, then expect to chase us for a year plus trying to convince us. 2. Enterprises of a decent size usually have a vendor/supplier/third party risk program. If your service is identified as low risk, then we may have little to no requirements for you. Everyone doesn’t need to provide a SOC2 Type II, align with NIST or certify ISO. 3. Mine your network for prospective enterprise design partners and build something that meets their needs. As your product grows in risk, they’ll let you know what you need to have in order to win or keep their business. ADVICE: - Focusing in security before you have a product is a direct route to failure. - Providing a service that doesn’t require handling sensitive enterprise data means less requirements and quicker onboarding |