* There are at least 20 products in the regulatory compliance (GRC) category, and more in the system scanning category.
* What's more, IT security teams resist buying from tiny companies, because they need to integrate their purchases into their processes and need to know that they're going to get long-term support.
* Most GRC products are sold via direct sales teams (pinning their price to over 50k/sale), which makes it hard to compete without a direct salesperson. Security is a category where low price connotes low quality.
* The sales cycle on new security products is very long --- 2-4 months, with high engagement through the process.
I wouldn't do (3) unless I had a really good idea about how to do it in a new way; that idea should be better than "good looking UI", because as soon as customers express a preference for good UI, all your competitors will drop 20k on a designer to get the merit badge.
I have a fairly good idea of the competitors, as I've used most of them, and my ideas are much better than a good looking UI, and working policies - the fact that the largest security company in the world can't even supply those basic things makes me think the areas a good target.
Understood re: 50K sales, and agreed re: steak and stripper sales guy - I already have a guy in mind. Agreed re: long engagement - as an architect in my day job I'm on the other end of the coin daily.
In the general entrerprise space, I'd basically be a ServiceNow equivalent to Remedy - multipronged attack on an established competitor at 80% of the price.
A little confused as to why you, as a sole founder with little hope of securing funding, would choose a direct sales product with a 4 month sales cycle. But, best of luck!
I'm not sure why you don't think I could get a sales guy who owns a chunk of the company. Also conservative, non-ad revenue based products have a better chance of getting investment than the latest chance to make revenue from web services via the oversaturated ad sales market.
I wonder if there's a rule-of-thumb formula that can be applied. "Don't attempt a product with an N-month sales cycle unless you have a company of at least N*M employees."
If you can leverage contacts to shorten the first few sales then a very small team (2-4 people) can endure the true sales cycle until you pick up momentum.
If your contacts own the budget and purchasing, maybe. Otherwise, you're probably deluding yourself to think that personal relationships are going to cut the sales cycle on an enterprise product. The sales cycle on a securty product at a BigCo includes:
* Weeks of presentations and demos (this part you can cut with relationships)
* Weeks of pilot deployment, which in this guy's case will involve coordination between security, architecture, and server IT.
* Weeks of user education and training (something everybody forgets about).
* Weeks of back-and-forth about missing features and requirements.
* Weeks of negotiation for first PO, assuming all the previous stages went well.
* 3-5 months of delay waiting for receivables.
What friendships will do for you in this process is eliminate the hidden "in-between" steps where people get distracted by their real jobs for 1-3 weeks and don't return your phone calls. But most people don't have friends in BigCo's that can simply cut them checks.
Also, when you try to shop this to VC, most of them aren't going to be impressed by the demo and pilot deployments you've secured with your friends.
Most of the entrepreneurs we work with are over 35, and in many cases know and/or have worked with department managers and senior managers who own a budget and can influence purchasing. For the most part they are not selling applications that are mediated directly by IT in the way that a security app would be so some of the friction is taken out of the process. I do agree that for younger entrepreneurs in the security space you are offering a realistic scenario. My comment was more in response to team size vs. sales cycle than the overall thread, I should have been more specific.
* There are at least 20 products in the regulatory compliance (GRC) category, and more in the system scanning category.
* What's more, IT security teams resist buying from tiny companies, because they need to integrate their purchases into their processes and need to know that they're going to get long-term support.
* Most GRC products are sold via direct sales teams (pinning their price to over 50k/sale), which makes it hard to compete without a direct salesperson. Security is a category where low price connotes low quality.
* The sales cycle on new security products is very long --- 2-4 months, with high engagement through the process.
I wouldn't do (3) unless I had a really good idea about how to do it in a new way; that idea should be better than "good looking UI", because as soon as customers express a preference for good UI, all your competitors will drop 20k on a designer to get the merit badge.