From zero to 50 customers in 12 months...lessons from SensCy

To sign up fifty customers in first 12 months is no ordinary feat for a cybersecurity startup, especially in such a tough macro environment. How did SensCy pull this off with such speed, class and finesse in its first year? And as it plots its next phase of growth, where does it go from here? But first, let's take a quick look in the rear view mirror - a giddy thirteen year bull run and an era of free money, where a thousand entrepreneurs bloomed every day.

In the past few years, many startups were launched in a hurry, raised capital in a hurry, and hired teams in a hurry. If you ask what market pain many such startups were solving for, the answer was a mish-mash of nonsensical buzzwords. (Yup, it is a gold rush and I too want to get rich quickly). Landing a TechCrunch article was more important than understanding the market pain. Unfortunately, many startups are now stuck in the bottom of the curve - that painful trough of sorrow. Many have quietly martyred in the crash of ineptitude. Pass the tissue, please, I have a few in my portfolio.

In the simple words of Paul Graham, there's only one path to a successful startup: build something people want. Easier said than done. To truly understand what people want is non-obvious. While anyone can whiteboard a lot of ideas, the journey from zero to one - from a mere concept to first customer - is a long and arduous one. It requires considerable time and money to understand, prioritize the customers' pain points. Work on a list of features, design a viable and durable product and secure the first sale.

Startup graveyards are littered with the martyrs who could not "get from zero to a one", and have died along the uphill climb to their first customer. Like skeletons in the desert, crawling slowly towards a mirage, few realized that there was no there there. They were building a hammer in search of a nail, a technology in search of a problem. In other words, they were NOT building something people wanted. They were staying busy, trying to get lucky and get rich.??And they did not read Peter Thiel's book either.

For the few who reached their first customer, going from one to ten is the next significant milestone. This often occurs within an extended network of warm relationships. These initial customers might be your neighbors, your plumber, sometimes your mom, and your dorm-room best friends. But the real challenge begins when you go beyond ten. At this stage, you can no longer solely rely on the love and care of your network. You can no longer call any favors and must deliver crisp, undeniable ROI and substantial value. This is precisely what SensCy faced during its first year, as the company signed up 50 customers in a race to demonstrate its worth and address the burgeoning market demand.

From zero to fifty customers in 12 months

How did a cybersecurity startup pull this off in one of the worst macro-economic market conditions? Ask SensCy customer, William Henderson President of Aircraft Precision Products, Inc. The company makes specialty parts for jet aircraft engines. Its largest customers include Rolls-Royce Royce, the United States Department of Defense (DOD), and 普惠 . People like Bill pride themselves on attributes like manufacturing quality, service, delivery schedules and the protection of sensitive IP - part drawings and proprietary specifications. Prior to engaging with SensCy, their cybersecurity vendors would march in, pay little attention their financial constraints, and suggest they buy two of everything. They assumed Aircraft Precision Products had infinite budgets. Such an approach often hurts small and medium businesses, with an overhead and expense that is not entirely justified. In other challenges, the vendors were simply not up to the mark. With SensCy, Bill found an elegant combination of? (a) ROI & value (b) simplicity and (c) commitment of the team. (Read more here).?

In a short span of 12 months since launch, SensCy has earned the trust of Bill and fifty other customers - these include law firms, PE firms, financial institutions and more. They work with SensCy to build their cyber resilience muscles and improve their risk scores. See visual below of how SensCy has helped its customers to reduce their risk over time.

Some have moved from low risk scores like 100 to a much better 600. Others have crossed the 800 threshold - similar to a robust credit score, which opens doors for better offers on all fronts. Be it customer trust, cyber insurance or vendor relationships, the entire ecosystems benefits. Just as herd immunity reduces the speed of a contagion, such an approach can make our economy resilient to ransomware and other attacks.??Such a clear quantified value proposition makes it easier for startups to get off the ground. But to grow faster, a company has to earn trust and demonstrate competence at scale. Often, this separates the men from the boys.

The National Cybersecurity Alliance estimates about 60% of small businesses shut down within six months of facing an attack. In a BBC report, cyber attacks on small and medium businesses were described as the Achilles heel of the US economy. To address such challenges, SensCy has been retained to assess the cybersecurity posture of a thousand companies. Yes - one thousand companies! Once these thousand companies have completed their security check, this initiative would help them to start to improve their security posture. And for SensCy, it would provide macro level data, trends and insights. Like a satellite view or a heat map, this exercise will help zoom in and out of the hot spots. And eventually, we could see improvements in cyber health across an entire region. To the best of my knowledge, this is a first-of-kind exercise in the country in building cyber immunity across an entire region - and one more step towards a safer digital future. If small companies are the lifeblood of the US economy, and are at such significant risk of shut down, we need robust and cost-effective protective solutions, promptly. My bias as an investor notwithstanding, SensCy and its team has pulled this combination of three vectors

• ROI
• time to value
• quality of service (QoS) -

all three in a superior way than most startups. Clearly, if there is one big lesson from @Senscy's trajectory, it is to combine these three elegantly.

When the founding team started SensCy, a lot of VC nay-sayers, me included, were skeptical about yet another cybersecurity startup. In their investor pitch, the team refused to use the latest buzzwords or nonsensical jargon terms, like AI and Blockchain intertwined in every third bullet point. This was bothersome to many. Were they outdated in their approach? And then of course, the geographic bias did not help. The team did not have its roots in Silicon Valley. Nor did they have their fingerprints on cybersecurity unicorns. Also, the team lacked youthful bluster - no hoodies, no high fives, no tall claims to make dents on the world. With no markers of a hot startup, this was an easy pass for many investors.?

Yet what they had in their favor was far more relevant. A few investors who stepped away from stereotypical patterns, and looked beneath the surface could see the foundational blocks. And these were pretty solid - devoid of the latest fads but firm within their own skin. The CEO had one of the most unique sets of qualifiers -? he had scaled a company from $600 million to $6 billion in revenues, took it public while leading 13,000 employees across the globe. After his operational stint, he managed two venture funds and if that was not enough, he ran for office to become the two-term Governor of Michigan. Which is akin to managing a $60 billion enterprise, with over 50,000 employees. The co-founders had led CIO and CISO level responsibilities across large private enterprises and public / state government organizations, with budgets that ran into hundreds of millions. They had started companies, built cybersecurity programs and created public-private cybersecurity partnerships that had been replicated across many states.?

Above all, the founders brought a fresh way to the cybersecurity sales process - call it an outsider advantage, they did not subscribe to the classical FUD (fear, uncertainty, doubt) based sales tactics. In an industry mired with games, this is the most refreshing aspect of SensCy’s DNA - its culture of trust and transparency. Of engagement and empowerment. Of resilience and results. In helping create a safer digital world, the company has stayed away from stereotypical and rather, it prides itself in being a trusted partner. One you’d call in the middle of the night. “We aspire to be the coach that reduces friction and helps customers to scale '' is a mantra I often hear within the team.??

SensCy’s innate sense of urgency is driven by an inside notion of living in “dog years'' - depending on the breed, that is anywhere from eight to fourteen years. Such a cultural mantra brings a laser-like focus to what matters most. As it grows into its next phase, SensCy has multiple options and in a somewhat envious place - the pathways to growth include partnerships with cyber-insurance providers, with MSPs and trade associations as it helps manage third party risk.?

Scaling requires the right resources - people and money. Having nailed its culture and people, the next step is to work with investors who are aligned with its ethos. Raising capital is a challenge - it always is! There is this delicate dance between founders and investors - between risk and rewards. Between rapid returns and building the right ethos. How much risk needs to be mitigated before investors rush in? With fifty customers on board, surely some risks have been mitigated. But new risks have arisen. Above all, how do we find investors who share the same beliefs and values? This might be the hardest challenge for its team.?

In the day and age of Generative AI, the vast majority of venture investors rightfully gravitate towards the auto-magical and technological solutions. Their belief is that technology that will solve all problems. On the other hand, a counterpoint / belief is that technology has its limitations. Cybersecurity is part human, part technology. SensCy has blended the automation with the human touch elegantly in their offering (while maintaining healthy gross margins). similar to companies like Carta . And the commercial traction supersedes the hype. With fifty customers in 12 months, the fun has just begun. As they say, numbers speak for themselves. For SensCy, the numbers are starting to sing a nice symphony.?

(Credits and Disclosures: Thank you to Simran Kalia for researching, preparing and reviewing early drafts of this post. Secure Octane is an early and a proud investor in SensCy.)