To bring PLG to cybersecurity, let’s change our hiring habits

Product-led growth (PLG) is more about the company’s mindset than it is about the product. There is a lot a company needs to do to succeed with a PLG strategy, and hiring product managers is not enough — neither can it be the first step. However, having the ability to attract the right talent is critical.

For product-led growth to become commonplace in cybersecurity, there needs to be enough product talent with the right mindset and level of maturity required for PLG. However, cybersecurity is a deeply specialized discipline, so while the specialized security knowledge isn’t mandatory, it does help ease the learning curve.

There lies the fundamental challenge in hiring product managers in cybersecurity who have experience working with PLG. The inherent complexity of cybersecurity makes it harder for outsiders to hit the ground running quickly. Companies understand that, so they default to hiring product managers with background or experience working in security. And, product managers with experience in cybersecurity often have little experience of building an effective product culture or working in PLG companies in general.

It’s not uncommon to see cybersecurity startups trying to do two things at once. On one hand, they recognize that being resourceful, agile and innovative is their only way to succeed. They want to embrace product-led growth, experiment with new ways to get in front of customers and build a strong culture focused on adding value and solving hard problems.

On the other hand, they value industry experience, so they end up hiring product, sales and marketing professionals from large, enterprise companies who come with already formed ideas about “how the industry works and what it takes to build/sell products.”

If you hire a bunch of experienced people from prominent cybersecurity enterprises, what you get is not PLG; you get the enterprise.

Where to look for product leaders with a passion for PLG

To see more PLG startups in cybersecurity, we need to break our hiring habits. Here are a few actionable ways to do it.

Hire people with no background in security

If you choose to only hire people with cybersecurity product management experience, you are limiting your options to those who have worked in the large enterprises you’re trying to disrupt. Why do you think they’ll innovate after joining your startup?

While a strong understanding of security is important for many technical product management roles, problem areas such as product adoption, activation, engagement and retention can most definitely be owned by product leaders with experience in other industries.

Shortening the time to value looks similar no matter the industry — don’t get swayed by the “15 years of experience” argument. It doesn’t take that long to understand the industry, and I am proud to be a living example of this.

Hire people with experience in developer tools

As cybersecurity matures, it is starting to look more and more like software engineering. This is where product managers with experience building developer tools can add a lot of value. They often possess both solid technical backgrounds and experience with product-led growth — a powerful combination for technical security products targeting security engineers, security architects and other technical security professionals.

Today, it’s relatively easy to find product leaders who have a combination of PLG and developer focus.

Hire people with experience in the consumer space

B2B enterprises are about two to five years behind when it comes to customer expectations. Users today expect B2C experiences all around. If it takes you 15 minutes to sign up for a ride-share app and get to another part of the town, it can’t take you four weeks to get access to the cybersecurity product.

Look for product managers with strong customer empathy, the ability to make data-informed decisions and a keen eye for user experience.

Hire people passionate about their craft

Hire product managers passionate about building great products. Look for people who maintain a connection with the product community, read a lot, ask the right questions and continuously expand their network.

Great ideas rarely emerge when a few folks from the same industry complain about the same problem; they are born at the intersection of experiences, ideas, approaches and industries.

What to look for when hiring product managers

Among the many skills and capabilities that make product managers successful, look for the following when hiring product leaders for PLG startups.

The ability to build bridges

Embracing a product-led growth mindset in traditional marketing- or sales-led organizations requires a lot of change management, communication and building bridges. That’s true for startups choosing to be PLG from day one.

While good communication skills are important for anyone working on product, it is especially critical for those shaping the organizational change.

A beginner mindset

Cybersecurity is a very dynamic industry, so preserving a beginner’s mindset is a prerequisite for a successful product career in this space. Maintaining curiosity, listening more than talking, maintaining a low ego and continuously looking to improve will help to stay on top of any changes and industry shifts.

Customer discovery

Customer discovery is a critical skill for product managers in PLG companies.

To understand and deliver what users value, they need to be able to dig beyond the surface, develop continuous discovery habits, practice active listening, ask powerful questions and draw insights from qualitative and quantitative data.

User experience

User experience is critical for PLG startups. Product managers should have a passion for good user experience and be interested in collaborating with designers, engineers, user researchers and other professionals to make good decisions.

A focus on metrics

People leading product in PLG cybersecurity startups should have a solid grasp of metrics relevant to product-led companies, including:

• Time to value.
• Average revenue per user.
• Customer lifetime value.
• Virality and network effects.
• Expansion revenue.
• Cost of revenue.

It is not enough to understand what they are; it’s critical to understand how they all work together and impact one another and how each one can be moved.

What to consider before hiring product managers

Product-led growth is much more than a go-to-market strategy — it is an organizational mindset that defines how the company thinks, makes decisions and executes. Hiring the right talent is a prerequisite for successfully embracing PLG, but it is not nearly enough.

Before expanding the team, companies looking to adopt PLG should closely examine both their readiness for change and the willingness to commit and do what’s required to get it right. This includes:

• If a company is transitioning from a traditional, sales-led model, it must be truly willing to disrupt itself, giving product leaders the control and the level of influence to drive revenue, user acquisition and business growth.
• Ensuring that customers are happy with the level of support the company provides and closing gaps (if any). For PLG to be successful, customers will need to be happy to keep using the product and not churn.
• Looking for ways to align the whole organization around the PLG strategy. It’s the job of the company leadership to get all functions on board with the future vision and give them certainty about their future in this new world.
• Working with sales, marketing and customer service to ensure that they are ready to change the way they have worked before and have what they need to succeed in the new world. Make hiring decisions to ensure that the people performing and leading these functions can thrive in a PLG environment.
• Being intentional about organizational design and finding ways to reduce conflict, build empowered cross-functional teams and foster collaboration across the company.

Hiring good product leaders is hard, but it’s also the easiest out of all the things the company needs to get right for the PLG to succeed.

Closing thoughts

Over the past five years, customer expectations have been shifting toward easy-to-use, easy-to-evaluate and easy-to-buy solutions. The cybersecurity industry is just starting to realize the importance of embracing new ways of thinking and doing business — one example of such innovation is the move from sales- and marketing-led growth to product-led growth.

Cybersecurity companies that can get out of the short-term mindset and become open to hiring PLG product leaders without a background in security will set themselves up for success in the long term. Other B2B industries, the consumer space and developer tools can provide a healthy pipeline of product talent a product-led company will need to succeed.