Over the past several years, I’ve learned a lot about our industry. A ton was learned by doing (though many readers of my blog know me through writing, I have always been and continue to be a builder and an operator before anything else), and an equal amount was learned by getting exposed to and seeing how things evolve outside of my immediate area of influence. This blog has kind of documented the evolution of my perspectives, and I will be the first to say that on some topics, this evolution has been pretty dramatic, and that much of my thinking today is very different from what it was a few years ago. To put it bluntly, I was completely wrong about way too many things. In today’s blog, I am going to discuss several of these things.

Join me at CyberCEO Summit

The CyberCEO Summit, held Dec 10 in Austin, TX, is where cybersecurity founders, CEOs, and investors come together to learn, connect, and shape the future of our industry. Hear directly from me and your fellow security innovators on scaling, funding, and navigating today’s market and GTM challenges. Meet 1x1 with security industry analysts, investors, influencers, and experts. This event is your chance to network with peers, gain actionable insights & feedback, and build relationships that can accelerate your company’s growth. Don’t miss the conversations that could define your next move or your company’s next big opportunity. CyberCEO Summit culminates in a VIP Founder, CEO, and Investor Dinner.

Cyber innovation doesn’t generally start in the Bay Area and then spread to other companies.

Many people assume innovation in cybersecurity follows a familiar pattern: new ideas start in the most tech-forward companies in the Bay Area and, over time, spread to the rest of the industry. The idea here is that engineering-driven, early-adopter organizations are the proving ground for security solutions, and everyone else eventually matures and follows (this is essentially the crossing the chasm model adapted to cyber). Others in security believe in the opposite path of starting with SMBs, proving the concept, and then moving up-market. That’s basically the whole idea of the innovator’s dilemma, meaning that large incumbents overlook emerging segments, and innovative startups win those markets, which over time allows them to disrupt the legacy players at the top.

Both concepts sound great in theory, and a few years ago, I thought they