← Back to Library

To solve security problems, you don’t have to build a security company

By Ross Haleliuk · Venture in Security · · 14 min read

I have been thinking about this idea for a while, but only recently reached the point where I can clearly visualize how it actually works, so here it goes. If you were to ask security founders what they think are the best ways to make companies more secure, they would probably tell you different ideas about getting CISOs to buy new security tools. That’s not wrong per se - CISOs control security budgets, set strategy, and are responsible for the organization’s security posture. This thinking, however, is very limited for a simple reason: some of the biggest improvements in security have come from products that were never sold as “security” at all.

In this issue, I discuss the concepts of security as the product vs. security as a byproduct, and what they mean for founders.

This issue is brought to you by… Maze.

AI Agents That Triage Vulnerabilities for You

Vulnerability management is broken -bloated backlogs, endless false positives, and constant pressure. Maze changes that. Our AI agents autonomously triage and resolve cloud CVE findings, cutting out the noise so your team focuses on what truly matters.

Think of it as having expert security engineers on demand: contextual, precise, and always on. Faster fixes, fewer escalations, and finally, a backlog you can get ahead of.

Security as the product vs. security as a byproduct

There are two fundamental ways to deliver security: security as the product and security as the byproduct. When security is the product, security is the core thing the company sells. All the companies we know as security vendors fall under this category, from endpoint detection and response, cloud prevention, to vulnerability scanners and firewalls. Each of these products is marketed and sold more or less the same way: “Hey CISO, if you don’t buy what we are selling, you’ll get breached and/or fail a compliance audit”.

Security as a byproduct, on the other hand, means the customer buys your product for a different primary reason, be it productivity, user experience, cost savings, speed, etc., and security is simply a side effect of using it. The buyer probably doesn’t even think of the product as a “security tool,” but the security benefit is real, measurable, and in some cases far greater than what a traditional security product could deliver. In fact, some of the biggest security improvements came from companies that don’t even market themselves as ...

Read full article on Venture in Security →

This excerpt is provided for preview purposes. Full article content is available on the original publication.