Since starting Rulebase, where we're building fraud and security tools for call centers, I’ve immersed myself in learning everything I can find about the cybersecurity/fraud prevention startup ecosystem. I came across Ross Haleliuk, author of the Venture in Security blog, a few weeks ago. His articles, like "Let’s have an honest conversation about the state of cybersecurity" and "On a hunt for successful cybersecurity startups and unicorn founders" immediately stood out to me as knowledgeable, well-researched, and sharply insightful. I subsequently discovered and spent the last few weeks reading his book, Cyber for Builders: The Essential Guide to Building a Cybersecurity Startup.

Cyber for Builders presents an overview of the security ecosystem and players, trends shaping its future, and a practical guide to building a cybersecurity startup, from fundraising and hiring to sales and product development. It distills lessons from Ross’s real-world experience and expert insights from over 50 industry practitioners, with QR links to deep dives on his blog.

In the book’s first sections, Ross provides an overview of the cybersecurity industry and its quirks. The security ecosystem involves not just vendors and their customers but also investors, industry analysts, insurance companies, government regulators, and acquirers, each uniquely shaping the nature of the industry. Angel investors, accelerators, incubators, and venture capital firms provide industry expertise, connections, and funding for early- and growth-stage security companies. On the other hand, analysts significantly influence enterprise purchasing decisions by publishing research, conducting vendor briefings, and advising security leaders.

Beyond financing and influence, insurance companies set minimum security requirements for cyber coverage, pushing businesses to adopt stronger security measures and standardize industry best practices. At the same time, governments recruit, regulate, support, and buy security. Meanwhile, intermediaries like channel partners (who connect security vendors and enterprise customers) and acquirers (often large security firms that provide startups with exit opportunities and drive industry consolidation) shape distribution channels.

Unlike other technology fields, cybersecurity is driven not just by competition and technological advancements but also by threat actors. Well-funded, highly motivated adversaries constantly push the boundaries of security defenses, forcing defenders to keep up and anticipate emerging threats. Also, security buying relies heavily on trust, with teams often purchasing solutions based on a vendor’s promise of protection, with little to no way to anticipate effectiveness in real-world attacks. Because failures can have severe consequences, purchasing decisions involve long sales cycles, extensive trials, and small-scale deployments before full adoption.

Cyber for Builders also explores some key trends shaping the future of cybersecurity, like the shift towards evidence-based approaches, with buyers now integrating security frameworks and prioritizing measurable outcomes. Security policies are increasingly being built using software engineering principles like automated testing and continuous integration, and security ownership is shifting from external providers to internal teams.

"Data gravity" is also reshaping security distribution: as businesses consolidate their data in centralized cloud platforms, these platforms become major security hubs, drawing in additional services and platforms. Regarding buying behavior, security leaders are rejecting fear-driven sales tactics in favor of transparent go-to-market strategies. They prefer to discover tools through peer networks and expect easy product trials, self-service onboarding, and technical deep dives before purchasing.

Finally, the book provides a guide to building cyber companies: requirements for a winning founding team, like deep industry context and technical expertise; advice for hiring and managing early employees; and guidance on deeply understanding ideal customers' needs, pain points, and decision-making process. Founders, especially technical ones, often focus too much on technology while neglecting critical aspects of company building like hiring, payroll, marketing, team building, and culture setting. Also, misjudging market fit, competition, and distribution channels often leads to premature scaling before establishing real demand.

For Ross, cybersecurity founders should explore overlooked areas in adjacent cybersecurity domains and invest time in truly understanding potential customers, their needs, and how best to reach them rather than blindly following standard playbooks and go-to-market strategies.

As a founder in the space, Cyber for Builders left me with tactical advice and broader insights into the cybersecurity ecosystem. On product distribution, I've come to better appreciate the role of industry analysts, channel partners, conferences and data platforms as key go-to-market strategies, and we'll be looking to explore those more. In terms of building and selling security, the book reinforced the critical role of trust. We built Rulebase from the start to allow fraud and security teams to run "simulations" of our core fraud detection tool to debug, inspect, and integrate them seamlessly, and this is an area we'll be looking to invest more into.

However, the book’s treatment of the technical aspect of building and scaling a cybersecurity company is lacking. For a book targeted at builders in the deeply technical field of cybersecurity, it offered limited insight into the recent technical advancements and opportunities shaping the field, like zero trust and AI-driven threat detection and investigation. While the book discusses market dynamics and go-to-market strategies, it does little to guide founders on the process of building itself. What are the major technical hurdles startups face in different security verticals? How should founders approach security R&D? What technical mistakes do cybersecurity startups typically make? These questions are largely left unanswered.

Despite these shortcomings, Cyber for Builders has already influenced my thoughts on Rulebase and cybersecurity/fraud. While I would have liked some more technical depth, it excels as a guide to the business and strategic aspects of building. The insights on go-to-market strategies, trust-building, and ecosystem dynamics have already shaped our approach at Rulebase, and I expect to revisit it frequently as we scale. More than that, it reinforced my conviction in the challenges and opportunities in cybersecurity. The real work lies ahead: identifying emerging threats, building innovative defenses, and pushing the boundaries of what’s possible in security!