Select Page

Riding Cyber Market Hype Cycles

by | Mar 11, 2024 | Industry Dynamics | 0 comments

Cyber markets can be treacherous and unforgiving so I thought I’d share a “survival guide” of sorts to help fellow PMMs navigate complex situations. My vantage point comes from the experience of navigating various product markets across the Security Operations Hype Cycle. Each experience has been a unique chapter in my career. Reflecting on the situations I’ve been in, I realize the profound impact they’ve had not only on my professional growth but also on my understanding of the cybersecurity market ecosystem. This post aims to share what I’ve learned to help you as you enter the market coaster. 

Markets Are Cyclical

The first key to market survival is understanding that markets are cyclical by nature. The best way to illustrate this is by referring to Gartner’s Hype Cycle visualizations. My favorite of these is the Security Operations Hype Cycle because this is where I’ve “lived” as a Cyber PMM. Looking at the key market technologies as situated within a cycle between phases is a very useful way to understand the technology progression in your market. 

For example, some technologies fit within the “Trough of Disillusionment”. I have various experiences with technologies in this category (MDR, SOAR, Managed SIEM). I’ve also looked after products in the Peak of Inflated Expectations. For example, I briefly had responsibility for an XDR “product” at one point, and it was clear to me that XDR had a long way to go before gaining adoption or even being taken seriously. This was frustrating as a PMM, but when I put it into the perspective of this Hype Cycle, it alleviated my agony. It’s all about “zooming out” to gain a better perspective. 

One thing to note is that it is possible for technologies to not make it past the Trough of Disillusionment to the Slope of Enlightenment. These situations are where the technology had inflated expectations for a long time, and buyers struggle to implement it. When a technology overcomes these initial barriers to adoption to continue its progression, it will survive either as standalone technology or bolted into broader platforms. 

Let’s take XDR as a use case. I think we have seen many vendors, analysts and buyers struggle with hype and disillusionment about this technology category. The category definitions were confusing at first, and it wasn’t clear if XDR was truly a unique category, or really about existing EDR players trying to displace each other. While there was a convergence of “DR” technologies occurring, the fact was that XDR was defined differently by every vendor and analyst firm in the space. It is still a difficult category to analyze and typically requires clarification.

Understanding Analyst Firm Definitions

This brings up my next point. Understanding varying analyst definitions for your category is a key aspect that you need to master as a PMM. You have to realize that industry analysts can’t just agree with each other; if they did so, they would not be distinguished in their opinions. So you have to customize your messaging and positioning with each analyst and relate it to their position on the market. Sometimes the same product needs to be messaged in different ways. It’s not wise to brief a Forrester analyst on how your product aligns to the TDIR concept when TDIR is a “Gartner term”. You have to relate it to the Analyst Experience (AX) concept which is a Forrester term. That seems basic but in my early days as a PMM it was highly frustrating and confusing. So do your analyst definition homework. 

Varying analyst definitions add further chaos to already messy market situations. Not to pick on XDR, but it’s a perfect illustration of this. As already mentioned, nobody agrees until this day on what XDR really means. In my opinion, XDR did represent a buyer’s real demand to consolidate disparate tools and reduce pivoting across consoles. XDR also quickly became, “EDR+” under the surface. The “one to rule them all” is still yet to be found by Bilbo. In actuality, customers are all enmeshed across 10,200+ cybersecurity products and even more services. No two SOC’s are identical. It’s a fragmented market scene. 

I also want to give credit to market analysts that work to address this confusion on a daily basis. They are taking customer inquiries, analyzing vendors, and assessing actual markets so I give them credit. I don’t mean to suggest that they are causing market chaos, I think the opposite is true and they are often helping us gain clarity on what’s happening. I’m just suggesting that because several firms are doing this simultaneously, it can be difficult to pick a standard, ‘single source of truth’ definition for each category.

Base Your Efforts on Market Reality

I have marketed products at every phase in the Hype Cycle. Starting from understanding where your product sits within each phase of the cycle will save you a lot of confusion and help you to understand what you’re getting into. And you may even form a “sweet spot”. I have learned that I really enjoy the earlier Innovation Trigger phase in the Hype Cycle where I get to see a market take shape and help a vendor enter a space with a unique message, build content that helps them compete in the early days, and start to shape industry analyst opinions of what exactly the market is. I like to build new things and sometimes I was able to do this even at established vendors not just at startups. For example at Secureworks I was asked to define our positioning within the Cloud Security market, and that was a way to create something new within a very established vendor. 

Another example of this was the early days of the emerging MDR market between 2015-2017 when I was at Optiv. I remember my experience in seeing Optiv climb up among industry analyst reports and start to get more industry recognition as a player in the (at the time) new market category. While MDR is today at the base of the Trough of Disillusionment, 8 years ago MDR was an innovation disrupting the traditional MSSP space. In reality, it was in many cases simply adding a service layer to the deployment of EDR technology like Carbon Black.

It can be argued that EDR was really the disruptive element more so than the service itself. Services innovations lag behind product innovations. If you’ve read one Service Description – then you’ve read them all (snooze fest). But the technology dynamics and expertise being provided is the real key. I really enjoyed helping Optiv stake a claim in this new market space as a new brand on the scene. And this gives you an advantage in future situations. When I entered Secureworks after I left Optiv, I was able to help with their MDR “2.0” push when they built their own software, so my prior understanding of the early MDR market definitions really helped me in that work. 

Likewise, I had some memorable experiences in the SOAR market before it entered the Trough of Disillusionment. SOAR was widely needed but almost always poorly architected and deployed. It was easy to market SOAR products and easy to message, so it was a PMM’s dream in an industry rife with complexity and vague language. The problem with SOAR however was that after buying it, customers were unable to get started easily. So being in the earlier Hype Cycle phases is a blessing and curse because you spend a lot of time creating guidance for customers in the post-sale phase of the buyer’s journey. The need isn’t for fresh messaging or top-of-funnel conversations. The goal is to bring value down-stream and help customers get their SOAR journey moving along. So depending on where you are in the Hype Cycle, you may need to rethink your approach and where you spend your energy on the buyer’s journey. New technologies often require more support later in the buyer’s journey as was the case in my SOAR experiences. 

Fighting in Heated Markets

You may also find yourself in a heated market battle situation where you are not the only vendor trying to be the new kid on the block. A good example of this is the highly contested EDR market. I had good vantage points of the EDR space at Optiv, Secureworks and VMware Carbon Black. This market was and still is one of the most contentious and aggressively contested battle spaces in cybersecurity.

One key reason for this is the upside is so huge due to high margins related to the software side of the business. The other reason is that the technology detects malicious activity at the endpoint which is where many attacks begin to move laterally. This market goes all the way back to the early days when Anton Chuvakin of Gartner (at the time) coined the term Endpoint Detection and Response (EDR). This was a disruption being caused by the likes of Crowdstrike, Carbon Black and Cylance. The market growth rate for EDR was ballooning, and everyone wanted a piece of the action.

Being a part of a hotly, contested market space is stressful with a higher risk of becoming a casualty on the battlefield. This is the type of work where you are constantly in need of producing content to support regional events for an aggressive sales team, and not to mention a heavy dose of sales enablement to fuel all that rapid growth. And when you combine that with a general underinvestment in the product marketing team, you become a manual lever that nearly everyone in the company begins to pull when they need an asset or presentation or webpage or competitive differentiation. And differentiation becomes so complicated because everyone sounds so similar so it becomes a less strategic function and more of a tactical production line, which, in nearly all cases, leads to burn out for PMMs. 

I was witness to the exponential growth of Carbon Black in the early days when they went from the low millions in revenue to over 100 million in revenue. The reason I was in a front row seat is because I was at Optiv, who contributed to many of the deals that make Carbon Black successful. Sharing a similar owner in Blackstone meant that Optiv and Carbon Black were partners on many levels, including in the services that we created around MDR.

I saw how important the channel is to success in terms of gaining market share in a competitive market. Now, Optiv was also good partners with Cylance and Crowdstrike so it’s not to say that Carbon Black was the only EDR player we were working with. But I was able to observe the competition between those three in particular and there was a heated degree of competition between them in the field. It was a messy scene for sure.

Avoiding ‘Paint by Numbers’ Launches

Let’s shift gears and talk about surviving launch scenarios while you’re in the Hype Cycle. The ‘paint by numbers’ launch approach never works. What is a paint by numbers launch? At every company I’ve been at with the exception of a few smaller vendors, there have been project or program managers that host mind-numbing calls on a weekly basis trying to tick boxes (paint by numbers) for a product launch. These projects can last up to a year, with very little progress made week to week. It’s the opposite of agile.

While I really do appreciate the need for organization, I didn’t understand that early in my career I had the authority to direct the list of items that would be needed for a given launch project plan. I would take each pre-defined line item handed to me and stress out about how to get those actions done. And many of these items were years old. The reality was that the program manager wasn’t an expert on introducing products to market, he or she was just great at aligning teams and ensuring status is transparent to drive things forward. The “how” of my part in the launch was up to me. 

Nobody would know the difference if I changed what the project plan line items were. As I learned the ropes from more senior PMMs, I began to see that PMMs are meant to be the authority on deciding which items are required for a successful launch. We also determine how and when to enable the field and rally cross functional marketing teams. It’s up to us to determine the tier of a launch so that we can understand the scale and importance to the overall business. So across all of my adventures as a PMMs I think this aspect of “taking launch authority” is one of the key takeaways that you should take note of.

Conclusion

Surviving Hype Cycles require an adaptable mindset and demands strategic insight and adaptability. Through the lens of a Product Marketing Manager (PMM), we see the challenges of understanding market cycles, engaging in competitive battles, and moving beyond conventional launch strategies. Riding this coaster requires recognizing and leveraging market trends, customizing approaches to fit analyst perspectives, and innovating in product launches.

Stay tuned for future posts by subscribing to the newsletter on Substack or directly on the Cyber PMM website. You can also follow Cyber PMM or me on LinkedIn.