I’m two years into Security Journey as Co-Founder and CEO. We’ve already beaten the odds by surviving our first and second birthdays, for which I am very thankful. This has been a year of new product releases, customers, connections, and lessons learned. We are still bootstrapping our product development efforts and learning on the fly. As my first year summary, this is a raw and wide-open view into Security Journey’s second year of existence.

If you want a bit of history you can read where this story began with “The Day I met John Chambers… and Quit.” and “What I Learned in Year One of MY “Security Journey“.

Here is my list of lessons learned in Year 2 as CEO of Security Journey:

  1. 112 hours of work per week is not required for success. Don’t get me wrong, I spend a lot of time focused on my startup. BUT, I also run a martial arts school (that I do for fun) and coach my daughter’s high school basketball team. My work-life balance is about flexibility. This does sometimes translate into working strange hours and getting things done at 10 PM, but I’m okay with that.
  2. Bad health habits are easy to develop and blame on the startup. Yes, there is more stress than a normal job. This is not a valid excuse for skipping exercise and making poor food choices. I’ve put away my habits of healthy eating and exercise, and I realize that I must change in year 3 to truly be successful.
  3. Serving both the individual and Enterprise markets is difficult. When we started, our vision was to provide both an individual application security training option as well as a solution for Enterprise. I’ve learned (through mentors and self-examination) that it is difficult to serve both markets well, and that our sweet spot is in the small / medium / and large Enterprise space.
  4. Product development and consulting are different hats and must be prioritized separately. In past years I’ve blended these two activities together and focused more on consulting. For year 3, I’ll dedicate more time to product development while still working with the consulting customers that have contributed to our success.
  5. Partnerships with other startups provide limited returns. In our first two years, we’ve had different partnership opportunities arise with other startups, and none of these have come to any form of fruition. I’m learning that at this stage, it’s better to focus on the things we can control, versus spending time developing a company to company partnership. For year 3, if there is money laying on the table, then we can talk.
  6. Sales require dedicated blocks of time. I’m still not as hyper-focused on the sales process as I must be. I’ll continue to develop this and focus specific amounts of time each week on sharing our solution with new potential customers. I’m good at speaking at conferences and meeting potential customers through that avenue. I struggle to develop leads outside of that channel.
  7. Finding the right freelancers is crucial. We are a small startup (2 people) and do not have a dedicated development team. For us, freelancers are how we get new features developed and test automation built. We’ve worked with some freelancers that did not make the cut and others that are awesome. (Our current group is awesome!) The right freelancers allow us to move our product forward while still managing the bottom line.
  8. Marketing does not require a huge budget. While still at Cisco and traveling the globe to promote product security, my friend Tony Vargas jokingly pointed out that he and I were marketing people. This was so true then, and even more true now. Marketing for us does not mean spending 10’s of thousands of dollars per month. We approach marketing by hosting the Application Security PodCast and speaking at various security conferences around the world. We use a tool called MeetEdgar to manage our social media accounts and re-post evergreen content, all automatically.