Builder of security products and programs. Teacher of those who run them.
I'm a cybersecurity executive with deep technical roots, product management experience, and a business mindset. I've built security products and programs from early stage to enterprise scale. I'm also a Faculty Fellow at SANS Institute and the creator of REMnux, a popular Linux toolkit for malware analysis. I share perspectives on security leadership and technology at zeltser.com.
#CISO #CyberSecurity #malware #infosec #fedi22 #searchable
| About | https://zeltser.com/about |
| Blog | https://zeltser.com/writing |
| https://www.linkedin.com/in/lennyzeltser/ | |
| https://x.com/lennyzeltser |
Love them or hate them, SOC 2 reports have become table stakes for SaaS deals. But the framework leaves the vendor in control of the system boundary and auditor selection, which means the reports vary drastically in rigor.
I wrote about what that structural gap means for vendors trying to build credible programs and buyers trying to evaluate them:
Is a security product company building a true platform or a suite? The distinction clarifies where to invest, how to measure progress, and what competitive advantage to pursue. Here's my guidance for deciding which approach is best, including a look at CrowdStrike, Okta, and Palo Alto Networks.
The test for a genuine platform is whether each new addition makes everything else more valuable, not just whether products share a brand or console. Recognizing which dynamic the architecture supports determines where to invest and what competitive advantage to pursue.
Who'll win this year's RSAC Innovation Sandbox? I scored each finalist's market readiness across 8 dimensions and built detailed profiles using my custom AI framework, so you can see where they stand.
4 companies clustered ahead of the rest. See if you agree:
https://zeltser.com/media/rsac-2026-sandbox
You can use the this approach on your own product strategy with the help of your AI agent and my MCP server:
https://zeltser.com/security-product-strategy-with-ai
#RSAC #RSAC2026 #infosec #cybersecurity #startups #productmanagement
My guide for endpoint security startups is out now.
The path between competing against entrenched platforms and becoming a feature they bundle is narrow. The guide walks through the questions that founders, buyers, and investors should answer to tell the difference.
I got to know this space when leading product at Minerva Labs (now part of Rapid7), but much has changed since then.
https://zeltser.com/endpoint-security-startup-questions
#cybersecurity #infosec #startups #productmanagement #endpoint
There are areas where endpoint security startups can build viable, useful products, but those openings shift as adjacent categories converge and incumbents absorb new capabilities. Founders, buyers, and investors need to distinguish a viable product strategy from a feature waiting to be bundled.
My new guidance on building security products for SMBs. I first tackled this market about a decade ago at NCR, but much has changed since, especially the role of MSPs and VARs for go-to-market strategies. A few findings as I revisited this space:
1. Channel concentration is a real risk. SentinelOne disclosed one partner accounting for 20% of total revenue, with a second reaching 10%.
2. Cyber insurance and customer compliance are buying triggers. Some SMBs arrive with a controls checklist from their insurer or customers.
3. AI readiness among MSPs dropped from 90% claimed in 2024 to under 50% for actual deployment in 2025.
4. The top three RMM/PSA platforms hold over 60% of the market, and Kaseya is bundling security into the subscription.
Details at https://zeltser.com/smb-security-product-strategy
Building security products for SMBs differs from enterprise markets in distribution, pricing, and product design. Vendors who merely repackage enterprise solutions at a lower price point struggle, while those who design around the segment's constraints find a large and growing market.
I published a 4-point approach for succeeding as a CISO, based on my experiences building and leading a security program at a high-growth company.
It shows how to focus on the defender's advantage and escape the unending cycle of reacting to vulnerabilities, investigating incidents, and responding to attackers' advances.
https://zeltser.com/ciso-leadership-lessons
#cybersecurity #infosec #CISO #leadership dership
A four-point framework to succeeding as a CISO, based on my experiences of building and leading a security program at a high-growth company. It shows how to focus on the defender's advantage and escape the unending cycle of reacting to vulnerabilities, investigating incidents, and responding to attackers' advances.
Good tech alone doesn't make a successful security product. I created a guide that presents the questions startup founders and product managers should answer early, covering market segmentation, AI and data advantages, go-to-market strategy, pricing, customer trust, and ecosystem positioning.
This framework draws on my experience as a CISO practitioner and a security product manager.
Strong technology alone doesn't make a successful security product. This guide presents the strategic questions that security product managers and startup founders should answer early, covering market segmentation, AI advantages, go-to-market strategy, pricing, delivery, customer trust, and ecosystem positioning.
Security leaders are often trapped in endless assessments and opinion-giving without driving actual change. Staying busy with spreadsheets, dashboards, and emails doesn't move the organization forward.
Here's how we can break out of the "Chief Opinion Officer" mode: https://zeltser.com/chief-opinion-officer-to-action-taker
Security leaders who only assess risks and express concerns operate as Chief Opinion Officers rather than change agents. Delivering outcomes requires agreeing with colleagues on what's real, deciding where to focus, and taking action without striving for perfection.
Open-source sandbox platforms, analysis environments, and AI-assisted tools let you build your own malware analysis capability without commercial licenses. Options include CAPEv2, DRAKVUF Sandbox, REMnux, FLARE VM, and tools that connect AI agents to analysis environments.