I Engaged With 30+ Security & B2B SaaS Leaders & Customers: Here’s What I learned
Image Details: Cybersecurity SaaS
What Got Me Here
Over the past few months, my passion to understanding the ways business, technology, and strategy interconnect got me to asking one simple question:
Who is actually buying and selling software?
While the question seems quite simple, it turns out that the B2B SaaS market for all types of software is more intricate and complicated than noticeable on the surface. This made me set out on a two month mission to understand and interpret how software is sold and the methods by which it trickles downstream to eventually impacting customers like you and I. Although I’ve primarily focused on cybersecurity SaaS, here’s what I’ve learned from my conversations thus far with both the buyers and sellers of software.
The Buyers
Customers Care About Impact, Not Capabilities
The single largest mistake B2B SaaS companies make when selling is marketing their capabilities, rather than their impact. Buyers don’t care if you are “AI-Native”, a managed service, a company of 40 PHDs, or a startup of 3 undergrad students. What they care about most is what’s in it for them.
When it comes to B2B SaaS in cybersecurity, this means: how much can your platform improve a customer’s Mean Time to Detect (MTTD), Mean Time to Respond (MTTR), their compliance posture in accordance with SOC 2, GDPR, ISO 27001, etc. The average mid-market to large enterprise has over 70 SaaS tools in their digital infrastructure, which means that while you may fixate on your capabilities, all they care about is if you can get the job done.
In the cybersecurity space, there can be numerous winners and solutions to the same issue. For example, with regards to security operations (SOC), there are industry incumbents, managed service providers, and AI-native disruptors. While they may all have different capabilities and “means” of operating, they resolve similar painpoints within the same value chain.
Platform SOC incumbents such as Microsoft Sentinel SIEM (Security Information & Event Management) or Splunk SOAR (Security Orchestration & Automation Response) both integrate seamlessly in existing enterprise environments, enabling signals across various sub-domains of cybersecurity (IAM, XDR, Cloud, DLP, etc.) to be captured in a centralized system, and the proper CISO playbooks to be automatically orchestrated to provide remediation. Traditionally, SIEM and SOAR systems are expensive, costing companies in storage costs to host as well as human capital costs to operate. This makes the “impact” of these tools limited to the enterprises that can afford them - namely large enterprises.
To combat the human capital and technological maintenance issue of the existing “incumbent system”, what do “buyers” do?
They look elsewhere. In other words, they aim to find a solution that reduces the storage cost issue or the human capital issue. This is where other companies such as managed service providers and substitute SIEM/SOAR alternatives that either market “outsourced SOCs” or “reduced storage costs” as their main impact-driven value proposition. MSSPs such as AirMDR, Deloitte Cyber, Accenture Security, etc. serve customers who (a) require additional human capital to handle security operations, (b) have inadequate expertise “in-house” to manage security operations, or (c) are unable to purchase, own, and operate their own security systems.
Now you may be wondering, where does AI-native SOC fit in? As I said in the beginning, customers care about impact, not capabilities. For an AI-native SOC platform to be successful, they must provide impact within the existing technological ecosystem rather than trying to replace or rebuild it from scratch.
Let me restate this more generally again - for a B2B SaaS tool to be successful in selling to buyers in 2026, it must provide impact within the already complex and integrated SaaS tooling system of an enterprise.
Now, what does this look like? AI-native SOC companies that have gained traction such as ProphetSecurity, Dropzone, [24]7.ai, Simbian, etc. do so not because they are agentic and probabalistic in nature, but because they address real enterprise painpoints.
Human capital. Technological capital. Efficiency. Cost Leadership.
While AI-native SOC may not yet be at the point in 2026 where it is capable of completely automating security operations across all types of companies, what it is capable of doing is augmenting specific tasks that directly lead to measurably less human capital, technological capital, efficiency, and/or cost leadership.
The question for any B2B SaaS entrepreneur isn’t whether or not their platform provides cutting edge technology and AI-native capabilities, but rather whether or not they can convince the buyer that they are truly solving a worthwhile problem for their enterprise.
Now, as for the sellers… I will examine that in a future article :)
My Research Notes & Interpretations
Sources:
Chart Images: TradingView
Definitions: Investopedia
Concepts & Ideas:
Personal Opinion
Derivative & Trading Academy Coursework @UIUC
* NOTE: none of the info in this article or ANY article of MacroBytes is investment advice, it is solely an opinion for editorial purposes
