Cybersecurity founders need to stop waiting for perfection

Explore our weekly delivery of inspiration, insights, and exclusive interviews from the global BHMEA community of cybersecurity leaders.

Keep up with our weekly newsletters on LinkedIn — subscribe here. 

Insights and interviews from the global Black Hat MEA community – in your inbox every week. 

This week we’re focused on…

Embracing imperfection. 

Because if you’re building a cybersecurity startup in 2026, perfection is probably your enemy.

The threat landscape moves too quickly, and customer needs evolve too fast. So the companies gaining traction now are the ones willing to ship early, adapt quickly, and learn by doing. 

When we spoke to founders and regional leaders at Black Hat MEA 2025, they kept telling us that cybersecurity startups can’t behave like slow-moving enterprise vendors anymore. 

The founders building resilient companies are treating cybersecurity more like modern software development – it’s iterative and experimental, and it’s deeply connected to operational reality.

Stop waiting for certainty

One of the best lessons came from Abdelilah Takhrifa (Regional Director for Aikido Security Middle East): 

“The number one advice that I always give is to have a bias for action.” 

Cybersecurity startups often lose momentum while trying to build the perfect product before exposing it to customers. But in practice, markets reward responsiveness – not perfection. 

“Try as many things as you can, see where you fail, see where you succeed and then iterate on things that do work for you instead of waiting too long on actually taking action.” 

There’s a reason this mindset dominates successful cybersecurity startups. Threats evolve continuously; cloud environments change constantly. Developers adopt new tooling almost overnight. You have to be able to adapt quickly. 

So the startups that really thrive are the ones that can learn fast. Sometimes that means they fail fast, too – but they can dust themselves off and pivot straight away. 

Build in public – even when it’s uncomfortable

Cybersecurity is cautious by nature. Vendors used to polish products behind closed doors, carefully controlling messaging and never admitting to uncertainty. 

That culture is changing.

Julian Richard (CTO & Co-founder at Filigran) pointed to open source as part of a broader shift towards transparency and experimentation.

“...the open source aspect has really helped to expose your product, try it and be able to fail, to learn along the way.”

Exposing unfinished ideas doesn’t feel great, especially in security, where credibility is so important. But founders have to recognise that today’s customers trust companies that evolve openly more than companies pretending to have solved everything already.

Instead of being a weakness, iteration is evidence that a company is listening. 

Richard’s broader advice to founders captured that mentality perfectly: 

“My advice is really to be resilient, try, fail, learn and do it again until you find success.”

Technical depth still leads 

At our 2025 event, we noticed that the strongest startup stories combined agility with serious technical credibility. 

Mohamed Sameh (Cyber Security Director at Fixed Solutions) described how his company balances services with internally developed cybersecurity platforms. This model is valuable, because cybersecurity startups can’t rely only on branding or growth tactics for long. Eventually, products have to work in live environments against real operational problems.

The founders building durable businesses are often the ones staying close to technical reality – whether through incident response work, SOC operations, penetration testing or engineering-led product development. 

Sameh also highlighted the growing technical calibre emerging from Egypt’s cybersecurity sector.

“All of the cybersecurity experts within Egypt are working in multinational companies across the whole world – so we have a very good technical calibre that can offer more services from Egypt to the whole world.” 

This reminds us that cybersecurity innovation isn’t concentrated in a handful of traditional markets anymore. Strong technical ecosystems are emerging across the Middle East – creating opportunities for founders willing to build globally from day one.

The startup mindset for 2026 

The biggest lesson from Black Hat MEA was about mindset.

The cybersecurity entrepreneurs gaining traction now are the ones willing to:

• Move before conditions feel perfect
• Learn publicly
• Adapt quickly
• Stay technically grounded
• Iterate constantly

This ties up neatly with the three words that Julian Richard used to describe Black Hat MEA: 

“Cyber, innovation, and influence.” 

Register now to attend Black Hat MEA 2026 – where you’ll gain the knowledge and the network to take your business to the next level. 

We’ll see you there.