The rise of the practitioner-led cybersecurity startup

Cybersecurity startups are increasingly moving away from top-down product development – and being built through close collaboration with the people who actually defend networks and manage incidents every day.

Built closer to the front line

When we spoke to founders at Black Hat MEA 2025, we noticed a new focus on practitioners in conversations about startups. Not analysts or investors or abstract users – founders wanted to talk about practitioners. 

And that says a lot about where cybersecurity startups are heading this year. Younger security companies are designing products around operational pain points discovered directly from defenders, engineers and SOC teams – rather than relying purely on executive assumptions or market positioning exercises.

The result is a new generation of cybersecurity startups that look notably different from the previous era of enterprise security vendors.

We’re seeing less slideware and more iteration; less obsession with feature counts, and more focus on usability and practical outcomes. 

Julian Richard (Co-founder and CTO at Filigran) described Black Hat MEA as an opportunity to engage directly with security leaders and operators in the region.

“The valuable part is to have some key people here in the region, like real practitioners, leaders that really help us to understand what is really the need and how we can help with Filigran in filling the gap in cyber security and threat management.” 

This emphasis on understanding what’s really needed reflects a change we’re seeing across cybersecurity startups globally. A growing number of security buyers are exhausted by platforms that make big promises, but end up creating more operational overhead. 

And founders are responding by building closer to the day-to-day realities of security operations.

Security products are becoming more iterative

Startups are stepping away from long product cycles and rigid roadmaps, and starting to operate differently. 

Richard pointed to Filigran’s open-source approach as part of that evolution: 

“Filigran is quite, I would say, original – the open source aspect has really helped to expose your product, try it and be able to fail, to learn along the way.” 

This ‘try, fail, learn’ mindset came up again and again at the 2025 event. 

For Abdelilah Takhrifa (Regional Director for Aikido Security Middle East), speed of execution matters just as much as technical capability.

“The number one advice that I always give is to have a bias for action. Try as many things as you can, see where you fail, see where you succeed – and then iterate on things that do work for you instead of waiting too long on actually taking action.”

It’s a philosophy that can be seen in the way that many cloud-native security startups now operate. Instead of treating products as fixed platforms released in large cycles, teams iterate continuously based on customer feedback and operational telemetry. 

Aikido itself reflects that convergence of modern security tooling. Takhrifa described the company as “a software security product that does everything from code security, cloud security, runtime security… making sure that every company can ship safe products.”

And the breadth of this one firm’s work reflects another trend in the sector: security teams no longer want dozens of disconnected products stitched together across development, cloud and runtime environments.

Technical credibility has become critical again 

We’re seeing a renewed emphasis on technical depth. Many of the companies exhibiting at the 2025 edition of BHMEA were founded or led by deeply technical operators rather than purely commercial founders. And a technical background influences both the products they build and the language they use.

Mohamed Sameh (Cyber Security Director at Fixed Solutions) described a business model rooted in both services and internally developed security tooling: 

“We’re a cybersecurity company that offers multiple cybersecurity services, including rate teaming activities, penetration testing, blue team sock services and also GRC services.” 

Alongside its services business, Fixed Solutions also operates “a software house that develops cyber security solutions,” including products such as GRCeek and BAGIRA.

This combination of frontline services and internal product development is becoming more common across the cybersecurity startup ecosystem. Companies that spend time inside customer environments often gain sharper visibility into operational gaps than firms building solely from market analysis.

Sameh also highlighted the depth of technical expertise emerging from Egypt’s cybersecurity sector: 

“We started the industry in the 2000s. All of the cybersecurity experts within Egypt are working in multinational companies across the whole world – so we have a very good technical calibre that can offer more services from Egypt to the whole world.”

The era of operational cybersecurity

Possibly the biggest shift underpinning all of this is that cybersecurity itself has become more operational.

Modern security teams are securing cloud infrastructure, software pipelines, endpoints, remote work environments and digital government platforms simultaneously. They have less patience for products that create complexity without actually solving practical problems.

And that’s changing how startups are built. The cybersecurity companies gaining attention in 2026 are the ones listening closely to operators, and iterating quickly – grounding their products in the messy realities of day-to-day defence work rather than idealised security architectures.

Practitioners are guiding the product cycle right from the beginning. And we think that’s a very good thing.