Expel is a cybersecurity startup focused on providing a single platform security solution to companies genuinely interested in security. Led by co-founder and CEO David Merkel, along with an experienced team who cut their teeth with Mandiant and FireEye, Expel seeks to reshape the cybersecurity industry with an approach to security built upon a foundation of transparency, community building, and a single technology platform.
Regardless of industry, many firms view security as a need, but not as a want. Security is a cost center, not a strategic asset. So, while many firms buy plenty of cybersecurity related products and solutions, decision-making processes are predominatingly driven by compliance, threat assessments, internal organizational structures, and what other companies are doing in their domain. Consequently, the cybersecurity industry formed first around managed security service providers (MSSP). These MSSPs provided a foundational layer, but they lacked sophistication and specialized capabilities. Managed detection and response (MDR) firms attempted to fill this market place gap, but did not have broad based functionality needed to become a complete solution. MDR firms often cherry picked solutions to protect their competitive positions, but fragmented their industry structure. Thus, for companies buying security solutions, they were forced to buy both and wrestle with enormous integration complexities. The costs – operational, financial, human – became an enormous burden.
In response, Expel has built a technology agnostic, cloud-based security platform to be a single solution for those security focused mid-sized enterprises in industry verticals where high quality security is a priority, such as sports/media/entertainment, financials, technology, law firms, insurance, and pharmaceuticals. This solution is backed by a North American 24/7/365 security operations center (SOC) whose work activities customers will see and interact with via a single, unified dashboard. So, customers will see exactly what Expel’s analysts are working on, how an investigation is unfolding, what actions need to be taken and how a company’s technical staff can become an integral part of the solution – all in real time. For resource constrained and overwhelmed DevOps and IT teams, Expel’s analysts become virtual teammates and a powerful resource for understanding security threats on their networks.
Another key differentiator of Expel’s approach is ease of deployment and integration, which they measure in days on a 1,000 node network instead of weeks or months – or not at all in the worst cases. Part of this efficiency is due to the platform choices Expel has made and the trade-offs focused around what they are not doing – such as consulting. Also, by focusing on mid-sized enterprises interested in security, whose current security infrastructure these companies want to replace or build out cohesively with a single strategy, Expel bypasses many of the challenges associated with integrating disparate hardware and software solutions and the human dynamics invested in them. Having been through a number of network deployments – security related and not – the cultural and technological heartburn can be enormous.
Expel’s emphasis on transparency as a strategic differentiator unfolds in several ways. First, they don’t sell fear or emotion. Their focus is partnership. Second, their pricing is very straightforward with no hidden gotcha or add-on costs that plague many security integration projects. Third, customers see exactly what Expel is working on and can interact directly with an Expel analyst.
Expel’s approach to selling has unique characteristics too. First, they focus selling their solution to firms interested in security, thereby creating a self selection filter biased towards higher value enterprises. Second, they believe half of their customers will be those firms seeking to replace an existing managed security vendor with the other half of the pipeline coming from those companies wanting to build something themselves, but with a strategic partner. Many cybersecurity companies separate the market differently, partly to match existing industry structure, but also because they are organized around selling products, solutions, and consulting services that blur their unique value proposition. Third, Expel is selling their platform solution to achieve an outcome for their customer, not satisfy a service level agreement (SLA) requirement. Similar to benchmarking, SLAs often harm differentiation by forcing firms to compete with very similar methodologies. Expel’s sales approach seeks to stop this reframing and allow the firm to sell its unique approach to solving security challenges.
As a strategist, Expel is compelling because they understand both what is flawed and broken in the cybersecurity industry and the exhaustion customers experience with their cybersecurity efforts. They clearly understand the “why” around their approach to problem solving, not just the “what” and the “how”. Most firms describe their activities and market actions in terms of what they do and how they do it. But most never articulate what their core motivation is and why the do what they do.
During my two conversations with their CEO, David Merkel, the firm’s core motivation was in plain sight, driven by a combination of empathy and appreciation for customer pain and industry battle scars. Implicit in their customer approach is a story about placing a client at the center. Very few firms in the cybersecurity space make their customers the hero. For most, the hero is the firm providing the security solution with the customer playing a character role.
In truth, none of us needs another hero and certainly not a self professed one. However, we do want guides – motivated by empathy and authority – to help with the journey and provide understanding and insight we could not have found ourselves. Combined with a plan, agreements to remove fears around doing business with someone new, calls to action, and measures of success, the end result is a customer who is transformed. Expel understands this need for good storytelling in a market dominated by competitors who focus too much on their technology and themselves. For traditional cybersecurity firms, the need to use fear as a motivator in order to sell products and services becomes very clear in this context.
In my view, the most significant strategic differentiator – the firm’s secret sauce – will be the relationship Expel develops with its customers via its online dashboards. In real time, Expel will with every incident demonstrate its leadership and value by solving immediate points-of-pain and thereby build trust, confidence, and empowerment around security for its customers – something they already define as a strategic asset. Once established with a client, how difficult would it be for a competitor to break this relationship? For that client CTO/CIO, the decision-maker Expel is selling to, what would be the value of changed outcomes defined in financial, human, and operational terms mean for his or her team and the broader organization? Effectively, Expel has built a platform for building community and alignment up and down the customer organization. These networking effects are very powerful.
Sustained differentiation is often times won or lost with the internal activities a firm engages in that rivals cannot replicate – or only at enormous cost – to deliver value to customers. Successfully optimizing these internal activities is really about understanding your core customer and establishing processes to optimize the satisfaction of those wants and needs. Expel’s approach to cybersecurity, driven by a focus on transparency, community building, and a single technology platform, stands in stark contrast to many industry participants and the industry structure as a whole. If successful, and early indications are promising, Expel has created a strategic moat that established rivals will not be able to emulate without causing significant damage to themselves and others in the cybersecurity industry.