From Rejection to Recognition – The Strobes Journey
The email was short. Brutal in its simplicity.
It was the seventh rejection in three months. Seven different ways of hearing the same message: Nobody believes in your vision.
As I sat in my office that evening in late 2022, staring at yet another polite decline, I couldn’t help but question everything. Here we were, a company that had been grinding since 2016, evolved through every challenge the cybersecurity industry threw at us, and somehow we were still being told our story wasn’t compelling enough.
The numbers told a different story from the one investors wanted to hear. Our US revenue was stuck at 18% – respectable for an Indian company, but not the hockey stick growth that makes VCs’ eyes light up. We had just made the bold decision to transition from a consulting company to a product-centric platform, but “bold” and “risky” often look the same to investors who’ve seen too many pivots fail.
The Weight of Transformation
What made those rejections sting wasn’t just the money – it was the fundamental misunderstanding of what we were building. We weren’t just another cybersecurity company trying to ride the wave of digital transformation. We were reimagining how offensive security should work in a world where traditional approaches were failing.
The problem was clear to anyone actually doing the work: Traditional penetration testing was broken. Companies were scheduling annual pentests like routine check-ups, getting massive PDF reports full of findings they couldn’t prioritize, and then wondering why they were still getting breached. The entire industry was stuck in a cycle of compliance theater rather than actual security improvement.
But try explaining that to an investor who sees “cybersecurity” and immediately thinks about the hundreds of other security startups pitching similar-sounding solutions. Try conveying the vision of a unified Continuous Threat Exposure Management (CTEM) platform when most people hadn’t even heard of CTEM yet.
We weren’t just building another security tool. We were building the future of how organizations would understand and manage their security posture. But the future is hard to invest in when the present is uncertain.
The Evolution They Couldn’t See
What the investors didn’t understand was that we weren’t pivoting – we were evolving. Each rejection came from someone who saw our current state rather than our trajectory. They looked at our PTaaS platform and saw just another penetration testing service. They couldn’t see what we were building toward.
Behind the scenes, we were already deep into something much bigger. Our customers were demanding integrations with their existing security tools – Qualys, Rapid7, Veracode. What started as integration requests was revealing a fundamental gap in the market: organizations were drowning in vulnerability data with no way to prioritize what actually mattered.
So we started building something unprecedented – a vulnerability prioritization engine that could process 15 different parameters in real-time. While investors were focused on our revenue metrics, we were creating algorithms that could analyze asset context, identify public-facing vulnerabilities, assess business sensitivity, and combine exploitability data with EPSS and CVSS scores.
This wasn’t just feature development; it was laying the groundwork for a comprehensive offensive security platform that could actually help organizations understand their true risk exposure.
The Loneliness of Leadership
As a co-founder and CEO, those months tested every assumption I had about leadership, resilience, and vision. There’s a unique kind of isolation when you believe in something others can’t see yet. Your team looks to you for confidence and direction. But privately, you’re wrestling with the same doubts the investors are voicing. Maybe they’re right. Maybe we’re too early. Maybe the market isn’t ready.
The pressure was compounded by the fact that we’d already committed to transform from consulting to product. There was no easy retreat to our previous model. We had bet everything on a vision that, in 2022, felt increasingly lonely.
I remember walking through our office, looking at the team who had trusted me with their careers, and feeling the weight of every rejection. These weren’t just nos to me – they were nos to everyone who had believed in what we were building.
But there was something else happening that gave me hope. Our engineering team was making breakthrough after breakthrough. The vulnerability management capabilities we were building weren’t just matching what existed in the market – they were surpassing it. We were creating something that could solve the problems we’d been watching organizations struggle with for years.
The Irony of Timing
What made the rejections particularly frustrating was the timing. We weren’t some unproven startup with a half-baked idea. We have been in the trenches of cybersecurity since 2016. We had seen firsthand how the industry’s approaches were failing. We had watched companies struggle with vendor sprawl, alert fatigue, and the inability to prioritize risks effectively.
Gartner had just introduced the CTEM framework, recognizing exactly the problems we had been solving. But being early adopters of a framework that most people didn’t understand yet meant we were speaking a language that investors weren’t fluent in.
The technology was there. The market need was obvious to anyone dealing with real security challenges. But the narrative? The narrative was still being written, and we were asking people to invest in a story that hadn’t reached its climax yet.
What they couldn’t see was that we were already building the future of CTEM. While they debated whether the framework would gain traction, we were deep in development of External Attack Surface Management capabilities. While they questioned our pivot, we were architecting a platform that would eventually encompass Attack Surface Management, Penetration Testing as a Service, Risk-based Vulnerability Management, and Application Security Posture Management – all in one unified solution.
The Moment of Truth
After the seventh rejection, I made a decision that would define everything that came after. I called an all-hands meeting and did something that went against every piece of leadership advice I’d ever received:
I told them about the rejections.
Not to discourage them, but to be honest about where we stood. I shared my belief that the investors were wrong – not maliciously, but because they were looking at the wrong metrics. They were focused on our current 18% US revenue instead of the trajectory we were building toward. They were seeing a pivot instead of an evolution.
“We’re going to prove them wrong,” I said. “Not out of spite, but because we know something they don’t. We know what the future of cybersecurity looks like, and we’re going to build it whether they believe in us or not.”
I pulled up our development roadmap – the real one, not the sanitized version we showed investors. I showed them our vulnerability prioritization engine, our CTEM framework alignment, and our plans for native security scanners. I showed them a future where organizations wouldn’t need to cobble together dozens of security tools because we’d built a comprehensive platform that actually worked.
The room was quiet for a moment. Then someone asked the question that would drive everything we did for the next three years:
“What do we need to do to make them believe?”
The Foundation of What Was to Come
That question became our North Star. Not “How do we convince investors?” but “How do we build something so undeniably valuable that belief becomes irrelevant?”
The answer would require us to think differently about everything – our product, our market approach, our customer relationships, and our own definition of success. We would need to stop trying to fit into existing categories and start creating new ones.
We would need to take the CTEM framework that Gartner had outlined and show the world what it looked like in practice. We would need to prove that Penetration Testing as a Service (PTaaS) wasn’t just a delivery model change, but a fundamental reimagining of how security testing should work.
Most importantly, we would need to shift our focus from trying to convince people of our vision to simply executing it so well that the results spoke for themselves.
The roadmap was clear in my mind: Complete the vulnerability management transformation, launch our intelligent prioritization engine, build out the CTEM platform, and eventually develop AI-powered automation that would revolutionize how organizations handle security operations. We would build native scanners for SAST, SBOM, Container Security, CSPM, and Secret Scanning. We would create a partner ecosystem that would amplify our reach.
It was an ambitious vision – perhaps too ambitious for investors who wanted to see proven traction. But it was also a coherent evolution from everything we’d learned in our years of actually solving security problems.
As I left the office that night, I carried with me both the sting of rejection and the clarity of purpose. The investors didn’t believe in our story because we hadn’t finished writing it yet.
The next three years would be about proving that sometimes the best response to “nobody believes” is simply to build something impossible to ignore.
This is Part 1 of our 5-part series chronicling Strobes’ journey from rejection to recognition. In Part 2, we’ll explore how we embraced the CTEM framework when others doubted its potential, how we built our 15-parameter vulnerability prioritization engine, and how that decision became the foundation of our transformation into a comprehensive offensive security platform.
Ready to see how we turned rejection into recognition? Subscribe to our blog series and follow our journey from 18% to 55% US revenue, from skeptical investors to Fortune 50 clients, and from doubt to industry leadership.
