What is Strategic Product Management and why do we need it in the security industry

“Strategic Product Management” is, first of all, a buzz word. A hype, if you want.

But that doesn’t mean that you don’t need it.

Most technology companies have a product management department that should act as the “voice of the customer” on one side and translating their finding into requirements on the other side.

I won’t go into the debate if this makes sense or not. Read here about Product Manager, Product Marketing Manager and Technical Product Manager.

PMs typically generate an extensive roadmap of new products and enhancements which almost always never get implemented.

But is product management really being used strategically?

For example, what is the product strategy that is driving roadmap priorities?

And how is the product strategy linked to the company’s overall strategy?

Aha, you see where I am going, right?

So, in order to make a Product Manager do a good job, he needs to follow a strategy.

What is a “good job”, you may ask.

A PM’s job is any or all (depending what you understand that the job description of a PM is) of:

  • identify problems
  • identify target customers and markets
  • define solutions for the the problems by talking to the customers
  • check if the solution are worth paying for with the customers
  • translate solutions into technical requirements
  • describe the solutions for everyone to understand

Now, back to “strategy”.



: the skill of making or carrying out plans to achieve a goal


(Image: results.com)

In order to be able to start doing a good job (which might not be the same as his job description), he needs the strategy of the company.

I know what you’re thinking: the strategy of any company is making products that customers love and are willing to pay for them.

No, this is not a strategy. This is the characteristic of a goal.

You can identify a goal if it answer to the question: WHAT?

You can identify a characteristic of a goal if it answer to the question: HOW?

So, what is the goal? Building a product, of course.


In order to identify that goal with that characteristic you need to have a strategy.

A strategy means, for example, how do you want to make the business grow: sell the product(s) and service(s) or give everything for free and try to do indirect monetization?

If you sell products, to whom do you want to sell: to end-users or businesses?

Another example is, if you are in the security industry, to search for a certain segment to address (protect). Do you know how to protect the IoT, the workstations, the cars, etc. ?

This defines the strategy to conquer the market (even a small segment is fine) and ultimately, drives you to build a product or service to sell.


A tentative definition of Strategic Product Management

Strategic product management is the process in which you define the goal of your business in such a way that it determines its survival. In turn, this will help product managers to draw the characteristics of a product.

The philosopher Lao Tzu is credited with saying: “A journey of a thousand miles begins with a single step.”

Strategic product management determines which journey or where do you go.

Product Management takes care of defining what you need to go there.

Project Management takes care of defining the plan that implements the items you need to go on that path (defined by product managers) and the journey itself.

SPM basically answers to this question:

What kind of product or service should you create that obviously, customers love and are willing to pay for?


I like this definition created by John Mansour :

Strategic product management isn’t about the management of products or skills of individuals who manage products. It’s an organizational discipline that’s consistently capable of uncovering and solving bigger problems than the competition in a simple, clear and differentiating manner to establish and maintain a market leadership position. (source)


Applying SPM to security

There are a multitude of companies in the IT Security branch that do very well. They have obviously a lot to do and they have paying customers.

So, did they create a good strategy? Maybe…

But, if you would group these companies on the new ideas or concepts, you will be surprised to see how few they innovative ideas are.

I argue that most companies just borrow a known-to-work strategy and implemented it instead of investing a lot in creating a new strategy.

There is nothing wrong with this approach, of course, but if the market changes (and it does often) then all of these companies will fall together.

Have another look at the picture above. In the Security area especially it is even more complicated to find the right goal and then the right way to achieve that goal (which is beyond technical).

Related to this, I personally think that even more complicated is to choose which paths NOT to go to. Or, translated, which products/features NOT to make. For those in love with the technology, this is the hardest thing to do. I speak from experience. 🙂

© Copyright 2015 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity

Check www.endpoint-cybersecurity.com for seeing the consulting services we offer.

Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie de.itsecuritynews.info für IT Sicherheits News auf Deutsch

About the Author

Sorin Mustaca
Sorin Mustaca, (ISC)2 CSSLP, CompTIA Security+ and Project+, is working since over 20 years in the IT Security industry and worked between 2003-2014 for Avira as Product Manager for the known products used by over 100 million users world-wide. Today he is CEO and owner of Endpoint Cybersecurity GmbH focusing on Cybersecurity, secure software development and security for IoT and Automotive. He is also running his personal blog Sorin Mustaca on Cybersecurity and is the author of the free eBook Improve your security .
%d bloggers like this: