It\u2019s always a gamble to establish a start-up, but if you were to choose any sector where you\u2019d fancy your chances of success, it would surely be cybersecurity.After all, the cybersecurity market is estimated to grow to $224.48 billion by 2022, according to Statistics MRC, while CB Insights reports that venture capitalists (VC) invested $3.1 billion in a record 279 cyber-security start-ups last year, a far cry from the $833 million invested in 117 firms in 2010.Some notable companies have emerged in this time, Cloudflare, Tanium and Zscaler each raising $100 million or more, while specialized security VC funds and accelerators have appeared too.\u201cThere has never been more interest in cybersecurity, so we\u2019re seeing increasing amounts of innovation in the field, and ever more start-ups too. It\u2019s an exciting time,\u201d says Alex Van Someren, managing partner of the early stage funds at Amadeus.David Cowan, partner at Bessemer Venture Partners, sends a cautionary note: \u201cWith VCs flocking to the cyber sector, even the bad start-ups get funded.\u201dEither way, running a start-up is a huge challenge with many mistakes made along the way. Some get the product wrong, lack the right investment or jump into a saturated market. Others lack the skills, the ability to articulate their solution well to the right people, or fail to land those successful early pilot projects.Even the most mature, promising start-ups make mistakes. Tanium, the endpoint security and systems management start-up valued at some $3.7 billion, has been criticized recently. A Bloomberg report revealing not only that the CEO fired employees before their stock vested, but that sales representatives had also exposed a hospital's computer network during pitches.Establishing a start-upSo, what\u2019s it like working in a security start-up?Jay Kaplan is CEO and co-founder of Synack, a security start-up which raised $21 million in Series C funding last month. Kaplan, formerly of the NSA (where he was senior cyber analyst) and Department of Defense (working for the Incident Response and Red Team), explains that his company, which relies on crowdsourcing experts for vulnerability testing and pen testing, is trying \u201cfix a broken market\u201d.It\u2019s clearly working well, with the recent Series C attracting partners in Microsoft Ventures, HP Enterprise and Singtel. But even still, why switch from a rewarding role at NSA where he was helping to \u2018save lives\u2019?\u201cNSA is incredibly exciting and I can say without doubt I helped saved many lives and that a mission is extremely fulfilling. But government work was not something I wanted to build a career in.\u201d\u201cRunning a company was what I was really passionate about, what I wanted to do. I actually ran a company - a shared web hosting and development company -- when I was 14. It made me realize entrepreneurship was in my DNA.\u201dAnkur Modi agrees. Now CEO and co-founder of AI security firm StatusToday, he was previously a data scientist and engineer at Microsoft.\u201cThe motivations were neither financial nor job satisfaction; I was extremely happy with my team [at Microsoft], where we were driving the new era of productivity.\u201d He recalls how a colleague mentioned the digits in his salary would fall away. \u201cIt\u2019s true,\u201d he admits.\u201cIt was very clear I had something I could do, that I could make a big change on the use of data in organizations,\u201d he adds. StatusToday\u2019s AI-powered platform aims to understand human behavior, boosting security, engagement, and productivity.He notes he was interested because it was \u201csomething I care about,\u201d and he had an entrepreneurial mind-set.Nik Whitfield, CEO of big data security firm Panaseer, had the same burning desire. \u201cI was lucky to work with amazing people at BAE Systems (Detica as it was). But the start-up world was always a big lure for me, and the market conditions were too good to pass up. The convergence of Big Data, cybersecurity and data science was always going to create new companies and solutions, and I had to grab the chance to lead the innovation in this space.\u201dFunding and pilotsOf course, a critical element to any start-up is support and investment. Support may come from accelerator programs and competitions, while financial investment is absolutely essential.All the start-up founders here agree funding is extremely difficult, with Whitfield noting: \u201cEvery funding round is different and every investor is different. But there\u2019s one thing in common, which is that they have to believe in their gut that you and your company will make a substantial return on investment. If you don\u2019t believe that, don\u2019t ask someone else to. \u201cSynack has a stellar panel of VCs, perhaps owing to Kaplan\u2019s connections, and he says their help has gone beyond the financial.\u201cVCs are extremely influential, and we\u2019ve got phenomenal investors, who have incredible networks,\u201d he says.These networks, says Kaplan, enabled the firm to attract end-user partners who understood that the early days were \u201call about trial and error.\u201d\u201cThat's really crucial for any start-up, testing things out and seeing what direction to take the product in,\u201d he adds.Modi says partners have been imperative to his start-up\u2019s early success. Extolling the virtues of investors who have \u201cbeen there and done\u201d it in start-ups, he points to his VCs at venture firm LocalGlobe and Nation Capital, as well as GCHQ, with Status Today part of the agency\u2019s first cyber-accelerator program. He warns other start-ups to not underestimate the amount of support they will need in order to grow.\u201cThe success at StatusToday is down to partners, investors and the team that comes together,\u201d says Modi.Like Kaplan, Modi says successful pilots have been with carefully selected partners, who also understand that results may not always be instantaneous. Whitfield, meanwhile, points to finding clients who have a clear business problem, and a willingness to embrace both innovation and working with a start-up.\u201cThese gems are few and far between,\u201d he says. \u201cBut if you find the right client, treat them like a true partner...they will be an asset and supporter of your business for years to come.\u201dGet innovative with products - and pitchesSecurity firms face numerous challenges and no more so than start-ups trying to disrupt the hottest markets with limited resources.\u201cGood ideas are always copied \u2013 it\u2019s the quality of execution that differentiates,\u201d says Whitfield, explaining one of his key challenges.\u201cThe key to success for start-ups in cybersecurity is around delivering innovation in one of the critical topic areas, rather than re-treading old problems,\u201d says Van Someren, seemingly agreeing.He notes particular interest around Artificial Intelligence and Machine Learning -- but \u201cprecious little evidence of effectiveness\u201d -- while he\u2019s more interested in start-ups in data discovery and GDPR compliance tools, risk analytics and risk modelling.He continues that too few start-ups truly understand the market they are in: \u201cTaking the time to develop a concise explanation of what problem you\u2019re solving, how big the market could be, and why this is the right team to do it makes all the difference.\u201dModi agrees -- \u201cmost don\u2019t spare enough time to understand the problem [of the market]\u201d \u2013 but cites the issue of building trust as a key issue. As he notes, he can no longer rely on the \u201cbadge\u201d of Microsoft.\u201cCredibility in security is so important, and it\u2019s important trust is built-in at the start of the success story.\u201dKaplan says his challenge has been getting people knowing and understanding a crowdsourced model, getting the \u2018foot in the door\u2019, and now scaling the business up.\u201cRight now we\u2019re all about scale. That means very quickly ramping up sales operation, expanding internationally, expanding marketing efforts, and we\u2019ve still a lot to do to build on the engineering front and on customer success side\u2026.while making sure the customer is still seeing tons of value, and that we\u2019re building brand highly respectable people want to work with, to do business with.\u201dAside skills, scale, ideas and product execution, Cowan mentions perhaps the elephant in the room \u2013 that sometimes security solutions, however great, will fail.\u201cThe greatest challenge any cybersecurity start-up faces is still stopping attacks. But right behind that comes the challenge of proving value: how do customers know how much damage you saved them from?\u201dStart-up advice? Know your market and USPWhitfield advises: \u201cDo it, but do it with your eyes open. The stats don\u2019t lie, most will fail, but the self-development opportunity is incredible. And listen to everyone \u2013 be thick skinned enough to feel the criticism of your product idea, but not so much that you stop listening."Kaplan says you need to go all-in: \u201cYou have got to go all in\u2026.that\u2019s critical.\u201d He stresses the importance too of building strategic partnerships, evaluating your exit strategy and developing ties with CISOs who should soon realize this partnership enables them to drive products \u201cthat conform to their requirements.\u201dBVP\u2019s Cowan advises start-ups to start big: \u201cTo gain traction, start by selling to the biggest targets: the US government, major utilities, and the multi-national banks. If you can secure them, you can secure anyone.\u201dModi\u2019s advice is simply to know your market and target audience, and - critically - to move beyond security as a siloed part of IT. You will get more internal champions as a result.Cybersecurity start-ups face a long and winding road, but with plenty of opportunity to disrupt a complex, ever-changing market.Got other ideas? Head to Facebook to let us know.