u/anji_0216

I'm exploring some tech and cyber communities in Hyderabad and came across ISACA. Do you think it is worth becoming a member of this community?

I’m in cyber marketing and a prospect just reached out to me for their marketing. Honestly, I'm stuck on whether to even pick this up.

The founder is a security compliance guy with 12 years of experience who built a GRC platform that has zero AI features. He bootstrapped the whole thing and intentionally focused on just two things:

1. Solving the basic SMB/Startup problems: No dedicated security team, no clue how compliance frameworks work, and the fact that good known platforms start from $4000 per certification.
2. Making auditors actually like the product: He focused exactly on what auditors hate about other tools based on the practical issues he faced himself during audits for over a decade.

He already ran beta testing with healthcare startups in the US and got them ISO 27k1 certified in exactly 91 days. The feedback from the auditors was that it’s the first tool that actually gives them what they need without making it complicated.

My problem(as a marketer): The GRC space has evolved with AI so much that I’m not sure if this is even marketable right now. He says he has plans to integrate AI, but only on "actual problem statements" and not just slapping it on everything like the funded tools are doing.
Is it even possible to market a 'Back-to-Basics' tool?
I’m torn and need to hear from the experts on how to go about marketing it!