Team Composition & Scaling Research for SecurityV0

Date: 2026-02-27 Status: Research Perspectives: Technical, CEO, Marketing, Customer Success, Customer Integrations

---

Executive Summary

SecurityV0 is positioned at the intersection of two of the fastest-growing security market segments: non-human identity (NHI) management ($11.3B in 2025, growing to $38.8B by 2036) and AI agent governance. The platform is ~50-60% built by a single founder using AI-augmented development (Claude Code). This research analyzes realistic team composition at funding and 6 months post-funding, targeting $1M ARR (10 clients at $100K ACV).

Key finding: The original plan of 9 developers is overkill. An AI-native approach suggests 4-5 total engineers (including the founder) can deliver equivalent output. The more critical gap is on the GTM side — enterprise security sales at $100K ACV requires visible, credible humans in sales engineering, customer success, and integration support roles.

---

Part 1: Team Composition Recommendations

At Funding (Day 0) — Target: 5-7 People

#	Role	Type	Why Critical	Est. Cost
1	CEO / Founder	Existing	Product vision, architecture, founder-led sales, investor relations	Founder equity
2	Senior Full-Stack Engineer	Hire #1	Platform completion (W1→W2), API hardening, deployment automation. Must be AI-native (Claude Code proficient). Acts as 3x engineer with AI tooling	$150-180K + equity
3	Senior Connector/Integration Engineer	Hire #2	Python. Build new connectors (AWS IAM, GitHub Actions, Google Workspace). Each new connector = expanded TAM. Also handles customer-specific integration work	$140-170K + equity
4	Founding Sales Engineer / Solutions Architect	Hire #3	Technical pre-sales, customer POCs, demo environments, deployment support. Bridges product and customer. At $100K ACV, this role is non-negotiable — enterprise security buyers expect deep technical engagement	$130-160K base + $50-80K variable
5	Fractional / Part-time DevOps	Contract	Kubernetes/ECS production deployment, CI/CD, monitoring, SOC 2 prep. Can be 2-3 days/week initially	$80-100K (fractional)

Optional at funding:

#	Role	Type	Notes
6	Part-time Marketing / Content	Contract	Security-focused content (blog posts, CISO-targeted whitepapers, regulatory alignment pieces). Could be fractional or agency
7	Part-time Design	Contract	UI polish, brand, pitch deck, customer-facing materials

Total headcount: 5 FTE + 1-2 fractional = ~$550K-$750K/year loaded

Why not 9 developers?

The Faros AI study of 10,000+ developers shows that AI-augmented engineers produce 21% more tasks and merge 98% more PRs. But the real multiplier comes from the Anthropic 2026 Agentic Coding Trends Report: developers using agentic tools like Claude Code integrate AI into 60% of their work, with advanced users achieving 3-5x individual output.

The empirical evidence from SecurityV0 itself is the strongest signal: a single founder built ~55% of a production-grade platform (41 API endpoints, 22 evaluator rules, 9-section evidence packs, graph UI with ELK.js, 2 production connectors, full test suites) using AI-augmented development. Adding 2 more senior AI-native engineers provides sufficient throughput for platform completion, new connectors, and enterprise hardening — without the coordination overhead that degrades teams of 9+.

Reference: Cursor (360,000 paying customers, $65M+ ARR) operates with just 12 people total. AI-native startups achieve 300% higher revenue-per-employee than traditional SaaS.

---

At 6 Months Post-Funding — Target: 10-14 People

Assumes 3-5 paying customers ($300K-$500K ARR), active pipeline of 10-15 prospects.

#	Role	Type	Trigger for Hire
1-5	Day-0 team above	Retained	—
6	Enterprise Account Executive	Hire #4	After founder closes 5-8 deals personally and has a repeatable pitch. Senior AE, 3-7 years B2B SaaS, track record closing $50K-$300K deals. OTE $150-180K
7	Customer Success Manager	Hire #5	After 3rd paying customer. Technical CSM who can handle onboarding, ongoing health checks, connector configuration guidance. At $100K ACV, one CSM handles 20-35 accounts
8	Senior Frontend Engineer	Hire #6	If UI complexity demands it (W2 deployment gate UI, advanced graph viz, CISO dashboard). Only if founder/engineer #1 can't cover. AI-native required
9	SDR / BDR	Hire #7	Pipeline generation support for the AE. Outbound prospecting, event follow-up. Could be part-time or junior
10	DevOps → Full-time	Upgrade	Convert fractional to FTE as production customer count grows. SOC 2 audit prep, customer environment support

Optional at 6 months:

#	Role	Notes
11	Second Connector Engineer	If connector demand outpaces capacity (e.g., customer needs AWS IAM + GCP IAM urgently)
12	Head of Marketing	If pipeline is the bottleneck (not product). Full-time marketing lead with security/B2B SaaS background
13	Part-time Legal / Compliance	Enterprise contract negotiation, SOC 2, GDPR DPA. Could remain external counsel

Total headcount: 10-12 FTE + 1-2 fractional = ~$1.2M-$1.8M/year loaded

---

Scaling to $1M ARR (10 Clients) — Target: 12-16 People

Function	Headcount	Roles
Engineering	4-5	Founder/CTO, 2 platform engineers, 1-2 connector engineers
Sales	2-3	1 AE, 1 SE/Solutions Architect, 1 SDR
Customer Success	1-2	1 CSM (handles ~10 accounts), possibly 1 onboarding specialist
DevOps/Infra	1	Production reliability, customer deployments
Marketing	1	Content + demand gen
Operations	0-1	Part-time finance/legal/ops
TOTAL	12-16

---

Part 2: The ML / Data Science Question

Do We Need a Dedicated ML Specialist?

Short answer: Not now. Likely not for 12-18 months.

SecurityV0's Deterministic Advantage

SecurityV0's core architecture is explicitly deterministic — no ML, no probabilistic scoring, no heuristics. This is a deliberate design choice documented in CLAUDE.md and reinforced across all architecture docs. Every finding is backed by first-party evidence, every authority path is walkable end-to-end.

This is actually a competitive advantage, not a limitation:

1. Enterprise buyers trust deterministic outputs. CISOs want to explain findings to auditors and boards. "This service principal has owner-level access to production data and its ownership chain has decayed for 120 days" is infinitely more actionable than "our ML model assigned a risk score of 87."

2. Evidence-grade outputs require determinism. SHA256-sealed evidence packs with chained integrity hashes only work when the underlying analysis is reproducible. ML scoring breaks this chain.

3. Regulatory alignment demands explainability. EU AI Act, NIST SP 800-137, OWASP ASI03 — all require that AI governance decisions be explainable. Deterministic rules are inherently explainable.

When ML Becomes Relevant

Phase	ARR	ML Need	What It Enables
W1-W2 (current)	$0-$2M	None	Graph analysis + deterministic rules deliver full value
W3 (continuous assurance)	$2M-$5M	Low	Statistical baselines for drift detection. A senior backend engineer can implement standard deviation / z-score anomaly detection on temporal data. No ML specialist needed
W4+ (threat intelligence)	$5M+	Medium	UEBA (user/entity behavior analytics), predictive risk scoring, cross-tenant pattern recognition. This is when a dedicated data scientist adds value

What Competitors Do

Company	ML Approach	Notes
Veza	Graph-based, deterministic	No ML scoring — authority graph analysis. Acquired for ~$1B by ServiceNow
ConductorOne	"AI-native" branding but primarily rule-based	Uses LLMs for natural-language policy, not ML scoring
Opal Security	Rule-based access governance	No ML. 4x ARR growth post-Series A with 40 customers
SailPoint	ML for access recommendations	Added ML after establishing rule-based core at scale
CrowdStrike	ML for behavioral baselines	ML layer added on top of foundational identity graph

Pattern: Every successful identity security company started with deterministic/rule-based analysis and added ML later (if at all). The companies that led with ML (or failed to deliver explainable outputs) did not achieve market traction.

Areas That Might Benefit From Specialized Knowledge (But Not Necessarily ML)

Area	Need	Solution
Graph algorithms	Path computation at scale (10K+ nodes)	Graph database expertise (Neo4j), not ML. Already designed in architecture
Natural language policy	"Show me all service principals that can read customer data"	LLM integration (Claude API call), not custom ML model
Anomaly detection on temporal data	Drift alerts (W3)	Statistical methods (z-score, IQR), implementable by any senior engineer
Report generation	CISO-ready PDF/executive summaries	LLM integration (Claude API), not custom ML

Recommendation

Do not hire an ML specialist until $5M+ ARR. Instead:

1. Continue leveraging the deterministic approach as a selling point
2. Use Claude API for natural language features (policy queries, report generation) — no custom models needed
3. Implement statistical anomaly detection (W3) with existing engineering team
4. If/when behavioral analytics becomes a customer demand, hire a senior data scientist who understands identity security — not a generic ML engineer

---

Part 3: Perspectives Analysis

CEO Perspective

Priority: Capital efficiency + time to $1M ARR.

• With $2-3M seed, a 12-16 person team gives ~18-24 months of runway
• The founder-as-CTO model works through $1M ARR given the AI-augmented development velocity
• Biggest risk is not product (it's 55% built) but GTM execution — founder-led sales for first 10 deals is the proven path, but it splits the founder's time
• Critical decision: When to hire VP Sales vs. VP Engineering. If the founder is primarily technical, the first VP should be sales (after founder closes 5-8 deals). If the founder can sell, the first VP should be engineering (to free founder for GTM)
• The AI-native positioning is a narrative advantage for fundraising — investors love "we do more with less"

Key metrics to track:

• Time to first 3 paying customers (validates PMF)
• Sales cycle length (target: <120 days)
• Net revenue retention (target: >100% with expansion to new connectors)
• Burn multiple (net burn / net new ARR — target <2x)

Marketing Perspective

Priority: Pipeline generation for $100K ACV enterprise deals.

• At $100K ACV, marketing is about thought leadership and trust, not volume
• CISO buyers consume: analyst reports (Gartner/Forrester), peer recommendations, conference talks, regulatory alignment content
• Content pillars:
  1. NHI risk awareness — "68% of enterprises can't trace what their service principals can access"
  2. AI agent governance — "81% of enterprises past planning for agentic AI, only 14.4% have security approval"
  3. Regulatory compliance — EU AI Act, OWASP ASI03, NIST continuous authorization
  4. Evidence-grade security — differentiation vs. risk-score vendors
• Channel strategy: Partner with consulting firms (Deloitte, Accenture) doing AI governance assessments. They need tooling to recommend
• Marketing team of 1 (content-focused) is sufficient through $1M ARR
• Consider fractional CMO or advisor with security marketing experience

Customer Success Perspective

Priority: Time-to-value and preventing churn.

• At $100K ACV, losing one customer = losing 10% of your $1M ARR target. Churn prevention is existential
• Onboarding journey:
  1. Connector configuration (Entra ID, ServiceNow, Azure Foundry credentials)
  2. First sync + discovery results review
  3. Finding triage (acknowledge, remediate, false positive)
  4. Authority path walkthrough with customer security team
  5. Evidence pack review + integration with customer's GRC tool
• Time-to-value target: Customer sees first meaningful findings within 1-2 weeks of deployment
• At 10 customers, 1 CSM is sufficient (CSM-to-account ratio of 1:10 for complex security products)
• CSM must be technical enough to configure connectors and explain findings
• Expansion motion: Each new connector (AWS, GCP, GitHub) is an upsell opportunity — drives NRR >100%

Customer Integrations Perspective

Priority: Connector coverage drives TAM.

• Each production connector unlocks a new customer segment:
  • Entra ID + ServiceNow (done): ServiceNow-centric enterprises with Azure identity
  • Azure AI Foundry (done): Early AI agent adopters on Azure
  • AWS IAM (next): Largest cloud market; mandatory for multi-cloud enterprises
  • GitHub Actions (next): CI/CD workload identity (W2 deployment gates)
  • Google Workspace/GCP (planned): Second-largest cloud + collaboration identity
  • Okta (future): Alternative identity provider to Entra
• Connector build velocity with AI-augmented development: ~2-4 weeks per connector (vs. 2-3 months traditional)
• Each customer installation requires connector configuration — this is where the SE/Solutions Architect is critical
• Integration points beyond connectors:
  • SCIM 2.0 read-only export (already built) — feeds IGA/PAM platforms
  • OAA canonical permissions (already built) — interop with compliance tools
  • Webhook integration for deployment gates (W2) — GitHub, Azure DevOps, GitLab
  • SIEM/SOAR export (W3) — SOC integration for risk signals

---

Part 4: Hiring Timeline & Milestones

FUNDING (Month 0)
├── Founder/CEO (existing)
├── HIRE: Senior Full-Stack Engineer (#1)
├── HIRE: Senior Connector/Integration Engineer (#2)
├── HIRE: Founding Sales Engineer / Solutions Architect (#3)
└── CONTRACT: Fractional DevOps

MONTH 1-3: Product Completion Sprint
├── W1 hardening (production-grade deployment)
├── First 2 connector builds (AWS IAM, GitHub Actions)
├── SOC 2 Type 1 prep
├── Founder-led sales: 10-15 prospect meetings
└── TARGET: 1-2 signed LOIs or paid pilots

MONTH 3-4: First Customers
├── HIRE: Customer Success Manager (#5) — triggered by 3rd customer
├── Production deployments at first 3 customers
├── Evidence pack validation with real customer data
└── TARGET: $200K-$300K ARR

MONTH 4-6: Pipeline Acceleration
├── HIRE: Enterprise Account Executive (#4) — triggered by repeatable pitch
├── HIRE: SDR/BDR (#7) — pipeline support
├── CONTRACT: Marketing lead (fractional or full-time)
├── DevOps → Full-time upgrade
└── TARGET: $500K-$700K ARR, 5-7 customers

MONTH 6-12: Scale to $1M ARR
├── OPTIONAL HIRE: Senior Frontend Engineer (#6) — if UI demands it
├── OPTIONAL HIRE: Second Connector Engineer — if connector demand exceeds capacity
├── Conference appearances (RSA, Black Hat, Gartner)
├── Series A preparation begins at ~$750K ARR
└── TARGET: $1M ARR, 10 customers

---

Part 5: Cost Model

Year 1 Budget (Seed of $2.5M assumed)

Category	Monthly	Annual	Notes
Engineering (3 FTE + founder)	$40K	$480K	2 senior eng + 1 DevOps FTE
Sales (2 FTE)	$25K	$300K	1 SE + 1 AE (OTE)
Customer Success (1 FTE)	$12K	$144K	Technical CSM
Marketing (fractional)	$5K	$60K	Content + events
SDR (1 FTE)	$7K	$84K	Junior outbound
Infrastructure	$3K	$36K	Cloud (MongoDB Atlas, K8s, monitoring)
Tools & AI	$2K	$24K	Claude API, dev tools, SaaS
Legal / Compliance	$3K	$36K	SOC 2 audit, contracts
Travel / Events	$3K	$36K	Customer visits, conferences
Misc / Buffer	$5K	$60K	Recruiting, office, etc.
TOTAL	~$105K	~$1.26M

Runway at $2.5M seed with $0 revenue: ~24 months Runway at $2.5M seed with $500K ARR at month 6: 30+ months

Comparison: 9-Developer Model vs. AI-Native Model

Metric	9-Dev Model	AI-Native Model (Recommended)
Engineering headcount	9	4-5 (including founder)
Engineering cost	$1.35M-$1.8M/yr	$480K-$650K/yr
GTM headcount	0-1	4-5
Total team	10-11	12-14
Total burn	$1.5M-$2M/yr	$1.2M-$1.5M/yr
Runway (at $2.5M)	15-20 months	20-24 months
Time to first customer	Faster? (more eng)	Similar (AI-augmented)
Time to $1M ARR	Slower (no GTM)	Faster (balanced team)
Product:GTM ratio	9:1	1:1

The 9-developer model optimizes for product at the expense of revenue. In enterprise security with $100K ACV, the bottleneck is almost never "can we build it fast enough" — it's "can we sell it and support it." A 9-developer team with no sales, no CSM, and no SE will build a beautiful product that nobody buys.

---

Part 6: Risks and Mitigations

Risk	Impact	Mitigation
Founder bus factor	Critical — founder is architect, primary coder, and lead salesperson	Hire #1 (Senior Engineer) must be able to own platform architecture. Document all architecture decisions (already strong in sv0-documentation)
Sales cycle > 6 months	$1M ARR target slips	Start founder-led sales immediately at funding. Target design partners / beta customers pre-funding if possible
Connector demand exceeds capacity	Lose deals to competitors with broader coverage	Prioritize connectors by customer demand. AI-augmented development means ~2-4 weeks per connector
Key engineer leaves	33-50% of engineering capacity lost	Equity vesting, AI documentation practices (the codebase is well-documented), competitive comp
Market consolidation	Large platforms (ServiceNow, CrowdStrike) build native features	Speed advantage: ship faster than enterprise R&D. Position as best-of-breed that integrates with platforms (SCIM, OAA already built)
SOC 2 delays enterprise sales	Lose deals at procurement stage	Start Type 1 prep at funding. Budget for audit ($30K-$50K)

---

Part 7: Competitive Team Benchmarks

Company	Team Size at ~$1M ARR	Engineering	GTM	Notes
Opal Security	~30 (at $22M Series B)	~15	~15	40 customers, 4x ARR growth
ConductorOne	~100 (at $100M+)	~50	~50	Heavy enterprise sales motion
Authomize	38 (at acquisition)	~25	~13	Acquired for ~$28M (no profit for investors)
Veza	~190 (at $235M funding)	~100	~90	Acquired for ~$1B by ServiceNow

SecurityV0 AI-native target: 12-16 people to reach $1M ARR — roughly 3-4x more capital-efficient than pre-AI peers.

The closest comparable is Opal Security, but even their ~30-person team at Series B reflects a pre-AI-native development model. An AI-native team should be able to achieve comparable output with 40-50% fewer engineers.

---

Appendix: The "Areas Requiring Specialized Knowledge" Matrix

Specialization	When Needed	Hire or Build?	Notes
Graph databases (Neo4j)	At 10K+ identities/tenant	Build (1 engineer upskills)	Architecture already designed; MongoDB handles <10K
ML / Data Science	At $5M+ ARR (W3-W4)	Hire (dedicated)	UEBA, behavioral baselines, predictive scoring
Security compliance (SOC 2, FedRAMP)	At funding	Buy (audit firm + fractional CISO)	Vanta/Drata for automation, external auditor
Enterprise sales	At 5-8 closed deals	Hire (AE)	After founder-led sales validates the motion
Kubernetes / cloud architecture	At first production customer	Hire (DevOps) or buy (managed services)	MongoDB Atlas + managed K8s reduces need
UI/UX design	At funding	Buy (fractional/contract)	Until UI complexity demands full-time
Legal (enterprise contracts, IP)	At first enterprise deal	Buy (external counsel)	$100K ACV deals require real legal review
Data engineering	At $2M+ ARR	Build (existing team)	ETL for multi-connector reconciliation is engineering, not data science

---

Sources

Startup Team Patterns

• Insight Partners: Wiz Cofounders Story
• Contrary Research: Wiz Business Breakdown
• Contrary Research: Orca Security Breakdown
• Unusual VC: How Snyk Created a Developer-First Security Company

AI Development Productivity

• Anthropic: 2026 Agentic Coding Trends Report
• Faros AI: The AI Productivity Paradox
• EU-Startups: What AI-native Means for Startups

Enterprise Sales & GTM

• Bessemer: The Founders Playbook for $1M ARR
• UnifyGTM: From $0 to $1M ARR Sales Team
• SaaStr: What Your First 100 Hires Will Look Like

CIEM Market

• PeerSpot: Best CIEM Solutions 2025
• Crunchbase: Cybersecurity Investment Up in 2025
• SiliconAngle: ServiceNow to Acquire Veza

Identity Security ML Approaches

• CrowdStrike: ML and AI in IAM
• Orca Security: What is CIEM
• SailPoint: What is CIEM

---

Next Action

Status: adopted — shipped Agent team structure adopted: Blue (code review), Delta (feature dev), Echo (connector dev), Charlie (docs), Owen (coordinator). Bot GitHub Apps created (sv0-blue, sv0-echo, sv0-delta). No further action required.