Description: Cybersecurity service companies love reselling the same tools everyone else has. Francisco Donoso, Chief Product and Technology Officer at Beazley Security, knows that’s a trap. He’s spent his career championing products inside service organizations—not for vanity, but to actually set companies apart in this crowded market. In this episode, Fran explains how to do that well.

Why build when you could resell?

Most security service providers take the reseller route—mark up third-party tools, deliver the service, collect the check. Everyone’s selling the same thing with different logos. Fran’s approach is different.

“Investing in technology and products that enable clients to see real time what we’re doing on their behalf really highlights that value. It shows them that we’ve got the processes and the solutions and that we’ve invested in the technology to accomplish those objectives.”

Building proprietary client-facing products does two things: it sets you apart in the market, and it forces you to operationalize your backend processes in ways that scale. If you can’t show clients what you’re doing through a portal, you can hide operational cracks. When you build the portal, those cracks become impossible to ignore.

The SLA mistake that changed things

Early in his career, Fran built a product that put service level agreements front and center for security analysts. Seemed brilliant at the time. The unintended consequence? Teams optimized for speed over quality.

“Our team was very focused on how quickly are we delivering rather than what’s the quality of what we’re delivering. Unwinding that took a long time.”

The lesson: when you codify assumptions into software, changing course becomes significantly harder than it would be in a traditional service model. Experience, Fran says, is just knowing all the mistakes you’ve made before—and making new ones instead.

Actuarial data beats snake oil

Working for a company owned by a cyber insurance provider gives Fran something rare: actual data on what drives risk. Not vendor marketing. Not conference hype. Real claims data showing what causes breaches and losses.

“We have an opportunity to say what’s actually driving risk, what’s driving claims, what’s driving losses for companies, and then say, how do we build solutions to prevent that?”

This is the most unique position Fran’s been in during his career. The incentives are aligned—clients don’t want breaches, Beazley doesn’t want to pay claims, and Fran’s team builds products to reduce actual risk based on evidence. No snake oil required.

The promise and peril of AI in security

Fran describes himself as “somewhat of an AI skeptic” - though he uses it daily and thinks you’d be silly not to. His skepticism comes from seeing both sides clearly.

On the risk side, he’s watching things like Model Context Protocol (MCP) servers introduce new attack surfaces. His security research team is actively working on research about breaking these systems. “A lot of these MCP servers are a total mess from a security perspective. And they’re just going to lead to some really interesting and quite frankly terrifying breaches.”

But he’s also building with AI. His team is working on domain-specific large language models augmented with Beazley’s proprietary insurance data. The foundational models are “super cool as an end user, to be honest, like to just be able to chat and riff.” But the real opportunity? Models trained specifically for cybersecurity domains where you can reduce hallucinations and rely on decision-making for automation.

On whether AI will let anyone build SaaS products? Fran thinks people are “likely discounting the amount of maintenance and work that comes into upkeeping a product once it’s launched.” Burning down tech debt, rearchitecting backends for features you didn’t know you’d need—that’s the invisible engineering work. “So I think we’re quite a ways away, but I also see how quickly this AI stuff is advancing. I can’t place my thumb on it. Right now we’re not there.”

His take on big tech’s “AI is replacing engineers” narrative? It’s business reality driven by economics. Companies need money to invest in the AI race, so they offset costs by reducing headcount. But friends at those companies tell him they’re just pushing the same work to fewer people. The reality doesn’t match the marketing.

Product people, not managers

Fran started as an engineer before a CEO told him he was actually a product person. The realization: product is about communicating with stakeholders, understanding market needs, and building solutions for humans.

“People are the hardest thing about technology. Technology is easy. People are incredibly challenging and hard.”

His advice on building products? Stop overestimating the value of what you’re building. Launch something imperfect to validate assumptions. The worst feeling as an engineer is building features no one uses—and Fran’s been there enough times to know better now.