Cybersecurity · sub-niche
SSH key lifecycle management.
Boring but unsolved. SSH keys outlive employment, devices, and security postures.
Month-long buildTrickle — one deal per quarter
Why now
SSH-key sprawl is the audit finding nobody wants. Compliance pressure (SOC2 / FedRAMP) is forcing action.
What the signal looks like
Repos with key-discovery libraries, rotation orchestration, and SSO integrations.
Public examples
We name publicprojects + categories only — never founders we track inside the paid product. The buyer’s edge stays inside the product.
- Smallstep-style certificate authorities
- Teleport SSH access
- Open-source SSH lifecycle tools
What this displaces
An ssh-key file last rotated three jobs ago.
Our build-vs-invest call
Niche but durable. Sell to platform engineering at compliance-bound companies. Fund only with prior infra background; don't build solo.
Common questions about this niche
- Buyer?
- Platform + compliance teams at regulated companies.
- Pricing?
- Per-user or per-host.
- Moat?
- Integration breadth + compliance reports.
More inside Cybersecurity
- LLM firewall tooling — WAF for AI agents — prompt injection blocking, output sanitization, policy enforcement at the API boundary.
- Supply chain attack detectors — Catch malicious npm / PyPI packages before they land in production.
- Secret rotation automation — Secrets that rotate themselves — across HashiCorp Vault, AWS Secrets Manager, GitHub, and your CI.
- OSS vulnerability graphs — The dependency graph for open source vulnerabilities, indexed for AI agents and humans.