Acquisition project | EXPLIoT Academy

📄

Acquisition project | EXPLIoT Academy

Elevator Pitch

Want to fast-track your career in IoT security? At EXPLIoT Academy, you don’t just learn from experts you learn from the very researchers who have presented their work at top cybersecurity conferences like Black Hat, DEF CON, and Nullcon. In fact, the same course material you’ll study has been featured on these global stages. Our hands-on, real-world training ensures you’re among the top 1% in the field. Forget theoretical learnings and gain practical skills that set you apart. Start now at academy.expliot.io.

Understand the user

ICP 1: Independent Cybersecurity Professional ( Researchers & Consultant )

ICP 2: Enterprise IoT Security & Compliance Teams

ICP 3: IoT Security Students ( University level learners & Early Professionals)

Method Used for defining personas

1. Analysis of all paid customer profiles

2. Analysis of visitors; company data sourced from ZoomInfo

3. Analysis of visitors - who sign up for free course.

Criteria	ICP 1: Independent Cybersecurity Professional	ICP 2: Enterprise IoT Security & Compliance Teams	IoT Security Students ( University Level Learners & Early Professionals )
Age	20-40 Year Old	30-50 Year Old	18-28 Year old
Demographics	Region: Primary - US, UK, Germany ; Secondary - India	Region: Primary - US, UK , Germany ; Secondary - India	Region: Primary - US, UK , Germany ; Secondary - India
	Small security consulting firms, IoT security, Bug Bounties	Industries - Automative, industrial IoT, Manufacturing, Smart Devices.	Industries - Cybersecurity, Embedded Systems, IoT Development
Who are they	Pen-testers, Red Teamers, Bug Bounty Hunters, IoT Security Consultants.	Security Professional working in large enterprises & industrial IoT companies.	University students & fresh graduates in cybersecurity, IoT, and embedded systems
	Security professionals who need advanced IoT hacking skills for client work & bug bounty programs	Teams responsible for IoT Security assessments, compliance, and vulnerability management.	Early-career professional transitioning into IoT Security
Why they need EXPLIoT Academy?	IoT security is a niche, high-paying field - learning these skills increase their earning potential.	Their companies design, manufacture, or deploy IoT devices, which are high-risk targets for cyber threats.	Practical IoT security training missing in university courses.
	More companies demand IoT pentests, and they want to expand their consulting services.	Regulatory compliance (ISO 21434, NIST 800-183, EU, Cyber Resilience Act) requires their team to have IoT security expertise.	Hands-on experience helps them get internships or entry-level jobs.
	Bug bounty programs are offering rewards for IoT vulher abilities —> learning these skills is financially valuable.	They need structured corporate training for their security engineers & analyst	Prepare them for future certification & professional growth.
Pain Point	IoT Security training is hard to find —> most available courses are not hands-on	Compliance risk - struggle to meet IoT security compliance standards.	Theoretical university courses don’t provide hands-on hacking practice.
	Lack of structured labs and real-world scenarios —-> needs interactive practice with real IoT vulnerabilities	Lack of in-house IoT security training - most security teams are general cybersecurity experts, not IoT-specific.	Lack of affordable IoT security courses for students.
	Stiff competition in bug bounties & consulting —> need advanced skills to stand out	High cost of third-party security assessment - need to upskill internal teams to reduce dependency on external vendors.	Tough job market –> needs extra certification to stand out.
Behavior	Learns via practical, hands -on training ( HTB, TryHackMe, CTF challenges )	Learns via structured, corporate training programs	Consume free content first (youtube, free course) before buying paid content
	Engages in online security communities ( Reddit IoT Security, Discord, Twitter/X)	Engages in IoT security conferences ( DEFCON, IoT Villages, Nullcon, Hardware.io)	Prefer structured certifications to add to resumes
	Prefer self-paced, in-dept courses	Trends to follow compliance related cybersecurity content (LinkedIn, Industry Report)	Follow security professionals on Twitter/LinkedIn/youtube
Who takes the decision?	Decision makers - The individual learns	Decision Makers: CISO, Security Manger, Compliance Officer.	Decision maker - The Student or University
	Decision blockers - High Pricing	Decision Blocker: Budget constraints, internal approval processes for training.	Decision Blocker - High pricing or lack of university endorsement
Frequency of Use?	Multiple courses per year ( Basis ups killing requirement )	Quarterly or Annual Team Training Cycles.	Low cost courses at the start, then upgrade to advanced training over time.
	Hands-on labs used frequently for real-world hacking practices.	New team members need onboarding in IoT security training.	Uses training material for internships & job application.

ICP Prioritisation

Criteria	Adoption Rate	Appetite to Pay	Frequency of Use Case	Distribution Potential	TAM ( users/currency)	Priority Ranking
ICP 1 - Independent Cybersecurity Professional	High	Medium	Medium - High	Medium	1000 user	2
ICP 2 - Enterprise IoT Security & Compliance Team	Moderate	High	Medium - High	High	1400 users	1
ICP 3 - IoT Security Students (University Level Learner’s &. Early Professionals)	Low	Low	High	Moderate	1100 users	3

Criteria

Adoption Rate

Appetite to Pay

Frequency of Use Case

Distribution Potential

TAM ( users/currency)

Priority Ranking

ICP 1 - Independent Cybersecurity Professional

High

Medium

Medium - High

Medium

1000 user

ICP 2 - Enterprise IoT Security & Compliance Team

Moderate

High

Medium - High

High

1400 users

ICP 3 - IoT Security Students (University Level Learner’s &. Early Professionals)

Low

High

Moderate

1100 users

Priority Ranking:

1. Enterprise IoT Security & Compliance Teams —> High distribution potential, high frequency of use, and significant TAM.

2. Independent Cybersecurity Professional —-> High adoption rate and willingness to pay but medium frequency of use and distribution potential.

3. IoT Security Students —-> High frequency of use but low adoption rate and low willingness to pay, making it the lowest priority.

Understand the product

EXPLIoT Academy Core Value Proposition

EXPLIoT Academy's users experience core value proposition when they start the course and work on the First hands-on lab

However apart from the hands-on lab, users also experience value from ;

High-quality, hands-on cybersecurity training focused on IoT & embedded systems.
Practical, real-world exercises with labs and interactive challenges.
Self-paced, on-demand courses for flexibility and scalability.
Industry-recognized certifications for career growth.

Understand the market

(Let's begin by doing a basic competitor analysis)

Factors

Competitor 1 : Attify

Competitor 2 : Hack The Box

Competitor 3

Competitor 4

What is the core problem being solved by them?

Advanced IoT exploitation techniques and vulnerability discovery.

What are the products/features/services being offered?

protocol hacking

IoT exploitation kits,

firmware analysis,

Who are the users?

Security researcher

Ethical hacker

GTM Strategy

Customizable private training (online) organization

What channels do they use?

Online store / slack community support

What pricing model do they operate on?

Premium pricing for advanced hands on training kits and courses

How have they raised funding?

Brand Positioning

unclear /

UX Evaluation

What is your product’s Right to Win?

What can you learn from them?

(Then let's try to understand the market at a macro level and evaluate the trends and tailwinds/headwinds.)

Now it’s time for some math, calculate the size of your market.

TAM = Total no. of potential customers x Average Revenue Per Customer (ARPU)
SAM = TAM x Target Market Segment (percentage of the total market)
SOM = SAM x Market Penetration/Share

The TAM represents the total revenue opportunity available if EXPLIoT Academy were to achieve 100% market share in the IoT security training sector.

Global Cybersecurity Workforce: In 2024, the global cybersecurity workforce is estimated to be approximately 5.46 million professionals.

Average Training Expenditure per Professional: Assuming each cybersecurity professional allocates an average of $1,000 annually for training and professional development.

TAM: $5.46 billion

SAM: $1.092 billion

SOM: $5.46 million

If your product is in early scaling stage

Designing Acquisition Channel

Channel Name	Cost	Flexibility	Effort	Speed	Scale
Top 1: Conference Partnership	Low-medium	Medium	Medium	Medium	Medium-High
Top 2: Organic - Founders Brand	Low-medium	Medium	Low	Low -Medium	Low - Medium
Top3: Paid Ads - Google Ads	High	High	High	Fast	Medium
Top 4: Referral	Low	High	Medium	Slow	High

Detailing Product integrations

(Understand, where does organic intent for your product begins?)

Step 1 → Identify complementary products used by your ICP

In EPXLIoT Academy‘s case ; ICPs spend time in various activities/exploring different tools such as , attending conferences, sending time in communities, using different tools etc.

Step 2 → Use the selection framework

Integration Partner : Channels	Time to go live	Tech Effort	New users we can get (monthly)	New Users we can get in Month 1	New Users we can get in Month 2	New Users we can get in Month 3
Conference Partnership	1 Month	Low	10-12	10	10	10
Community Integration	1-3 Months	Low	5	5	5	5
LMS Course Signups	1-3 Month	Medium	5	5	5	5

Step 3 → Collaborate with necessary stakeholders
Step 4 → Map the customer journey
Step 3 → Design the wireframe with the new integration
Step 3 → Run pilot tests before launching
Step 3 → Measure post-integration metrics

Detailing Referral / Partner program

(For B2B companies, if referral does not make sense you'll take a crack at a partner program for your product)

Step 1 → Flesh out the referral/partner program

#1 - Customer Touchpoint

completing the course
downloading course completion certificate [ AHA Moment ]
sharing post about the positive experience of course on social media

#2 - Platform Currency

Money [ discount ]
Access [ early access to course launch ]

#3 - Determine who to ask for a referral

paid customer - who downloaded course completion certificate after completing entire course material

#4 - Referral Partner Discovery

in app feature [ primary ]
email communication [secondary ]

#5 - Referral sharing & Communication

whatsapp, email, social media
Referral message ? [

#6 - Tracking referral

In our case - we can use learnworlds, default referral program and use their dashboard to track.

#7 - Design the referral landing page for non-users

at stage#1 - i think first gong ahed with paid users make more sense that opening it for non users.

#8. Encourage continuous referrals

tired rewards [ ]

Step 2 → Draw raw frames on a piece of paper to get the gist.

(Don't spend a lot of time on design. This is for you to communicate how the referral hook will look)

we hope this helped you break the cold start problem!

Reminder: This is not the only format to follow, feel free to edit it as you wish!

Detailing Content loops

Content Loop

(Keep it simple and get the basics right)

Step 1 → Nail down your content creator, content distributor and your channel of distribution
Step 2 → Decide which type of loop you want to build out.
Step 3 → Create a simple flow diagram to represent the content loop.

Content Loop

Use internal expertise - to conduct recurring high value - webinars
Once - webinar is done / then - use the recording
work on the recording of the webinar —> convert it into FREE Course after editing
publish the course, on website ; in the FREE Course Section
user will signup FREE Course and experience the product, later - can try paid course.

[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Brand focused courses

Great brands aren't built on clicks. They're built on trust. Craft narratives that resonate, campaigns that stand out, and brands that last.

View all courses