From Insight to Conviction: The Method Behind Team8’s Venture Creation Model

Exploration, Ideation & Validation Process – Orchid’s Case Study

Turning insight into conviction

Most startups fail not because they can’t build, but because they build the wrong thing – though even building the right thing won’t matter without excellent execution. At Team8, we reverse that risk and increase the success rate. Our journey of building a successful startup begins long before product design or the first line of code. It starts with a rigorous exploration, ideation, and validation process, a structured, market-obsessed approach that ensures we’re addressing a significant, urgent, and validated problem with the right solution. Our ideation team, composed of tech researchers, business strategists, and business development leaders, conducts this process. This disciplined approach has already translated into 27 companies we’ve built across cyber, software infrastructure, fintech, and digital health, each born from a rigorous ideation and validation process grounded in a deeply validated thesis.In this blog, we share our process step-by-step and illustrate it with the story of Orchid Security, one of our ventures born from this methodology, a company tackling one of the toughest identity problems in the enterprise.

Our Ideation Process at Team8

1. Broad Exploration

Independent research.
We begin with deep, independent research conducted by a team of technology researchers and business strategists. Our goal is to stay ahead of market trends, understand the innovation landscape, and spot emerging opportunities before they become mainstream.

Listening to our Village.
Our Village is a vibrant community of C-level executives (primarily from enterprise-class organizations), industry leaders, and domain experts. The relationships are managed by our business development leaders. Engaging the village in candid conversations teaches us about their priorities, untapped problems, upcoming projects, allocated budgets, and most pressing pain points. 

We summarize the research and the village exploration calls into an initial hypothesis and market research bottom lines, which include insights about the space’s TAM, problems, trends, competitive landscape, ICP & persona.

2. Shaping the initial thesis

With insights in hand, we craft a first thesis deck that includes:

• Problem statement – the challenge we believe is worth solving and its root cause.
  
• Solution approach – a high-level value proposition outlining how we might address the problem. We may complement this with a few Figma screens or a quick-and-dirty coded prototype to illustrate what an ideal product could look like and highlight its key features.
  
• Open questions — what we need to validate (e.g., urgency, budget ownership, and whether buyers would replace legacy solutions or require a net-new budget if we decide to start a company).

3. Validation: feedback loop & iterations

We return to the Village for validation calls. Here, we stress-test our thesis and dive deep to understand:

• Does this solution sound like it addresses your problem and would you be willing to pay for it?
  
• What must an MVP include?
  
• Would this replace existing tools or require new budget allocation?
  

These conversations often lead to multiple iterations, refining both the problem definition and the solution direction. We also invite select organizations, whose C-level executives are part of our village, to join early on as design partners, assuming we proceed to build a company.

4. Milestone 0 — Go/No-Go

From these validation conversations, we aggregate feedback and conduct an internal strategic discussion together with our advisory board, and relevant domain experts. We discuss: should we build a company focused on solving this acute problem, or move on? 

In this phase we also brainstorm the differentiation that will help us win the market and moat that will enable us to dominate it over time. It could be a technology advantage, a strategic partnership that provides a GTM edge, or a clear cost/time advantage.

We call this phase Milestone 0 because it precedes company formation. The focus is on gaining conviction about the problem space, problem statement and about the initial direction to solve it. At this point, we won’t necessarily have a founding team. The discussion will end with a clear decision of go/no-go. Sometimes we might also decide to put the thesis on the shelf and wait, either to the right team to build it into a company, or to the market to evolve, or to find a clear differentiator/moat.

Later, once we have the founders to actually start and build a company, together we conduct Milestones 1 and 2, focused on validating the solution and GTM approach while addressing strategic dilemmas on the company’s path to PMF and beyond. To those milestones we invite the company’s design partners, customers and prospects to share the market’s perspective.

This process is repeatable. We conduct it continuously to generate multiple theses, with only the most validated ones advancing into company creation.

Orchid Security – From Thesis to Breakthrough

The first problem statement 

During one of our exploration cycles, backed by independent research and many of the Village conversations, we identified the identity domain as a high-priority, high-pain area for large enterprises, because managing identity and access across a large, growing, and diverse application estate is a significant challenge. Our initial thesis focused on over-permissioning and manual user access reviews; common pain points we believed were ripe for innovation. We met Roy Katmor, co-founder & CEO of enSilo, (acquired by Fortinet), as a potential founder, and began collaborating on this ideation track. Roy met the Team8 founders over a decade ago and played a role in Team8’s formation before founding enSilo. Years later, as a second-time founder, he decided to join forces with Team8 to build his next big venture.

Shifting the problem statement

Validation feedback on the ‘over-permissioning’ problem was positive, but as conversations accumulated, it became clear we were only seeing the tip of the iceberg. A deeper, largely unmet challenge sat at the core of identity: the inability to manage identities across the application estate amid rapid application velocity, growing variety, and complex, dynamic onboarding into the Identity and Access Management ecosystem. We learned that, in large organizations, managing identities across the application estate while maintaining security and compliance has become operationally complex, often evolving into multi-year, multi-million-dollar initiatives with no guarantee of success, leaving enterprises exposed. This realization became the refined problem statement we focused on through the validation process.

Milestone 0 challenge

By the time we reached Milestone 0, following dozens of validation calls, to decide whether to start a company around this refined problem, we had clear conviction about the problem statement, and we had sharpened the defining question:

Is it technologically feasible to create an automated mechanism that can assess applications and subsequently govern them through IAM integration?

It was a formidable technology challenge, complex enough that we even considered returning to the exploration phase and restarting the process from scratch.

The breakthrough

Just as we were preparing to move on, a pivotal moment occurred during the Team8 CISO Village Summit, our annual gathering that brings together hundreds of top cybersecurity leaders from the world’s leading organizations to exchange ideas and shape the future of the industry. In a conversation with Steve Sparkes, a Team8 villager and then CISO of Scotiabank ( now CISO of TD Bank) a fresh perspective emerged that inspired a novel, ground-up solution approach. The collaboration’s insight pointed to the possibility of enabling generic application analysis and instrumentation of missing integrability functions, without requiring the involvement of application owners or reliance on tribal knowledge. Specifically, the fusion of observability technologies (to examine applications from the outside in) with prompting into advanced large language models showed the potential to automate what had, since the inception of the category, remained a manual and resource-intensive process of application governance.

“The problem of access management for large-scale corporations was ripe for innovation and I was delighted to go deep with Roy to see if our hunch that we could transform the problem was right. And that’s when a beautiful design partnership was born”. (Steve Sparkes, CISO, TD Bank)

“What began as a friendly lunch conversation quickly became a shared vision, one that turned frustration into innovation. Steve’s insight helped us see that the answer wasn’t incremental improvement but a new foundation for identity itself”. (Roy Katmor, Orchid’s co-founder & CEO)

This seed grew into Orchid Security. 

Key takeaways from Orchid’s ideation & validation journey

This process applies beyond Orchid. We conduct it on a regular and repeated basis to initiate and validate theses, which we can later suggest to our founding teams. Here are some takeaways from the Orchid ideation & validation process and from additional processes we made in the past:

• Be validation-obsessed. Early, repeated conversations with end users are invaluable for refining your direction. Aim for at least 50 meaningful conversations with potential buyers and users — that’s where true insights emerge.
• Look beneath the obvious pain. Your first thesis might be valid, but not painful or urgent enough. Dig deeper; real validation often uncovers a more fundamental problem. In our case, what started as a surface-level insight evolved into uncovering the true barrier impacting the entire human identity space. Listen carefully, challenge your assumptions, and stay flexible enough to change the thesis when the data tells you to.
• Leverage trusted networks. The Team8 CISO Village played a crucial role in surfacing the perspective that led to our breakthrough – and fueled the entire validation process. Surround yourself with a trusted network of experts who can stress-test your thinking and expose blind spots early on.
• Define the moat early. From the very beginning, stress-test your technical feasibility and go-to-market advantages. Knowing how you’ll win the market before you even start building gives you an edge that compounds over time.
• Don’t shy away from hard problems. The toughest challenges are often the most valuable opportunities. Focus on solving the problems people are truly willing to pay for – and don’t walk away too soon just because the problem seems unsolved. That’s often where the breakthrough lies.

At Team8, this isn’t just how we build companies – it’s how we ensure we build the right companies on their way to PMF and long-term success. Orchid’s story reflects what happens when curiosity becomes conviction and bold thinking meets rigorous validation: real impact. And it’s only the beginning. 

To me, being part of such an exciting and impactful journey – building companies, celebrating their success stories like Gem Security, strengthening the Israeli tech ecosystem, and partnering with the best founders and talent out there – is both an honor and a privilege.

If you’re a founder or industry leader driven by the same curiosity and determination to make a difference, we’d love to explore what we can build together.