From Paul's Security Weekly
Jump to: navigation, search

Startup Security Weekly - Making It Rain on Unicorn

Episode 7 Recorded: August 18

What problem do you solve? Securely?

  • Exploring the business of security; advancing the security of business
  • Startup is a mindset; this is essential for security leaders today
  • Remind people of the perspectives:


Listener Question:

Chris J (@Rattis)

@securityweekly @catalyst really like sec startup weekly. In ep 6. Can you give advice in how to start from scratch. 1/n

@securityweekly @catalyst 2/n I get question 1. Here is the problem I think I solve, but then what.

@securityweekly @catalyst 3/n exp. Multi-year analytics of area crime, showing change, and related cause and effect of policing.

@securityweekly @catalyst 4/4 where does one start or find good entrepreneurial 101 resources.


Michael Thoughts:

  • Added some stories into this week to offer some insight
  • First - let’s address the first question, but from the vendor/startup perspective
  • I’m curious in your ‘why’ and ‘how’ - how did you discover, and why does it drive you
  • I find a lot of the guides and stuff out there are either overly prescriptive or too vague to help; for me, you need to move from what I call “idea to execution” and it takes 5-Ps
  -Product, pitch, plan, proof, and protection
  -Here’s the thing, when I work with people on this, the majority reach the end of the process to realize, “this dog won’t hunt” - not right. That’s not failure. It’s successfully working through a process/framework to get to a decision
  • The idea to execution is a combination of process/framework - which invites different methods to come together. But it’s how I evaluate startups. And how I help people -- even those in enterprises - evaluate their ideas and get them launched

Paul Thoughts:

  • After you discover the problem, focus on the solution, then stay focused on the product
  • Some, actually many, products in security are based on creating something for free that solves a problem, build on that and take it to the next level
  • Pitch - This is tricky at first, there are some guides, but I’ve found you need to tune it over and over and its different for everyone. What works for one product, doesn’t translate for all products:
  -Start with the problem
  -Jump right to your solution
  -Talk about your differentiators
  -Talk about economic incentive
  -Ease of use/deployment, performance and scalability
  -Not price, but value

Discussion on the security considerations from each of the perspective(s):

  • Startup
  • Buyer
  • Investor


n/a Sponsors n/a


  1. 1 - How to build a successful company, Part #1


Key Points:

  • Solve a problem. We just discussed this. The key here is making sure that it’s a problem that others have, they know they have it, and they’re willing to pay to have it solved.
  • I like the aspect of solving it at scale. I’ve solved a few problems, but I don’t know how to scale them, yet. As such, no product, no offering.
  • Discussion on the security considerations from each of the perspective(s):
  - Startup
  - Buyer
  - Investor

  1. 2 - How to build a successful company, Part #2


Key Points:

  • Get out and talk to people. Yup. But then listen to what they say.
  • Here’s a trick i picked up. And I love… explain it. Chat about it. Then follow up later and say, “hey, offer me one sentence that captures what you thought/remember/etc.” I’m going to start doing this, too
  • The tips on asking people are solid - pay attention and capture their words. Listen to what they tell you. This is generally when the lightbulb goes on

-And this is basically what my whole week has been

  • Discussion on the security considerations from each of the perspective(s):
  - Startup
  - Buyer
  - Investor

  1. 3 The Go-to-Market Approach Startups Need to Adopt


Key Points:

  • “It’s estimated that 100,000 technology startups reach the basic funding stage every year. Angel investors (including friends and family members) help about half of these companies with their initial development. Fewer than 10% (about 4,000) are then able to show enough promise to actually receive a first round of capital from venture or private equity sources.”
  - These folks moved from idea to execution
  • “Figuring out a go-to-market approach is no trivial exercise — it separates the companies that will be successful and sustainable from those that won’t.”
  • “They should think about what the customers are trying to achieve and what problems they need to solve — and then think about how the product can help them be successful.”

Michael comments This is why it pays to stay focused, launch quickly, and then use the market and those initial engagements to define

  • Discussion on the security considerations from each of the perspective(s):
  - Startup
  - Buyer
  - Investor

Paul: THIS: “Figuring out how you go to market is not a one-time exercise for a new company; it should be an ongoing process, constantly informed by a deeper and deeper understanding of customer needs and how your product can meet them.”

  1. 4 - Consumers Not Excited About Connected Appliances


Key Points:

  • Subhead: “Consumers like the idea of connected devices, but many are reluctant to embrace the reality due to security concerns.”
  • Seems we blame an awful lot on ‘security’ -- so this is either a canard, or it’s a real area startups need to focus on
  • “Except for thermostats, most consumers do not want IoT appliances such as connected fridges, dishwashers, or slow cookers.”
  • “A survey of 28,000 consumers in 28 countries released in January by Accenture LLP found that 47% of respondents pointed to security and privacy as potential obstacles to adopting such technology.”
  • Here’s the challenge of these surveys - and some lessons for all of us
  -These are perception surveys; they are not based on evidenced behavior - they still have value, but they need to be considered in context
  -How the question is asked is important; equally important is how the person answering perceives they’ll be assessed; sometimes it’s how they perceive themselves
  -Example: breach - will you shop there again? Most say no. Then go shop there again. 
  -When it comes to IoT - perhaps. 
  • I take this all to mean that if you do pay attention to security -- and translate your efforts into an experience that is easy to use AND protects people’s privacy, ensures an adequate level of security, you’ll stand out and be adopted quicker
  -So it comes down to communication - provided you’ve done the right things
  • Discussion on the security considerations from each of the perspective(s):
  - Startup
  - Buyer
  - Investor
  1. 5 - 9 Guaranteed Reasons Your VC Pitch Will Fail


Key Points:

  • I typically don’t like the negative approach, but there was some good insights in this one
  • Paul - you’ll love the picture
  • Michael’s take - this is broader than just pitching VC; it’s also about pitching prospects and generally educating your market; here are some of the points that stood out to me:
  -Mistake #1 is common
  -Mistake #2 - this is what I call the perfect message fallacy
  -Mistake #4 - defensive - is interesting. It takes some practice to separate ego (and intrinsic value) from the product and pitch. But if you want to grow and learn, you need to. Otherwise… 
  -Mistake #5 - in tech, this is often because *we* get amped on the features. And features are boring. Here’s the thing, though. You need to be you. Stop with the gimmicks. And don’t copy silicon valley. Please. 
  • Discussion on the security considerations from each of the perspective(s):
  - Startup
  - Buyer
  - Investor

Updates on our Journeys


If you want to learn, you have to launch; writing about it on my blog… and it’s awesome; much of what we’ve covered today has happened to me in the last week Based on an experience with a platform, decided to see if a substitute was available. I think i found one. And in fact, I think it’s a better fit. That means the company making $1k or more a year off me is going to lose out due to a poor experience, worse handling of it, and making $10 off the mistake. There’s a lesson on there. Learned a lot about what I didn’t explain - because most of it was in my head or otherwise overlooked - by launching; correcting that now. Toying with a demo/preview/free lesson… and starting the course next week Very much for executives and startups; it’s about bringing people together. You are invited, too. Security Catalyst . com.