Sunday, December 6, 2009

Identifying New Ideas for a Startup

One of the biggest challenges for an entrepreneur involves how to rate new ideas before you decide to chase it. There are different aspects that you can evaluate, but here is the fundamental list from Berkeley, especially for those interested in seeking VC money -
  1. Unmet or Underserved need - we must start by critically analyzing whether the idea meets an unmet or underserved need. In other words, is there at least 1 customer whose hair is on fire when he hears about the idea from you?
  2. Market size - Most successful entrepreneurs will tell you that chasing a large or growing market played a huge part in their success. Current thinking is that VCs are loathe to funding ideas which do not have a $1B potential.
  3. Sustainable competitive advantage - do you have a secret sauce or technology that increases the barrier to entry or makes it extremely difficult for your competitors to battle you?
  4. Scalable business model - can you build a scalable business around the idea. Are the fixed and variable costs such that you can increase and maintain high margins in steady state?
  5. Why us? Why now? - do you have the right team with the experience, network or other necessary attributes to win with this idea? Is this the right time to go to market with this idea or will it take another 5 years for this idea to gain mainstream adoption.
At a minimum, you should be able to pass these five checks easily. Of course, it helps to examine the idea to gauge the attractiveness of the idea using personal metrics also. For instance, you may want to see how well aligned the idea is to your own interests, the cost of other opportunities you'll have to forgo, etc.

Monday, November 30, 2009

Corporate Blogs - the real audience

In the last 3-4 years, I have seen most software vendors starting their own corporate blog. I have seen first-hand how these corporate blogs help in lead-generation and sales. Most of us think that this requires a lot of thought-provoking, high quality content, but that is not necessarily true. This is because the true audience of the corporate blog is NOT the CIO or IT manager or admin who is looking to learn about new technologies. The real audience is actually the search engines and corporate blogs provide a great way to improve where one shows up in the search results.

One of my close friends, a great marketing person, gave these tips to get maximum mileage out of corporate blogging efforts -
  • Create a shortlist - start by creating a list of keywords that you'd like to improve your search rankings on. At Solidcore, these keywords would normally include Change Control, File Integrity, Whitelisting, etc.
  • Post Regularly and consistently - every blog post must target 2-3 of these keywords in a consistent manner. For best results, try to incorporate these keywords in your titles or tags. And be regular - it takes at least 3 posts a week for 6 months before your search rankings improve
  • Link back - linking to other articles about the topic you are posting about also improves the search rankings. In fact, you should aim to link to at least 1 (preferably 2-3) other posts in every blog post
As you can see, this is fairly simple. If you don't find any good topics to blog about, just repeat the words in random order, a la "change control is solidcore and my file integrity oops what a neat way to cheat the search engines". I haven't seen too many instances of such obvious posts, but don't for a moment get beguiled into thinking that the corporate blog is aimed at you, the reader. It is not.

Thursday, June 4, 2009

Tools for the Starving Entrepreneur

I found a couple of very interesting (and free) tools that I wish I had known about earlier -
  1. SSL Explorer, an SSL based VPN solution. The company behind this product, 3SP, got acquired by Barracuda, but this product is still available from Sourceforge
  2. VirtualBox virtualization products. This is a wonderful product and is available for most platforms, including Macs. Quite likely this will be discontinued after the Oracle acquisition of Sun is complete, so download it ASAP. As an aside, Oracle already has 2 virtualization products - their own xen-based one and one from their Virtual Iron acquisition.

Tuesday, May 5, 2009

Textbook Rentals

WSJ is reporting that Case Western will start experimenting with Amazon's Kindle for some of their classes this Fall. I hope this is a success and that we'll eventually see more electronic books going forward. If this happens, traditional book publishers will have to find better ways to remain profitable than resort to printing a new edition every year.

Profit margins of book publishers is a very well kept secret. Publishers invest between $1-2M for the first edition of a new book. If it is a success, they keep printing a new edition every year or two.
Interestingly, most of the changes between editions are cosmetic - a few color changes, end of chapter problems rearranged, etc. Ever wondered why? Unless they do this, students will stop buying new books and prefer to buy used books from their seniors in school. Also, the cost of reprinting a successful book is less than $1/copy. Yes, that is right - the books that we typically buy for an average of $80-$120, actually cost about $1 to print. Clearly, it is in the publisher's best interests to suppress the used book market. The real cost, sadly, is borne by the environment.

But, despite the publisher's best efforts, the used book market continues to thrive. I recently heard about, a startup which offers textbook rentals and has a Netflix-style business model. They even allow you to highlight the rented books, so long as you don't make the books completely unusable for the next renter. I'm sure Amazon's Kindle will feature an electronic expiry of the books, using which publishers will be able to offer subscription and perpetual pricing. But, the real question is will the publishing industry survive? What if the authors published to Amazon's Kindle directly instead of using the service of a publisher? How would you stay relevant if you were the CEO of a publisher? I don't know, but would love to hear the thoughts of anyone in this industry

Monday, April 27, 2009

PCI Whitepaper

I wrote a paper on PCI compliance titled "The 5 claims of PCI DSS snake oil salesmen", which is now being run by ThreatPost. Enjoy!

Friday, March 27, 2009

NYTimes calls Tripwire a fall hazard

The venerable NY Times is reporting that the Tripwire used at home can be a fall hazard. However, Tripwire at home offers many advantages (health and emotional benefits) unlike the product used in the Enterprise which has often delivered severe emotional shocks to many customers.

Solidcore has ample evidence that Tripwire Enterprise customers have suffered from different types of shocks including, but not limited to, sticker-shock, pci-coverage-shock and bloatware-shock. Sticker shock hits the customers when they are presented the first quote after the initial demo. Tripwire has recently managed to alleviate the pain caused by this shock through deep discounting of prices.

PCI coverage shock is a recent phenomenon and affects customers who are looking for PCI compliance solutions. At the outset, this shock makes everyone think they were stupid to deploy anti-virus and run vulnerability scans and penetration testing as mandated in PCI DSS sections 5, 11.2 and 11.3. After all, they could have achieved the same using Tripwire had they thought about it at first. However, this shock dampens once the QSAs and other vendors point out that Tripwire's PCI coverage whitepaper is not worth the paper it is printed on.

Bloatware shock is experienced only by customers who have used Tripwire in the past. After-effects of this shock include incredulity and deep anger that Tripwire has not introduced any significant changes to their UI or feature set in the last 10+ years in business. The few features that were added, including Configuration Assessment capability, have made the product more complicated and difficult to use than ever before. Tripwire's marketing department claims that only a minority of customers will suffer from this shock as there are more people who have not used Tripwire than those who have.

These reports have been confirmed by analysts from top-tier firms like Gorretner and the 911 group. Tim Ikestotalk from Gorretner says "It is unrealistic for customers to expect that a product named Tripwire will not deliver shocks. The name itself was chosen to signify how administrators will be shocked whenever they perform tasks that are anything but the most standard and mundane ones". The 911 group adds "Tripwire has been extremely successful in pulling the wool over customers eyes when it comes to PCI coverage. We have been receiving many calls from customers who feel cheated by Tripwire, but we can understand Tripwire's behavior. In these hard economic times, it is indeed very difficult to sell a product that offers so little to so few for such a high cost". Clearly, as the NYTimes puts it "no one had looked at this. It was all anecdotal." Until now, that is.

Names of all characters in this article have been changed to protect them from receiving shocks

Friday, February 13, 2009

Cloud Computing

Having worked for a Grid computing startup has made me a big skeptic about whatever new marketing umbrella the idea gets resurrected under. As you probably guessed, its latest incarnation is called cloud computing.

Here's a witty video that tries to make the concept of cloud computing less cloudy. Hope you enjoy it.