Roy Firestein

Security Feeds

Archive for April, 2011

HIPAA Security Risk Analysis: How to Achieve Both Security and Compliance

April 27th, 2011. Published under My Recent Reads. No Comments.

pulled from Google Reader (click on title for original post)

Lets review different viewpoints driving why healthcare organizations implement a HIPAA Security Risk Analysis. The purpose of exploring these different perspectives is to show that the primary objectives for doing a HIPAA Security Risk Analysis can be categorically defined as either security or compliance – and that both of these objectives can be achieved if a practical approach to the analysis is utilized. Here I use the term security as the goal of safeguarding electronic protected health information (ePHI) and compliance to mean the requirement that healthcare organizations operate consistently with guiding regulatory mandates – HIPAA & HITECH Act.

While many think of security and compliance as the same thing, they are in fact unique, and not identical objectives. For example, it’s very common for organizations to consider themselves compliant with the HIPAA Security Rule, yet to be in a state of high risk of an ePHI data breach. Conversely its also possible for a health IT environment to be quite secure without being compliant. Ultimately healthcare organizations have both security and compliance risk and need to achieve both.

The following examples summarize different viewpoints. In reality most organizations undertaking a HIPAA Security Risk Analysis want to achieve both security and compliance, but there is usually an over-riding primary factor driving the effort. These viewpoints are meant to highlight those dominant factors as they tend to influence the assessment and the eventual value that is derived from the effort.

The compliance view of HIPAA Security Risk Analysis: When the objective is to become “compliant” the assessment tends to come in one of two flavors:

  1. Check the box that says “we did a HIPAA Security Risk Analysis” or
  2. To ensure that all of your IT controls around safeguarding ePHI are “compliant”

In either case, the risk of focusing on compliance is that it becomes a rote effort focused on just getting it done rather than getting to the essence or the intent of the regulation, which is safeguarding protected health information.

The meaningful use view HIPAA Security Risk Analysis: This view, of course, is driven primarily by meeting the HITECH Act’s meaningful use core objectives, so this is somewhat of a corollary to the previous example.  In this case the objective defined by the HITECH Act to meet meaningful use is to protect ePHI created or maintained by the EMR system. CMS defines this core objective as follows:

Objective: Protect electronic health information created or maintained by the certified EHR technology through the implementation of appropriate technical capabilities.

Measure: Conduct or review a security risk analysis in accordance with the requirements under 45 CFR 164.308(a)(1) and implement security updates as necessary and correct identified security deficiencies as part of its risk management process.

The business Associate view of HIPAA Security Risk Analysis: This too is similar to the compliance view. In the case of a business associate (BA), the driver is either:

  1. Be compliant with the HIPAA Security Rule as is now required of BAs by the HITECH Act
  2. The BAs client – the covered entity – is pressuring them to show that they have an effective information security program in place

The security and risk management view of HIPAA Security Risk Analysis: Organizations in this camp are undertaking a security assessment purely for the purpose of identifying risk within the health IT environment to ensure that the ePHI is effectively safeguarded and that IT resources are focused on areas of most importance. This is the pure security perspective.

How to achieve all of these? Focus on the intent of the HIPAA Security Rule. In the case of the meaningful use view, for example,  that means to focus on the “objective” they define (protect ePHI) rather than completely focusing on how they “measure” the achievement of that objective (Conduct or review a security risk analysis in accordance with the requirements under 45 CFR 164.308(a)(1) ). By focusing on the intent of the guidelines defined by the HIPAA Security Rule you won’t be another victim of rote security controls, like the ever common intrusion detection system, which in concept is great, but in practice is often implemented in a way that provides little security.  The HIPAA Security Rule is flexible and the guidelines are defined in such a way to allow interpretation depending on the size, complexity and site-specific characteristics of the healthcare IT environment in question. This allows enough flexibility for most health IT organizations to implement cost effective and practical solutions, whether technical controls or operational procedures that achieve both security and compliance.

Here are a couple of tips to consider when embarking on a HIPAA Security Risk Analysis.

  • Avoid a checkbox approach to audits in which the existence of a controls (true / false) are the defining characteristics of whether a guideline is met or not. This approach fails to identify risk in which controls, such as a firewall, IDS or security policy, exist but are not effective. This approach also yields many recommendations for controls that are often expensive, not practical and can be mitigated by simple and cost-effective work arounds.
  • Leverage a risk-based approach in which the analysis focuses on areas of risk for your particular environment. This focuses the analysis on practical areas that can minimize your security risk.
  • Ensure you use an independent and objective party for your analysis. For example, avoid a product company that has something else to sell such as a firewall, IDS or managed security service, as their findings are likely to be clouded by the opportunity to upsell expensive “solutions” to their findings. A non-objective approach to the analysis is in many ways the opposite of a risk-based approach.

By focusing on the intent and spirit of the regulations and leveraging a thoughtful, risk-based, and non-checkbox approach to a HIPAA Security Risk Analysis, it is possible for your healthcare organization to achieve both security and compliance.

 

entrepreneur

April 27th, 2011. Published under My Recent Reads. No Comments.

pulled from Google Reader (click on title for original post)

entrepreneur

VC, Startups, Business and Leadership
  • Business IT Section – Ars Technica
  • A VC
  • StartupCFO : Mark MacLeod
  • SAI: Silicon Alley Insider
  • VentureBeat
  • CVCA – Capital Rants
  • Leading Geeks
  • Tech Beat – BusinessWeek
  • Business Pundit
  • Forbes.com: Technology News
  • StartupNorth
  • VC Ratings

Preview this bundle

Netflix on Canadian Data Caps

April 27th, 2011. Published under My Recent Reads. No Comments.

pulled from Google Reader (click on title for original post)
Netflix on the use
of data caps
by Canadian ISPs:

data caps are actually a very poor
way to manage demand and limit Internet congestion. All of the costs of
supplying residential broadband are for supporting the peak loads,
typically Sunday  nights for residential customers. 
Bandwidth consumed
off-peak is completely free; it literally has no marginal costs. If
ISPs really wanted to limit their costs and congestion, they would
limit speeds at peak times.  But if their goal is instead to
increase
revenue, then making consumers pay $1 or more per gigabyte is an
excellent strategy.

When we state the marginal costs of
residential wired gigabyte are below one penny, but are not zero, that
is because we are making the appropriate costing assumption that some
of an average gigabyte is transferred at costly peak times. 

Canadian consumers have been
outspoken against the excessive charges they face, and hopefully
Canadian ISPs will listen to them by raising the caps or abandoning
them altogether.

4 essential ways to attract investors

April 27th, 2011. Published under My Recent Reads. No Comments.

pulled from Google Reader (click on title for original post)

(Editor’s note: Doug Collom is vice dean and an adjunct lecturer on venture capital and entrepreneurship for Wharton | San Francisco. He submitted this story to VentureBeat.)

There really isn’t a one-size-fits-all formula that can be followed for optimizing the chances of attracting professional investment.  Each company is different and faces challenges and issues that can be overcome only through creativity, perseverance and resolve.

There are, however, some elements that are so basic they cannot be ignored.  Most institutional venture investors either expressly or intuitively address these requirements whenever they evaluate a business plan for a potential investment. Here are four to be especially aware of.

Is it a company or is it a product? – With the dramatic level of innovation that’s taking place through startups in the social media/Web 2.0/online business arena, this question is increasingly important.  Implicitly, investors want to know the product development – something that can go in a variety of directions.  For example, can the product be developed to include additional features and functionality that will effectively redefine the offering in the eyes of the customer?  Can the product be adapted to address the needs of more than a single vertical market?  Is the product so compelling that the emphasis in the business plan shifts to the customer acquisition strategy?

The mobile application market is a good example of a product category that, in general, doesn’t offer a sufficient foundation to support a company.  Individual app developers typically don’t require much capital or labor to be successful, and they don’t require professional investors.  In contrast, there are online gaming companies—Zynga, Playdom, Social Gaming Network and others—whose product roadmaps concentrate entirely on the rapid development and production of new “hits”.  Businesses like this require all the resources and disciplines of a full-fledged company to support their growth objectives.

How big does the market have to be to attract investment? – After the dot-com bust, the anecdotal answer to this question was $1 billion -  or at least an annual growth rate that would get you close to $1 billion quickly.

In 2011, there is far more latitude, depending on the business plan of the company.  With the advent of open source software, online development tools, cloud computing, and the ability to reach massive customer markets instantly through the Internet, startup companies have become much more efficient in product development and customer acquisition, and can more rapidly get to proof of concept and positive cash flow than ever before.

As a result, companies with online business models, for example, may not require nearly as much capital as they once did. Moreover, angel groups aren’t swinging for the fences the way the mainstream institutional VC firms do.  Instead, (to continue the metaphor) they’re frequently only looking to hit singles and doubles, and may be quite content to realize exits in the range of $10-$100 million.

Is prior management-level experience required? – Obviously, it doesn’t hurt.  In particularly tough times, prior executive experience in managing a VC-backed startup may be a non-waivable requisite.  Management experience of any kind is always a positive factor, since it directly relates to the credibility of the management team in the eyes of the investor.

Obviously, there are many amazing startup companies that have been built by founders with no previous experience, and lacking this experience should not deter an entrepreneur who believes he or she can build a great company.  There are effective ways to work around the experience issue if it is an impediment to getting an invitation to present before a VC firm.  Teaming up with a co-founder who does bring the necessary experience, finding a mentor who carries personal credibility, or organizing a board of advisors with relevant experience and expertise are all ways of addressing the issue.

Do you need to have customers or even first revenue? – There is a lot of dialogue around the need to “bootstrap” early stage companies to the point where a product has been developed and commercially released.  This is particularly true of social media, gaming and other online business companies.  In seeking to access professional capital, it comes down to supply and demand.  Professional investors will look to tangible indicators of success and validation of the business model in evaluating a company’s prospects.

These might include website traffic, conversion rates, your ability to launch a beta and more.  Without anything but an idea to show, very few companies get funded to any meaningful degree.

For more traditional “brick and mortar” companies, the ability to get to “proof of concept” through bootstrapping methods is much more difficult.  It is also likely that the amount of all-in professional capital necessary to support a company in this category to an acceptable exit—including the amount of so-called “seed stage” funding—is substantially higher than for a social media or gaming company, for example.  As a result, there may be a lower expectation that founders will be able to bootstrap to get to professional funding, but the emphasis will be commensurately higher on the other investment basics, including size of the market, likely market impact of the technology, barriers to entry, credibility of the management team and the like.  As a result, the bar to funding for companies in this category is fundamentally as high.

Tags: ,

Sony: Hackers Stole Your Personal Info From PlayStation Network (SNE)

April 27th, 2011. Published under My Recent Reads. No Comments.

pulled from Google Reader (click on title for original post)

Sony PS2 blog

Sony’s PlayStation Network has been down for the last six days after being attacked by hackers, and Sony has just posted one of the scariest status messages we’ve ever seen.

The relevant excerpt:

Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility.

Worst case scenario: if you use the same password and email address to register for other services like online banking, the attacker will have very little problem getting into those accounts, too.

Sony has shut down the network and engaged an outside security firm to try and figure out what happened. Sony is rebuilding the network and says it will have some services back up in a week.

The PlayStation Network has 70 million members.

For the latest tech news, visit SAI: Silicon Alley Insider. Follow us on Twitter and Facebook.

Join the conversation about this story »

See Also:


The 100 Rules For Being An Entrepreneur

April 25th, 2011. Published under My Recent Reads. No Comments.

pulled from Google Reader (click on title for original post)

If you Google “how to be an Entrepreneur” you get a lot of mindless clichés like “follow your passion” or “think big.” That’s not what you are going to get here.

Again, for me, being an “entrepreneur” doesn’t mean starting the next “Faceook.” Or even starting any business at all. It means finding the challenges you have in your life, and determining creative ways to overcome those challenges. However, in this post I focus mostly on the issues that come up when you first start your company. These rules also apply if you are taking an entrepreneurial stance within a much larger company (which all employees should do).

For me, I’ve started several businesses. As I’ve described in the rest of this blog, some have succeeded, many have failed. I’m invested in about 13 private companies. I’ve advised probably another 50 private companies. Along the way I’ve compiled a list of rules that have helped me deal with every aspect of being an entrepreneur in business and some in life.

[Btw, Claudia thinks I shouldn’t put this post up. This is going to be a chapter in a book I am self-publishing in a week or so: “How to be the Luckiest Man Alive”. But I’m trying to price the book for free on Kindle so why not? Plus, once I write something, I can’t help myself. I have to put it up.]

Here’s the real rules:

A)        It’s not fun. I’m not going to explain why it’s not fun. These are rules. Not theories. I don’t need to prove them. But there’s a strong chance you can hate yourself throughout the process of being an entrepreneur. Keep sharp objects and pills away during your worst moments. And you will have them. If you are an entrepreneur and agree with me, please note this in the comments below.

B)        Try not to hire people. You’ll have to hire people to expand your business. But it’s a good discipline to really question if you need each and every hire.

C)        Get a customer. This seems obvious. But it’s not. Get a customer before you start your business, if you can. (see, “the Easiest Way to Succeed as an Entrepreneur”)

CA)  Follow me on Twitter.

D)        If you are offering a service, call it a product. Oracle did it. They claimed they had a database. But if you “bought” their database they would send in a team of consultants to help you “install” the database to fit your needs. In other words, for the first several years of their existence, they claimed to have a product but they really were a consulting company. Don’t forget this story. Products are valued higher than services.

E)        It’s OK to fail. Start over. Hopefully before you run out of money. Hopefully before you take in investor money. Or, don’t worry about it. Come up with new ideas. Start over.

F)         Be profitable. Try to be profitable immediately. This seems obvious but it isn’t. Try not to raise money. That money is expensive.

G)        When raising money: if it’s not easy then your idea is probably incapable of raising money. If its easy, then take as much as possible. If its TOO easy, then sell your company (unless you are Twitter, etc).

H)        The same goes for selling your company. If it’s not easy, then you need to build more. Then sell. To sell your company, start getting in front of your acquirers a year in advance. Send them monthly updates describing your progress. Then, when they need a company like yours, your company is the first one that comes to mind.

I)          Competition is good. It turns you into a killer. It helps you judge progress. It shows that other people value the space you are in. Your competitors are also your potential acquirors.

J)         Don’t use a PR firm. Except maybe as a secretary. You are the PR for your company. You are your companys brand. You personally.

K)        Communicate with everyone. Employees. Customers. Investors. All the time. Every day.

L)         Do everything for your customers. This is very important. Get them girlfriends or boyfriends. Speak at their charities. Visit their parents for Thanksgiving. Help them find other firms to meet their needs. Even introduce them to your competitors if you think a competitor can help them or if you think you are about to be fired. Always think first, “What’s going to make my customer happy?”

M)        Your customer is not a company. There’s a human there. What will make my human customer happy? Make him laugh. You want your customer to be happy.

N)        Show up. Go to breakfast/lunch/dinner with customers. Treat.

O)        History. Know the history of your customers in every way. Company history, personal history, marketing history, investing history, etc.

P)         Micro-manage software development. Nobody knows your product better than you do. If you aren’t a technical person, learn how to be very specific in your product specification so that your programmers can’t say: “well you didn’t say that!”

Q)        Hire local. You need to be able to see and talk to your programmers. Don’t outsource to India. I love India. But I won’t hire programmers from there while I’m living in the US.

R)        Sleep. Don’t buy into the 20 hours a day entrepreneur myth. You need to sleep 8 hours a day to have a focused mind.

S)         Exercise. Same as above. If you are unhealthy, your product will be unhealthy.

T)         Emotionally Fit. DON’T have dating problems and software development problems at the same time. VCs will smell this all over you.

U)        Pray. You need to. Be grateful where you are. And pray for success. You deserve it. Pray for the success of your customers. Heck, pray for the success of your competitors. The better they do, it means the market is getting bigger. And if one of them breaks out, they can buy you.

V)        Buy your employees gifts. Massages. Tickets. Whatever. I always imagined that at the end of each day my young, lesbian employees (for some reason, most employees at my first company were lesbian) would be calling their parents and their mom and dad would ask them: “Hi honey! How was your day today?” And I wanted them to be able to say: “It was the best!” Invite customers to masseuse day.

W)       Treat your employees like they are your children. They need boundaries. They need to be told “no!” sometimes. And sometimes you need to hit them in the face (ha ha, just kidding). But within boundaries, let them play.

X)        Don’t be greedy pricing your product. If your product is good and you price it cheap, people will buy. Then you can price upgrades, future products, and future services more expensive. Which goes along with the next rule.

Y)        Distribution is everything. Branding is everything. Get your name out there, whatever it takes. The best distribution is of course word of mouth, which is why your initial pricing doesn’t matter.

YA) Follow me on Twitter.

Z)         Don’t kill yourself. It’s not worth it. Your employees need you. Your children or future children need you. It seems odd to include this in a post about entrepreneurship but we’re also taking about keeping it real. Most books or “rules” for entrepreneurs talk about things like “think big”, “go after your dreams”. But often dreams turn into nightmares. I’ll repeat it again. Don’t kill yourself. Call me if things get too stressful. Or more importantly, make sure you take proper medication

AA)     Give employees structure. Let each employee know how his or her path to success can be achieved. All of them will either leave you or replace you eventually. That’s OK. Give them the guidelines how that might happen. Tell them how they can get rich by working for you.

BB)      Fire employees immediately. If an employee gets “the disease” he needs to be fired. If they ask for more money all the time. If they bad mouth you to other employees. If you even think they are talking behind your back, fire them. The disease has no cure. And it’s very contagious. Show no mercy. Show the employee the door. There are no second chances because the disease is incurable.

CC)      Make friends with your landlord. If you ever have to sell your company, believe it or not, you are going to need his signature (because there’s going to be a new lease owner)

DD)     Only move offices if you are so packed in that employees are sharing desks and there’s no room for people to walk.

EE)      Have killer parties. But use your personal money. Not company money. Invite employees, customers, and investors. It’s not the worst thing in the world to also invite off duty prostitutes or models.

FF)       If an employee comes to you crying, close the door or take him or her out of the building. Sit with him until it stops. Listen to what he has to say. If someone is crying then there’s been a major communication breakdown somewhere in the company. Listen to what it is and fix it. Don’t get angry at the culprit’s. Just fix the problem.

GG)     At Christmas, donate money to every customer’s favorite charity. But not for investors or employees.

HH)     Have lunch with your competitors. Listen and try not to talk. One competitor (Bill Markel from Interactive once told me a story about how the CEO of Toys R Us returned his call. He was telling me this because I never returned Bill’s calls. Ok, Bill, lesson noted.

II)        Ask advice a lot. Ask your customers advice on how you can be introduced into other parts of their company. Then they will help you. Because of the next rule…

JJ)        Hire your customers. Or not. But always leave open the possibility. Let it always dangle in the air between you and them. They can get rich with you. Maybe. Possibly. If they play along. So play.

KK)     On any demo or delivery, do one extra surprise thing that was not expected. Always add bells and whistles that the customer didn’t pay for.

LL)      Understand the demographic changes that are changing the world. Where are marketing dollars flowing and can you be in the middle. What services do aging baby boomers need? Is the world running out of clean water? Are newspapers going to survive? Etc. Etc. Read every day to understand what is going on.

LLa) Don’t go to a lot of parties or “meetups” with other entrepreneurs. Work instead while they are partying.

MM)    But, going along with the above rule, don’t listen to the doom and gloomers that are hogging the TV screen trying to tell you the world is over. They just want you to be scared so they can scoop up all the money.

NN)     You have no more free time. In your free time you are thinking of new ideas for customers, new ideas for services to offer, new products.

OO)     You have no more free time, part 2. In your free time, think of ideas for potential customers. Then send them emails: “I have 10 ideas for you. Would really like to show them to you. I think you will be blown away. Here’s five of them right now.”

OOa) Depressions, recessions, don’t matter. There’s $15 trillion in the economy. You’re allowed a piece of it:

PP)       Talk. Tell everyone you ever knew  what your company does. Your friends will help you find clients.

QQ)     Always take someone with you to a meeting. You’re bad at following up. Because you have no free time. So, if you have another employee. Let them follow up. Plus, they will like to spend time with the boss. You’re going to be a mentor.

RR)      If you are consumer focused: your advertisers are your customers. But always be thinking of new services for your consumers. Each new service has to make their life better. People’s lives are better if: they become healthier, richer, or have more sex. “Health” can be broadly defined.

SS)       If your customers are advertisers: find sponsorship opportunities for them that drive customers straight into their arms. These are the most lucrative ad deals (see rule above). Ad inventory is a horrible business model. Sponsorships are better. Then you are talking to your customer.

TT)      No friction. The harder it is for a consumer to sign up, the less consumers you will have. No confirmation emails, sign up forms, etc. The easier the better.

TTA) No fiction, part 2. If you are making a website, have as much content as you can on the front page. You don’t want people to have to click to a second or third page if you can avoid it. Stuff that first page with content. You aren’t Google. (And, 10 Unusual Things You Didn’t Know About Google)

UU)     No friction, part 3. Say “yes” to any opportunity that gets you in a room with a big decision maker. Doesn’t matter if it costs you money.

VV)     Sell your company two years before you sell it. Get in the offices of the potential buyers of your company and start updating them on your progress every month.  Ask their advice on a regular basis in the guise of just an “industry catch-up”

WW)    If you sell your company for stock, sell the stock as soon as you can. If you are selling your company for stock it means:

  • a.         The market is such that lots of companies are being sold for stock.

  • b.         AND, companies are using stock to buy other companies because they value their stock less than they value cash.

  • c.         WHICH MEANS, that when everyone’s lockup period ends, EVERYONE will be selling stock across the country. So sell yours first.

XX)     Ideas are worthless. If you have an idea worth pursuing, then just make it. You can build any website for cheap. Hire a programmer and make a demo. Get at least one person to sign up and use your service. If you want to make Facebook pages for plumbers, find one plumber who will give you $10 to make his Facebook page. Just do it.

YY)     Don’t use a PR firm, part II. Set up a blog. Tell your personal stories (see “33 tips to being a better writer” ). Let the customer know you are human, approachable, and have a real vision as to why they need to use you. Become the voice for your industry, the advocate for your products. If you make skin care products, tell your customers every day how they can be even more beautiful than they currently are and have more sex than they are currently getting. Blog your way to PR success. Be honest and bloody.

ZZ)      Don’t save the world. If your product sounds too good to be true, then you are a liar.

ZZa) Your company is always for sale.

AAA)  Frame the first check. I’m staring at mine right now.

BBB)   No free time, part 3. Pick a random customer. Find five ideas for them that have nothing to do with your business. Call them and say, “I’ve been thinking about you. Have you tried this?”

CCC)   No resale deals. Nobody cares about reselling your service. Those are always bad deals.

DDD)   Your lawyer or accountant is not going to introduce you to any of their other clients. Those meetings are always a waste of time.

EEE)    Celebrate every success. Your employees need it. They need a massage also. Get a professional masseuse in every Friday afternoon. Nobody leaves a job where there is a masseuse.

FFF)     Sell your first company. Don’t take any chances. You don’t need to be Mark Zuckerberg. Sell your first company as quick as you can. You now have money in the bank and a notch on your belt. Make a billion on your next company.

GGG)   Pay your employees before you pay yourself.

HHH)   Give equity to get the first customer. If you have no product yet and no money, then give equity to a good partner in exchange for them being a paying customer.  Note: don’t blindly give equity. If you develop a product that someone asked for, don’t give them equity. Sell it to them. But if you want to get a big distribution partner whose funds can keep you going forever, then give equity to nail the deal.

III)       Don’t worry about anyone stealing your ideas. Ideas are worthless anyway. It’s OK to steal something that’s worthless.

IIIA) Follow me on twitter.

Questions from Readers

Question: You say no free time but you also say keep emotionally fit, physically fit, etc. How do I do this if I’m constantly thinking of ideas for old and potential customers?

Answer:  It’s not easy or everyone would be rich.

Question: if I get really stressed about clients paying, how do I get sleep at night?

Answer: medication

Question: how do I cold-call clients?

Answer: email them. Email 40 of them. It’s OK if only 1 answers. Email 40 a day but make sure you have something of value to offer.

Question: how can I find cheap programmers or designers?

Answer: if you don’t know any and you want to be cheap: use scriptlance.com, elance.com, or craigslist. But don’t hire them if they are from another country. You need to communicate with them even if it costs more money.

Question: should I hire programmers?

Answer: first…freelance. Then hire.

Question: what if I build my product but I’m not getting customers?

Answer: develop a service loosely based on your product and offer that to customers. But I hope you didn’t make a product without talking to customers to begin with?

Question: I have the best idea in the world, but for it to work it requires a lot of people to already be using it. Like Twitter.

Answer: if you’re not baked into the Silicon Valley ecosystem,  then find distribution and offer equity if you have to. Zuckerberg had Harvard. MySpace had the fans of all the local bands they set up with MySpace pages. I (in my own small way) had Thestreet.com when I set up Stockpickr.com. I also had 10 paying clients when i did my first successful business fulltime.

Question: I just lost my biggest customer and now I have to fire people. I’ve never done this before. How do I do it?

Answer:  one on meetings. Be Kind. State the facts. Say you have to let people go and that everyone is hurting but you want to keep in touch because they are a great employee. It was an honor to work with them and when business comes back you hope you can convince them come back. Then ask them if they have any questions. Your reputation and the reputation of your company are on the line here. You want to be a good guy. But you want them out of your office within 15 minutes. It’s a termination, not a negotiation. This is one reason why it’s good to start with freelancers.

Question: I have a great idea. How do I attract VCs?

Answer: build the product. Get a customer. Get money from customer. Get more customers. Build more services in the product. Get VC. Chances are by this point, the VCs are calling you.

Question: I want to build a business day trading.

Answer: bad idea

Question: I want to start a business but don’t know what my passion is:

Answer: skip to the post: “How to be the luckiest person alive”. Do the Daily Practice. Within six months your life will be completely different.

Question: I want to leave my job but I’m scared.

Answer: same as above question.  The Daily Practice turns you into a healthy Idea Machine. Plus luck will flow in from every direction.

Final rule: Things change. Every day. The title of this post, for instance, says “100 Rules”. But I gave about 70 rules (including the Q&A). Things change midway through. Be ready for it every day. In fact, every day figure out what you can change just slightly to shake things up and improve your product and company.

Throughout the rest of this blog I have examples, ideas, rules, etc. In fact, it adds up to a lot more than 100 rules. Many of the rules above are repeated in other posts ahead but use this post as a cheat sheet. If you can think of more rules for me, add them to the comments. I’ll try and put them in the upcoming book.

For the latest career news, visit War Room. Follow us on Twitter and Facebook.

Join the conversation about this story »

See Also:


Always pitch in person

April 21st, 2011. Published under My Recent Reads. No Comments.

pulled from Google Reader (click on title for original post)



As we know all too well, most VCs you pitch will say ‘no’. So, when it comes to raising your round, you shouldn’t be jumping in a plane for every 1st meeting you get. 1st meetings mean nothing. There is no assurance that they will move ahead. Investors could be learning about the space, just seeing who’s out there or just be bored (not likely, but you never know…). So, how do you efficiently and effectively allocate your time and travel budget when you need to raise capital?

This isn’t an issue if you are in dense markets like the Valley. In one sleepy building in Palo Alto you can literally walk out of Felicis Venture‘s office go 3 feet across the hall and be in True Ventures‘ offices. If you’re not in the Valley, Boston, NYC or another market with investor density then you need to travel to raise your round.

The problem with this as I said is you need to qualify interest before hopping on a plane. Otherwise you will spend a lot of time and money with no assurances that you will be closer to getting a lead investor.

Being a frugal, Scottish and overly logical type, I recognized this early and when I was pitching for $ I would always start off with phone pitches. Now I managed to raise capital. But, now that I’m the one listening to pitches, I can tell you the experience sucks.

One day recently, we had two remote pitches. One was a 1st meeting with someone we did not know well. The other was with a team that I know and respect a lot. Both were horrible. This has nothing to do with the teams or their opportunities. Just the whole audio / visual experience.

We had issues on our side: fumbling to get our skype speaker to work, subsisting on crappy wifi. We just had trouble getting into it. I know, having met one of the pitchers in person after, that it was a crappy experience for them too. You can be pitching your heart out and you have no idea if the investor is engaged or is doing e-mail (BTW, I see investors do this often in phone-in board meetings. aka – “bored” meetings – but that’s another story…).

So what should you do? To start:

- Approach investors who focus on your sector and stage

- Get very warm, highly qualified intros to them

(You should be doing this anyway, for local or far away investors).

- Do an intro meet and greet call. Don’t do the full pitch, but in 20 minutes cover the following:

  • Your background and accomplishments – to establish credibility and interest
  • The elevator pitch – to clearly and quickly describe your opportunity
  • Your status – to quickly qualify if you are too early for this particular investor
  • Your round – again, to qualify fit with the investor

Leave 10 minutes for questions/ discussion which should hopefully set the stage for the investor to ask you to come in to do the full pitch.

Do that with a few funds /  groups in a given city and you can confidently book your trip knowing that you have some well qualified meetings and increased chance that the investor will bite and start doing diligence.

Just them excited remotely, but always pitch in person!

OECD Broadband Rankings: Canada Ranks 28th out of 33 Countries Based on Bell, Rogers & Shaw Data

April 20th, 2011. Published under My Recent Reads. No Comments.

pulled from Google Reader (click on title for original post)
The OECD published its latest comparative
broadband Internet data

last week, confirming yet again that Canadian consumers pay more for
less when it comes to Internet access. While some will undoubtedly
claim that the OECD methodology is faulty, it should be noted that the data
is provided

to OECD member governments before publication. For this survey, the
OECD focused on three of Canada’s largest ISPs – Bell, Shaw, and Rogers
- covering 18 of their offerings at a range of speeds and pricing
points.

The focus should be on the numbers, which tell a discouraging tale.
Among the findings on price of Internet services (all as of September
2010):

Speed Rank
Overall 28th out of
33
Below 2.5
Mbps
17th out of
24
Between 2.5
an 15 Mbps
28th out of
33
Between 15
and 30 Mbps
29th out of
33
Over 45 Mbps 23rd out of
28

Moreover, Canada trails in more than just pricing. The OECD found
gigabit to the home service in Sweden, Slovenia, Slovakia, and
Portugal, while Canada was back in the middle of the pack at 100 Mbit
service.  Canada was unsurprisingly one of the only countries
where all
offers included an explicit data cap (Australia, Iceland, and New
Zealand were the the countries). In fact, the majority of the countries
surveyed featured no data caps whatsoever.

The OECD data once again confirms that there are serious problems with
pricing and competitiveness of Canadian broadband access. In Australia,
the Minister for Broadband, Communications and the Digital Economy,
Senator Stephen Conroy, has cited
the OECD data as evidence that Australia also trails much of the
developed world. The question in Canada is whether the data will
provide a similar political support for change.

Got an iPhone or 3G iPad? Apple is recording your moves

April 20th, 2011. Published under My Recent Reads. No Comments.

pulled from Google Reader (click on title for original post)

By Alasdair Allan and Pete Warden

Update (7:45 am PT) — A section titled “Who has access to this data?” was added.

Today at Where 2.0 Pete Warden and I will announce the discovery that your iPhone, and your 3G iPad, is regularly recording the position of your device into a hidden file. Ever since iOS 4 arrived, your device has been storing a long list of locations and time stamps. We’re not sure why Apple is gathering this data, but it’s clearly intentional, as the database is being restored across backups, and even device migrations.

iPhoneTracker screen
A visualization of iPhone location data. Click to enlarge.

The presence of this data on your iPhone, your iPad, and your backups has security and privacy implications. We’ve contacted Apple’s Product Security team, but we haven’t heard back.

What makes this issue worse is that the file is unencrypted and unprotected, and it’s on any machine you’ve synched with your iOS device. It can also be easily accessed on the device itself if it falls into the wrong hands. Anybody with access to this file knows where you’ve been over the last year, since iOS 4 was released.

In the following video, we discuss how the file was discovered and take a look at the data contained in the file. Further details are posted below.

What information is being recorded?

All iPhones appear to log your location to a file called “consolidated.db.” This contains latitude-longitude coordinates along with a timestamp. The coordinates aren’t always exact, but they are pretty detailed. There can be tens of thousands of data points in this file, and it appears the collection started with iOS 4, so there’s typically around a year’s worth of information at this point. Our best guess is that the location is determined by cell-tower triangulation, and the timing of the recording is erratic, with a widely varying frequency of updates that may be triggered by traveling between cells or activity on the phone itself.

Who has access to this data?

Don’t panic. As we discuss in the video, there's no immediate harm that would seem to come from the availability of this data. Nor is there evidence to suggest this data is leaving your custody. But why this data is stored and how Apple intends to use it — or not — are important questions that need to be explored.

What are the implications of this location data?

The cell phone companies have always had this data, but it takes a court order to access it. Now this information is sitting in plain view, unprotected from the world. Beyond this, there is even more data that we have yet to look at in depth.

For example, in my own case I (Alasdair) discovered a list of hundreds of thousands of wireless access points that my iPhone has been in range of during the last year.

How can you look at your own data?

We have built an application that helps you look at your own data. It’s available at petewarden.github.com/iPhoneTracker along with the source code and deeper technical information.

What can you do about this?

An immediate step you can take is to encrypt your backups through iTunes (click on your device within iTunes and then check “Encrypt iPhone Backup” under the “Options” area).

Related:

Nature to Get Legal Rights in Bolivia

April 19th, 2011. Published under My Recent Reads. No Comments.

pulled from Google Reader (click on title for original post)
Bolivia’s Law of Mother Earth is set to pass, and on Wednesday the United Nations will discuss a proposed treaty based on the Universal Declaration of the Rights of Mother Earth. Both mandate legal recognition of ecosystems’ right to exist.

The Moore’s Law of solar energy

April 19th, 2011. Published under My Recent Reads. No Comments.

pulled from Google Reader (click on title for original post)

This article was originally posted at Scientific American. It’s reprinted with permission.

The sun strikes every square meter of our planet with more than 1,360 watts of power. Half of that energy is absorbed by the atmosphere or reflected back into space. Seven hundred watts of power, on average, reaches Earth’s surface. Summed across the half of the Earth that the sun is shining on, that is 89 petawatts of power. By comparison, all of human civilization uses around 15 terrawatts of power, or one six-thousandth as much. In 14 and a half seconds, the sun provides as much energy to Earth as humanity uses in a day.

The numbers are staggering and surprising. In 88 minutes, the sun provides 470 exajoules of energy, as much energy as humanity consumes in a year. In 112 hours — less than five days — it provides 36 zettajoules of energy – as much energy as is contained in all proven reserves of oil, coal, and natural gas on this planet.

If humanity could capture one tenth of one percent of the solar energy striking the Earth — one part in one thousand — we would have access to six times as much energy as we consume in all forms today, with almost no greenhouse gas emissions. At the current rate of energy consumption increase — about 1 percent per year — we will not be using that much energy for another 180 years.

It’s small wonder, then, that scientists and entrepreneurs alike are investing in solar energy technologies to capture some of the abundant power around us. Yet solar power is still a minuscule fraction of all power generation capacity on the planet. There is at most 30 gigawatts of solar generating capacity deployed today, or about 0.2 percent of all energy production. Up until now, while solar energy has been abundant, the systems to capture it have been expensive and inefficient.

That is changing. Over the last 30 years, researchers have watched as the price of capturing solar energy has dropped exponentially. There’s now frequent talk of a “Moore’s law” in solar energy. In computing, Moore’s law dictates that the number of components that can be placed on a chip doubles every 18 months. More practically speaking, the amount of computing power you can buy for a dollar has roughly doubled every 18 months, for decades. That’s the reason that the phone in your pocket has thousands of times as much memory and ten times as much processing power as a famed Cray 1 supercomputer, while weighing ounces compared to the Cray’s 10,000-pound bulk, fitting in your pocket rather than a large room, and costing tens or hundreds of dollars rather than tens of millions.

If similar dynamics worked in solar power technology, then we would eventually have the solar equivalent of an iPhone — incredibly cheap, mass distributed energy technology that was many times more effective than the giant and centralized technologies it was born from.

So is there such a phenomenon? The National Renewable Energy Laboratory of the U.S. Department of Energy has watched solar photovoltaic price trends since 1980. They’ve seen the price per Watt of solar modules (not counting installation) drop from $22 dollars in 1980 down to under $3 today.

naam-solar-moore's-law-1.jpg

Is this really an exponential curve? And is it continuing to drop at the same rate, or is it leveling off in recent years? To know if a process is exponential, we plot it on a log scale.

naam-solar-moore's-law-2.jpg

And indeed, it follows a nearly straight line on a log scale. Some years the price changes more than others. Averaged over 30 years, the trend is for an annual 7 percent reduction in the dollars per watt of solar photovoltaic cells. While in the earlier part of this decade prices flattened for a few years, the sharp decline in 2009 made up for that and put the price reduction back on track. Data from 2010 (not included above) shows at least a 30 percent further price reduction, putting solar prices ahead of this trend.

If we look at this another way, in terms of the amount of power we can get for $100, we see a continual rise on a log scale.

naam-solar-moore's-law-3.jpg

What's driving these changes? There are two factors. First, solar cell manufacturers are learning — much as computer chip manufacturers keep learning — how to reduce the cost to fabricate solar.

Second, the efficiency of solar cells — the fraction of the sun's energy that strikes them that they capture — is continually improving. In the lab, researchers have achieved solar efficiencies of as high as 41 percent, an unheard of efficiency 30 years ago. Inexpensive thin-film methods have achieved laboratory efficiencies as high as 20 percent, still twice as high as most of the solar systems in deployment today.

naam-solar-moore's-law-4.jpg

What do these trends mean for the future? If the 7 percent decline in costs continues (and 2010 and 2011 both look likely to beat that number), then in 20 years the cost per watt of PV cells will be just over $0.50.

naam-solar-moore's-law-5.jpg

Indications are that the projections above are actually too conservative. First Solar corporation has announced internal production costs (though not consumer prices) of $0.75 per watt, and expects to hit $0.50 per watt in production cost in 2016. If they hit their estimates, they’ll be beating the trend above by a considerable margin.

What does the continual reduction in solar price per watt mean for electricity prices and carbon emissions? Historically, the cost of PV modules (what we’ve been using above) is about half the total installed cost of systems. The rest of the cost is installation. Fortunately, installation costs have also dropped at a similar pace to module costs. If we look at the price of electricity from solar systems in the U.S. and scale it for reductions in module cost, we get this:

naam-solar-moore's-law-6.jpg

The cost of solar, in the average location in the U.S., will cross the current average retail electricity price of $0.12 per kilowatt hour in around 2020, or 9 years from now. In fact, given that retail electricity prices are currently rising by a few percent per year, prices will probably cross earlier, around 2018 for the country as a whole, and as early as 2015 for the sunniest parts of America.

10 years later, in 2030, solar electricity is likely to cost half what coal electricity does today. Solar capacity is being built out at an exponential pace already. When the prices become so much more favorable than those of alternate energy sources, that pace will only accelerate.

We should always be careful of extrapolating trends out, of course. Natural processes have limits. Phenomena that look exponential eventually level off or become linear at a certain point. Yet physicists and engineers in the solar world are optimistic about their roadmaps for the coming decade. The cheapest solar modules, not yet on the market, have manufacturing costs under $1 per watt, making them contenders — when they reach the market — for breaking the $0.12 per Kwh mark.

The exponential trend in solar watts per dollar has been going on for at least 31 years now. If it continues for another 8-10, which looks extremely likely, we’ll have a power source which is as cheap as coal for electricity, with virtually no carbon emissions. If it continues for 20 years, which is also well within the realm of scientific and technical possibility, then we’ll have a green power source that is half the price of coal for electricity.

That’s good news for the world.

Photo: Evening sun by dingbat2005, on Flickr

Sources and further reading:

The 10 Things Tech Company CEOs Should Know Right Now

April 18th, 2011. Published under My Recent Reads. No Comments.

pulled from Google Reader (click on title for original post)
Written By Mark Anderson

WikiLeaks Cable about Chinese Hacking of U.S. Networks

April 18th, 2011. Published under My Recent Reads. No Comments.

pulled from Google Reader (click on title for original post)
We know it’s prevalent, but there’s some new information: Secret U.S. State Department cables, obtained by WikiLeaks and made available to Reuters by a third party, trace systems breaches — colorfully code-named “Byzantine Hades” by U.S. investigators — to the Chinese military. An April 2009 cable even pinpoints the attacks to a specific unit of China’s People’s Liberation Army. Privately,…

Resilience of the Internet Interconnection Ecosystem

April 16th, 2011. Published under My Recent Reads. No Comments.

pulled from Google Reader (click on title for original post)

The Internet is, by very definition, an interconnected network of networks. The resilience of the way in which the interconnection system works is fundamental to the resilience of the Internet. Thus far the Internet has coped well with disasters such as 9/11 and Hurricane Katrina – which have had very significant local impact, but the global Internet has scarcely been affected. Assorted technical problems in the interconnection system have caused a few hours of disruption but no long term effects.

But have we just been lucky ? A major new report, just published by ENISA (the European Network and Information Security Agency) tries to answer this question.

The report was written by Chris Hall, with the assistance of Ross Anderson and Richard Clayton at Cambridge and Panagiotis Trimintzios and Evangelos Ouzounis at ENISA. The full report runs to 238 pages, but for the time-challenged there’s a shorter 31 page executive summary and there will be a more ‘academic’ version of the latter at this year’s Workshop on the Economics of Information Security (WEIS 2011).

Internet interconnectivity is a complex ecosystem with many interdependent layers. Its operation is governed by the collective self-interest of the Internet’s networks, but there is no central Network Operation Centre (NOC), staffed with technicians to leap into action when trouble occurs. The open and decentralised organisation that is the very essence of the ecosystem is essential to the success and resilience of the Internet. Yet there are a number of concerns.

First, the Internet is vulnerable to various kinds of common mode technical failures where systems are disrupted in many places simultaneously; service could be substantially disrupted by failures of other utilities, particularly the electricity supply; a flu pandemic could cause the people on whose work it depends to stay at home, just as demand for home working by others was peaking; and finally, because of its open nature, the Internet is at risk of intentionally disruptive attacks.

Second, there are concerns about sustainability of the current business models. Internet service is cheap, and becoming rapidly cheaper, because the costs of service provision are mostly fixed costs; the marginal costs are low, so competition forces prices ever downwards. Some of the largest operators – the ‘Tier 1′ transit providers – are losing substantial amounts of money, and it is not clear how future capital investment will be financed. There is a risk that consolidation might reduce the current twenty-odd providers to a handful, at which point regulation may be needed to prevent monopoly pricing.

Third, dependability and economics interact in potentially pernicious ways. Most of the things that service providers can do to make the Internet more resilient, from having excess capacity to route filtering, benefit other providers much more than the firm that pays for them, leading to a potential ‘tragedy of the commons’. Similarly, security mechanisms that would help reduce the likelihood and the impact of malice, error and mischance are not implemented because no-one has found a way to roll them out that gives sufficiently incremental and sufficiently local benefit.

Fourth, there is remarkably little reliable information about the size and shape of the Internet infrastructure or its daily operation. This hinders any attempt to assess its resilience in general and the analysis of the true impact of incidents in particular. The opacity also hinders research and development of improved protocols, systems and practices by making it hard to know what the issues really are and harder yet to test proposed solutions.

So there may be significant troubles ahead which could present a real threat to economic and social welfare and lead to pressure for regulators to act. Yet despite the origin of the Internet in DARPA-funded research, the more recent history of government interaction with the Internet has been unhappy. Various governments have made ham-fisted attempts to impose censorship or surveillance, while others have defended local telecommunications monopolies or have propped up other industries that were disrupted by the Internet. As a result, Internet Service Providers (ISPs), whose good will is essential for effective regulation, have little confidence in the likely effectiveness of state action, and many would expect it to make things worse.

Any policy makers should therefore proceed with caution. At this stage, there are four types of activity that can be useful at the European (and indeed the global) level.

The first is to understand failures better, so that all may learn the lessons. This means consistent, thorough, investigation of major outages and the publication of the findings. It also means understanding the nature of success better, by supporting long term measurement of network performance, and by sustaining research in network performance.

The second is to fund key research in topics such as inter-domain routing – with an emphasis not just on the design of security mechanisms, but also on traffic engineering, traffic redirection and prioritisation, especially during a crisis, and developing an understanding of how solutions can be deployed in the real world.

The third is to promote good practice. Diverse service provision can be encouraged by explicit terms in public sector contracts, and by auditing practices that draw attention to reliance on systems that lack diversity. The public section might also promote the independent testing of equipment and protocols.

The fourth is public engagement. Greater transparency may help Internet users to be more discerning customers, creating incentives for improvement, and the public should be engaged in discussions on potentially controversial issues such as traffic prioritisation in an emergency. And finally, Private Public Partnerships (PPPs) of relevant stakeholders, operators, vendors, public actors etc. are important for self-regulation to be effective. Additionally, should more formal regulation become necessary in the future, more informed policy makers who are already engaged with industry will be able to make better decisions.

So if you’ve ever wondered how the Internet is glued together, and how it might come apart – or if you’re interested in learning about yet another area where computer security and economics interact – then this report will be fascinating reading.

TEDTalks : David Christian: Big history – David Christian (2011)

April 16th, 2011. Published under My Recent Reads. No Comments.

pulled from Google Reader (click on title for original post)
Backed by stunning illustrations, David Christian narrates a complete history of the universe, from the Big Bang to the Internet, in a riveting 18 minutes. This is “Big History”: an enlightening, wide-angle look at complexity, life and humanity, set against our slim share of the cosmic timeline.

TEDTalks : Dave Meslin: The antidote to apathy – Dave Meslin (2010)

April 16th, 2011. Published under My Recent Reads. No Comments.

pulled from Google Reader (click on title for original post)
Local politics — schools, zoning, council elections — hit us where we live. So why don’t more of us actually get involved? Is it apathy? Dave Meslin says no. He identifies 7 barriers that keep us from taking part in our communities, even when we truly care.

Get Funded Faster

April 16th, 2011. Published under My Recent Reads. No Comments.

pulled from Google Reader (click on title for original post)



One of the most frustrating aspects of raising capital is how long it can take. Even if an investor loves the idea after the 1st meeting, the process still takes months. Now that I am sitting on the other side, I have a better appreciation for why things take longer than entrepreneurs would like.  So, I thought I would share some thoughts on why things can take long and how you can accelerate the process.

We are four partners at Real Ventures, and we see a lot of opportunities. A small number of those are clearly not a fit and so we pass quickly, but the rest all require some amount of work. Plus we have an active portfolio in our 1st fund that we spend time with. And of course, we “have to” attend events, conferences, meet with other investors and generally meet people all the time. So, unlike the entrepreneur that gets to focus 100% of his or her attention on their company, as an investor, our attention is fractured in many directions.

I am fairly process driven (side effect of being a CFO for so long), and for me at least, I need dedicated blocks of time to think about a given opportunity, so that I can really get into it, think through the drivers, issues and develop a thesis for how things will play out. That can be hard to do when you have so many demands on your time. I can leave a pitch totally psyched about it, but not be able to touch the opportunity again for a week.

So, what’s the solution? Here are my suggestions for getting funded faster:

Be prepared: Have your investor materials (exec summ, pitch, financial forecast) ready to go. Make sure they are great. The goal of the exec summ is to get you a meeting. Nothing more. The goal of the pitch is to get the investor to dig deeper. Nothing more. These are sales documents. Not educational documents.

Parallel, not serial: Run a roadshow process. Dedicate a team member full time to fundraising. Hit up all investors at once.

Don’t do it alone: Before you begin, assemble your team. Make sure you have advisors and mentors who have done this and who have relevant relationships. Have a deal lawyer who knows the space.

Get introductions: All funds, including ours, have web submissions or you can e-mail info@fund.com. Don’t bother. We do genuinely look at cold submissions but place a high priority on trusted introductions. Get people investors know and trust (their porfolio CEOs, VCs, lawyers, etc) to introduce you. Ideally more than one intro.

Get a running start: I am a big fan of building investor relationships before you start fundraising. Mark Suster has a great post about investing in dots not lines. The gist is that as investor you want multiple touch points and opportunities to get to know the team and see the progress. The surest way to accelerate the deal process is to blow away investors with your progress each time you interact with them. So, meet investors before you are ready to raise so they know you and your story and can track your progress.

Start early enough: This is an extension of the last point. Don’t start the process when you have 3 months of runway left. Start early.

The right investor: If you have a SaaS, freemium or e-commerce business, I’m going to get it quickly. If you have something that I don’t focus on, it’s much tougher and is going to take longer. The point is, don’t just pitch any partner you get introduced to. Pitch the partner that is most focused on your sector.

At the right time: Timing is (almost) everything. This is true for individual investors and for the fund as a whole. As an individual, if I have other deals going on, I may not have the time to move a new opportunity forward. As a fund, if you approach us at the end of our investment cycle, the timing might not be right. It’s easy to figure out where a fund is in their investment cycle. Look at when they closed new capital. You have 3 – 5 years from that point for active investing. It’s harder to know what is on an individual partner’s plate.

Build trust: You do this by having multiple touch points with investors (to my earlier points about building relationships before fundraising) and by telling investors what you’re going to do, then next time you speak with them let  them know you did that and more! Do that a couple of times and that will get attention.

All about traction: You need to time fundraising around milestones and progress with your development and ideally goto market. Nothing will get investors to move faster than seeing a startup kill it.

Seed Funding – Some New Considerations

April 16th, 2011. Published under My Recent Reads. No Comments.

pulled from Google Reader (click on title for original post)

Seed Funding
AttributionNoncommercialNo Derivative Works Some rights reserved Photo by Pictoscribe

I started writing this post while working on my presentation for Enterprise Toronto‘s Small Business Forum 2010 on raising capital for high growth businesses. I’m by no means an expert at this topic, but there are a lot of basics that entrepreneurs and growth businesses can learn about both the type of capital and when to raise it. But Manu Kumar‘s (LinkedIn) must-read post (and the comments) about his Thoughts on Convertible Debt got me to thinking I would publish my list of resources. And Adeo Ressi‘s (@adeoressi) thoughts on Year of the Startup Default includes implications for entrepreneurs raising a lot of debt, because if Series A funding is more difficult to find than getting traditional bank loans or other sources of capital become more difficult with a large, even capped, debt load. There are a lot implications for entrepreneurs.

The starting point for my now almost 6 month old talk is the fantastic article by Bernard Lunn on Read-Write Web, The Capital-Raising Ladder, which defines the different types of capital that is available to startup companies and founders. The “ladder” concept is key in the article. Entrepreneurs generally have to start at the bottom of the ladder and work their way up each “rung”. Certain entrepreneurs can skip some of the rungs on the ladder particularly if they have had success in the past, i.e., it’s way easier for someone that has built a successful publicly traded company to raise angel or VC money than a student first out of school, but since much of this is a meritocracy it is easy for young entrepreneurs to demonstrate their ability to build successful companies and raise additional capital.

The implications of Manu Kumar’s post and Adeo Ressi’s are about the prevalence of startups raising convertible debt with angel investors because it is en vogue. Nivi (@venturehacks) has provided some of the best advice on founder fundraising at Venture Hacks and some good analysis of the impact and benefits of debt for entrepreneurs in his comments:

“Notes were good technology a few years ago but now there are better technologies like Series Seed that have many of the benefits of debt (speed, simplicity, less negotiation). And debt is pretty complicated when you really look at it. I’m guessing we’ll be back to equity in a couple years, for the better. But Series Seed and other equity docs need to be tested a bit more too.

2. You can work around this in two ways. The company can’t pay back the debt and it converts to equity at maturity. I always include these in debt agreements.” – Babak Nivi comment on Thoughts on Convertible Debt

The goal here is for entrepreneurs to have access to information to make informed decisions. I hadn’t thought about the impact that the potential debt load might have on Influitive’s ability to raise loans vs financing in the future.

I’m interested in the thoughts from Boris Wertz (@bwertz), Roger Chabra (@rogerchabra), Scott Pelton (@spelton), Chris Arsenault (@chrisarsenault), Mark MacLeod (@startupcfo), Craig Netterfield (@cnetterfield), Jordan Banks (@Jordan_Banks), Ben Yoskovitz (@byosko), John Philip Green (@johnphilipgreen) and others.

  • What are the unique implications for Canadian founders in that are unique to the considerations for convertible debt?
  • What are you thoughts on convertible debt notes as an investor?

Resources for Entrepreneurs

Here’s my short-list of resources around the mechanics of raising money and evaluating the documentation.

Seed Funding – Some New Considerations

April 15th, 2011. Published under My Recent Reads. No Comments.

pulled from Google Reader (click on title for original post)

Seed Funding
AttributionNoncommercialNo Derivative Works Some rights reserved Photo by Pictoscribe

I started writing this post while working on my presentation for Enterprise Toronto‘s Small Business Forum 2010 on raising capital for high growth businesses. I’m by no means an expert at this topic, but there are a lot of basics that entrepreneurs and growth businesses can learn about both the type of capital and when to raise it. But Manu Kumar‘s (LinkedIn) must-read post (and the comments) about his Thoughts on Convertible Debt got me to thinking I would publish my list of resources. And Adeo Ressi‘s (@adeoressi) thoughts on Year of the Startup Default includes implications for entrepreneurs raising a lot of debt, because if Series A funding is more difficult to find than getting traditional bank loans or other sources of capital become more difficult with a large, even capped, debt load. There are a lot implications for entrepreneurs.

The starting point for my now almost 6 month old talk is the fantastic article by Bernard Lunn on Read-Write Web, The Capital-Raising Ladder, which defines the different types of capital that is available to startup companies and founders. The “ladder” concept is key in the article. Entrepreneurs generally have to start at the bottom of the ladder and work their way up each “rung”. Certain entrepreneurs can skip some of the rungs on the ladder particularly if they have had success in the past, i.e., it’s way easier for someone that has built a successful publicly traded company to raise angel or VC money than a student first out of school, but since much of this is a meritocracy it is easy for young entrepreneurs to demonstrate their ability to build successful companies and raise additional capital.

The implications of Manu Kumar’s post and Adeo Ressi’s are about the prevalence of startups raising convertible debt with angel investors because it is en vogue. Nivi (@venturehacks) has provided some of the best advice on founder fundraising at Venture Hacks and some good analysis of the impact and benefits of debt for entrepreneurs in his comments:

“Notes were good technology a few years ago but now there are better technologies like Series Seed that have many of the benefits of debt (speed, simplicity, less negotiation). And debt is pretty complicated when you really look at it. I’m guessing we’ll be back to equity in a couple years, for the better. But Series Seed and other equity docs need to be tested a bit more too.

2. You can work around this in two ways. The company can’t pay back the debt and it converts to equity at maturity. I always include these in debt agreements.” – Babak Nivi comment on Thoughts on Convertible Debt

The goal here is for entrepreneurs to have access to information to make informed decisions. I hadn’t thought about the impact that the potential debt load might have on Influitive’s ability to raise loans vs financing in the future.

I’m interested in the thoughts from Boris Wertz (@bwertz), Roger Chabra (@rogerchabra), Scott Pelton (@spelton), Chris Arsenault (@chrisarsenault), Mark MacLeod (@startupcfo), Craig Netterfield (@cnetterfield), Jordan Banks (@Jordan_Banks), Ben Yoskovitz (@byosko), John Philip Green (@johnphilipgreen) and others.

  • What are the unique implications for Canadian founders in that are unique to the considerations for convertible debt?
  • What are you thoughts on convertible debt notes as an investor?

Resources for Entrepreneurs

Here’s my short-list of resources around the mechanics of raising money and evaluating the documentation.

Google Analytics Cookies hold crucial digital forensic evidence

April 13th, 2011. Published under My Recent Reads. No Comments.

pulled from Google Reader (click on title for original post)
Research analysts at CCL-Forensics have forensically recovered vital internet history data from ‘cookies’ stored within a smartphone, which would not have been retrieved and interpreted using ‘standard’ forensic tools…

Massive Inhabited Planets Could Exist in Space-Time Orbit Inside Black Holes

April 12th, 2011. Published under My Recent Reads. No Comments.

pulled from Google Reader (click on title for original post)
“Advanced civilizations may live safely inside the supermassive black holes in the galactic nuclei without being visible from the outside.” Vyacheslav Dokuchaev at the Institute for Nuclear Research of the Russian Academy of Sciences in Moscow. We love Russian astrophysicists…

Larry Page Just Tied ALL Employees’ Bonuses To The Success Of Google’s Social Strategy (GOOG)

April 8th, 2011. Published under My Recent Reads. No Comments.

pulled from Google Reader (click on title for original post)

Larry Page

New Google CEO Larry Page, who stepped into the job this week, believes that Google needs to go “social” to compete.

To that end, he sent out a company-wide memo last Friday, alerting employees that 25% of their annual bonus will be tied to the success or failure of Google’s social strategy in 2011.

Click here to see a history of Google's failed attempts at social >>

“This is a joint effort so it’s important that we all get behind it,” we’re told Page writes in the confidential memo, subject-lined “2011 Bonus Multiplier.”

Page tells employees that are not directly involved in Google’s social efforts that they, too, will be held accountable. He writes that employees must test the products and give feedback.

Page wants these employees to push Google’s social products on their “family and friends.”

“When we release products, try them and encourage your family and friends to do the same.”

Google PR tells us: “We’re not going to comment on internal matters.”

When Google gave all of its employees a 10% raise and $1,000 bonus last fall, it was part of a move to abolish bonuses that had been based on an annual company multiplier – where employee bonuses were multiplied against some figure correlated to the overall company's performance.

In 2011, the returned company multiplier will be somewhere between .75 and 1.25 – depending on how well Google does in social.

That means employees’ bonuses could shrink by 25% if Google doesn’t perform. One Googler we talked to was irritated by a new risk being introduced into their compensation package.

And, indeed, there is plenty of risk in betting that Google will suddenly compete in social. It’s been trying for years and has mostly failed at every step.

Earlier this month Google launched its latest social effort, called +1. It’s a button next to the blue links on Google Search results the users can click on to say, in Google marketing’s words, “this is something you should check out.”

When you click the button, Google tells your friends, family, and the rest of the world that you recommended the link.

For now, +1 buttons are only in Google search results, but Google says that they’ll soon be elsewhere.

We’re guessing you’ll see them in articles, videos, on ads, and even on Amazon product pages – everywhere you see Facebook “like” buttons and Twitter “re-tweet” buttons today.

Speculating, we assume Google will use all the recommendations to not only improve search results, but also to bring content and URLs into some sort of content stream on Google.com that will look a lot like the Twitter stream and the Facebook News Feed looks now.

Increasingly, people are finding content to consume and things to buy online on Facebook (and to a lesser degree, Twitter) before they ever get a chance to search for it on Google. +1 is Google’s effort to get in on that action.

And that’s why Google’s so paranoid about social that it’s tying ALL employee’s bonuses to the social strategy’s success.

Orkut: big in Brazil, but getting smaller

After Friendster said “no thanks” to Google’s takeover bid — one of the greatest mistakes in corporate history — Google got employee Orkut Buyukkokten to build a competing social network. It launched in 2004 and for some reason got huge in Brazil. It’s still big there today, but numbers starting to decline.

Dodgeball: killed after 4 years.

Google bought this social-mobile-local company in 2005, before those three buzzwords appeared in every startup pitch.

But the product withered inside Google, and the company killed it in 2009 to make way for Google Latitude. Meanwhile, cofounder Dennis Crowley went on to create the popular — and competing — social mobile service Foursquare.

Picasa Web: surpassed by Facebook Photos.

Google bought Picasa, which offered online photo-editing software in 2004. A couple years later, Google rolled out Picasa Web Albums, an online photo-sharing site.

But users saw little reason to go to a separate photo-sharing site when they could simply upload photos to Facebook and immediately share them with friends and family on the service — without sending them to a separate URL.

View more at Business Insider

For the latest tech news,
visit SAI: Silicon Alley Insider. Follow us on
Twitter and
Facebook.

See Also:


U.S. can conduct offsite searches of computers seized at borders, court rules

April 7th, 2011. Published under My Recent Reads. No Comments.

pulled from Google Reader (click on title for original post)
A U.S. Court of Appeals has ruled that the government can confiscate computers from travelers at border locations, and then transport the devices to distant labs for analysis.