Category Archives: Security

Poetry, Security

Risk Lessons from the Startup Genome Project

Leave a comment

The findings are in from a business analysis project that models itself after genome research.

The first finding:

Most successful startups pivot at least once. Startups that pivot once or twice raise 2.5x more money, have 3.6x better user growth, and are 52 percent less likely to scale prematurely than startups that pivot more than two times or not at all. A pivot is when a startup decides to change a major part of its business

Pivot? Sounds fancy. If I read that correctly a business that reacts to correct a mistake is more likely to be successful than one that does not correct its mistake. Likewise, a business that corrects fewer mistakes is going to be more successful than one with many mistakes. In other words there is going to be at least one major mistake in a startup plan, which will have to be corrected, but there should not be too many because the cost of correction is high.

Perhaps the same could be said of anything. Take rock climbing for example. A climber that can react quickly to a mistake will climb 2.5x times higher and have 3.6x better time to the summit, and be 52 percent less likely to burn out prematurely than climbers that make more than two mistakes or do not react to their mistake.

The third finding:

The major reason for failure of startups is premature scaling. About 70 percent of our dataset showed up as premature scaling or inconsistency. One driving factor for inconsistency is too much capital, teams that are too large, bad team compositions, too little testing, etc. – pretty much everything a large company does, anticipating high certainty in their planning.

I smell a tautology. What is failure? Premature scaling. What is premature scaling? Failure. So you can avoid failure by avoiding failure, which is like avoiding scaling too soon because of course it is too soon. But seriously, this conclusion equates bad with failure. I suspect some might have reached the same conclusions without the study. You should not need a “Genome” project to state that a bad team will give bad results.

Based on the above findings the solution to startup failures should be obvious — simply reverse the statements. Have just the right amount of capital, teams that are sized just right, teams that are composed just right, testing that is just right…it is starting to feel like they could have called it the Startup Goldilocks Project.

Oh, and I think this qualifies for the most non-humble statement award:

It has been extremely humbling for us to be able to touch the lives of thousands of entrepreneurs living around the globe.

How is that humbling? It’s like saying “it is extremely humbling for us to achieve more than we expected and to be really successful”. New definition?

The whole project appears to be anything but modest. By their name they affiliate themselves with a scientific effort to “complete mapping and understanding of all the genes of human beings“. Yet the findings on risk that they have published seem far from attempting the same kinds of analysis.

Understanding the human genome will have an enormous impact on the ability to assess risks posed to individuals by exposure to toxic agents. Scientists know that genetic differences make some people more susceptible and others more resistant to such agents. Far more work must be done to determine the genetic basis of such variability.

In other words will the Startup Genome Project explain the variability in startups that cause some to be more susceptible to risk — pressure by large companies? What external and internal factors cause one startup grow before it is able to sustain itself but another startup to hold back?

They could assess, for example, whether it helps reduce pressure from large companies to expand if the startup founder has X amount of personal/family wealth and at least one attorney in the family. I use that example because they mention Bill Gates as a successful entrepreneur. It makes me wonder if they collecting the kind of data and searching it for factors like those revealed by the WSJ about the very beginning of Microsoft?

The family support was one reason Mr. Gates decided to move Microsoft to Seattle, where he settled into a house not far from his parents. Mrs. Gates arranged to have a maid clean her son’s house, and made sure he had clean shirts for his big meetings. […] Mr. Gates Sr., drawing from his own experience as a lawyer guiding small companies, helped find Seattle businesspeople to serve on the Microsoft board. […] The father’s law firm would also end up representing Microsoft, which became the firm’s biggest client.

Clean shirts for his big meetings is the key phrase. Someone should decode it properly.

The Startup Genome Project, if it were directed at the human body, so far reads more like a study that concludes premature death is a leading cause of a short lifespan. It’s a new collection of information with some interesting synthesis, but it’s not exactly illuminating an unknown or unmapped world with clues to help us understand how to manage risk.

Security

Automated vShield services installation

2 Comments

Example automation code and a demo video have been posted by Virtu-Al Renouf

…this really does show the power of PowerShell and how we can simplify everything down into a couple of lines of code which can be used over and over. The last line of this code is all that is now needed to install vShield services on not just 1 host but 100’s of hosts !

Install vShield Services from Alan Renouf on Vimeo.

Security

Are Security Surveys Too Cocky?

Leave a comment

CSO Online cites a recent survey on security leadership and offers this perspective in a post called “Are CIOs Too Cocky About Security”:

There’s been no shortage of high-profile and damaging data breaches in the past year….

Despite these attacks, the ninth annual Global Information Security Survey conducted by CIO’s sister publication CSO magazine and PricewaterhouseCoopers indicates that of the 9,600-plus business and technology execs surveyed, 43 percent identify themselves as security frontrunners and believe they have a sound security strategy and are executing it effectively.

“Clearly, something unusual is happening, with so many organizations viewing themselves as security leaders,” says Mark Lobel, a principal in the advisory services division of PwC. In reality, “nowhere near 43 percent [are] leaders.”

Pete Lindstrom, research director at Spire Security, has another take. “Either 43 percent are fooling themselves, or they are reaching a good level of success in setting their strategy and hitting it.”

I have serious doubts about how this survey was written.

Asking a CIO if they are a leader is like asking for trouble. Why not be concerned that 57 percent of top executives say they are followers?

In other words, being a leader in security does not mean being breach-proof or free from attacks, which the quotes above imply. That’s an awful dichotomy. Leaders are the ones who respond quickly to breaches, disclose them fully and learn from them.

Security

African Social Networks Improve Quality of Life

Leave a comment

The BBC reports how real-time reporting tools available to the public are enhancing the quality of information and therefore improving the social and political landscape in multiple countries.

Although billed as a social network, the founders call them “tools for people who don’t believe they have any power” and “the opposite to a cute kitten video” platform such as Facebook.

Africa’s move to aggregating and crowd-sourcing content began with the now famous Ushahidi platform.

After the disputed Kenyan elections, it played a key role in identifying outbreaks of violence and has since been adopted around the world.

Philip Thigo, an adviser with Nairobi-based non-governmental organisation Sodnet, is using the platform for his Uchaguzi election-monitoring project which allows citizens to report incidents of violence in elections across Africa.

“In Kenya it has changed how elections are monitored. It is working in real-time to impact elections as they take place, creating pressure on officials to act,” he said.

It has been used in recent elections in Uganda and Zambia and has spawned a similar tool that has more long-lasting applications.

The Huduma platform has drawn inspiration from MySociety projects to create a place where citizens can report day-to-day issues.

“If they go to hospital and don’t get the medicine they should have, they can report it,” he said.

Users can report problems with health and education services as well as with water supplies and the justice system.

According to Mr Thigo, the government has responded to problems reported.