Friday, June 30, 2017

Alfidi Capital at TiEcon 2017

I scored access to several sessions at TiEcon 2017. The TiE people are some seriously accomplished entrepreneurs and are among the most well-connected people in Silicon Valley. I had to go check out the scene, absorb startup wisdom, and maybe score some free coffee. My readers know I'm all about free stuff. I just can't turn down free access, freebies, and free knowledge.

I check out the action at TiEcon 2017.

The govtech track was a good fit for my background. More techies now know about how the US Digital Service is changing the federal government's cultural approach to deploying tech, but not everyone knows that FITARA is changing how the government's CIOs do business. The entire software sector has tried to move from waterfall development to agile development and Uncle Sam is finally following through. I sometimes wonder whether the entire US government lives in a "cone of uncertainty," but that's what the private sector calls a trial stage for govtech projects developed with lean startup methods. I betcha there's an app for Scrum contractors. Federal government contractors are accustomed to long sales cycles with more predictable revenues. I think the US can look to other countries for examples of successful govtech adoption. Governments most likely to adopt agile govtech, automated documents, knowledge management, mobile stuff, and whatnot will have similar factors. Francis Fukuyama's high-trust cultural traits (like in Scandinavia), a high degree of 4G coverage, and widespread mobile adoption are my picks for those success factors. The Digital 5 effects with e-Estonia are the kind of template the US needs.

The social impact track showcased concepts that are all the rage among business people who want to harmonize themselves with the universe, or something like that. Large banks and wealth management firms are developing their own philanthropic programs and encouraging employees to volunteer in the community. I have no idea whether their salespeople are smart enough to leverage those functions into referrals from donor-advised funds and family foundations. Impact investors are following the herd of VCs into agtech and are using the UN's Sustainable Development Goals. Here's the UN Sustainable Development Knowledge Platform if you need to get started. Rich people and corporate big shots can use the SDG Philanthropy Platform to select the SDGs that will most enhance their brand images or social standing. A non-profit executive at TiEcon mentioned that using a "network effect" of social peer pressure validates an impact investment pitch with well-heeled people. Yeah, it's all about elite peer acceptance of the latest cool idea they can brag about at social events.

One social impact expert thinks that four key cycles are out of balance: carbon, nitrogen, hydrogen, and Gini. Whacked-out cycles imply investors will favor environmental projects that will help the poor. I have no reason to think any of that is made up, because it sounds like it's all super-advanced science and smarty-pants stuff. I have every reason to think that microloans for 3D printers, Arduino boards, and other small assets can enable a tidal wave of artisanal tech for disadvantaged people, just like microloans for aquaponics in urban food deserts. Crowdfunding platforms could support microloans for lots of small-scale impact projects. It will be tough to pull these things off without US support for the UN SDGs and Paris Agreement on climate change. It will be even tougher without USAID programs for development abroad and US HUD programs for people at home. Deconstructing the US government in a nationalist fit of rage has an opportunity cost of foregone future development.

The TiEcon youth track had tons of stuff that even a middle-aged guy like yours truly could use. I thought I heard one guy at TiEcon say that some Indian regional government entity sponsored a hackathon with 900 participants. That is way more people than I've ever seen the biggest US tech conferences attract. India and China have huge populations and lots of students studying STEM. Quantity has a quality all its own. The US urgently needs crash STEM programs so lots of people can handle distributed processing in machine learning and analytics, just to catch up with our major strategic competitors. IMHO scalable models like Rethinking Engineering Design and Execution (REDX) would get mid-career non-STEM experts pushing youth into STEM projects that quickly solve real problems.

One VC addressing the youth track said successful entrepreneurs have five superpowers: passion, charisma, speed, focus, and "flight" (i.e., mental agility and constant pursuit of increased competence). He's Joseph Floyd, and you can check out his amazing comic book at Silicon Heroes. I read the book myself and it rings every bell for tech entrepreneurs striving to make their mark.

Athletes speak the entrepreneur's lingo. Former NFL player Anthony Trucks spoke about how he put tremendous work into the game he loved before he even knew he would be successful, a great lesson in hustling for entrepreneurs. Olympic table tennis player Lily Ann Zhang shared her humility and passion, and wanted us to enjoy our journey to success. Wow, I'm so glad I stuck around for the inspiration. It pays to be young at heart.

Anyone into biotech should check out Open Source Pharma Foundation and Nutrition International (formerly the Micronutrient Initiative). The impact investors pushing these concepts help enable simple innovations like universal iodized salt that become UN-led policies. One cool idea I heard from these advocates was for a "social DARPA" enabling giga-scale open innovation for billions of people.

TiEcon 2017 was well worth my time. I scored all the free stuff I could find so I came out ahead once again. The TiE people still haven't invited me to speak at their conference. They are really missing out because I have plenty to say about innovation. I also like Indian food even though I'm not Indian, so I will eat anything they put in front of me when I'm the star attraction at a future TiEcon.

Wednesday, June 28, 2017

The Haiku of Finance for 06/28/17

Automate paper
Sign everything in digits
No more ink in cloud

Alfidi Capital at DocuSign Momentum 2017

I attended DocuSign's annual Momentum conference for the first time ever in 2017. I had never heard of this firm but apparently they are doing really hot things by automating document management in the cloud. I had to see how they connect with their customers at this conference so I could score some knowledge in person.

Keynotes at these types of shindigs are always fun. I won't blindly repeat anyone's claims about how much customers save for every dollar spent on a DocuSign product. I could probably save less than a buck fifty by going completely paperless, but I score all of my paper note-taking products for free at conferences like Momentum. Hey, that means I'm saving money already thanks to DocuSign.

Alfidi Capital owns DocuSign Momentum 2017.

I have known about the US government's FedRAMP cloud product security standard for some time, but I learned at Momentum that a separate FIPS 140-2 standard applies to cryptographic security. Any service provider offering cloud solutions must be compliant with these standards or they will never get into Uncle Sam's procurement pipeline.

DocuSign's "Advisory Councils" sound like CustDev feedback channels for the firm's biggest verticals. I'll bet their data streams on who signs documents, how and when they sign, and the length of time for a transaction to close are a gold mine.

I mentally ran through a list of potential acquirers during the opening keynotes: Workday, Adobe, Google, Microsoft (if they want a SharePoint tie-in) . . . who did I miss? Salesforce? Nah, not them. I think Salesforce would rather acquire Box to build out its document automation and storage portfolio if it were so inclined, but hey, I don't run any of these companies, so I have no idea what they're doing.

Two special Momentum guests were contrasts in demeanor. I will not identify them so I can preserve an air of mystery. One overgrown frat-boy who somehow ended up as a financial service executive had more than one attendee swooning over his good looks and arrogance. He did not strike me as all that competent, so count me in the minority of people who weren't fooled. Another special guest was self-effacing and displayed technical competence on the speaking platform, but somehow came off poorly to the people sitting around me. I get it how physically attractive people, regardless of gender, get a big pass in life but I don't have to like it.

Experts on trust and digital transaction management said that clients now demand trust certifications like ISO 27001 and AICPA SOC. It's not my job to implement those certifications so I'll just trust that some people love doing the work for me. There's also an xDTM standard for digital transaction management and the EU GDPR standard for data protection in Europe. There should be plenty of jobs in document automation for people who know these standards. Real pros also know the difference between Representational State Transfer (REST) and Simple Object Access Protocol (SOAP) in an API's JSON response.

People here think they can accelerate your employer's digital adoption. Forrester's white papers will tell you to get buy-in at all levels for change management. I would tell Forrester that they had better not use any of my writing without attribution. Anyone who has more patience than typical Forrester readers can study the SPeRS standards. Prevailing wisdom holds that automated document processing adds value in mergers, because absorbing new business units is easier if forms and checklists are shared digitally.

The future of banking and wealth management is digital. Robo-advisors are coming to steal the jobs of Wall Street's cubicle dwellers and document automation will make the AI systems' data verification easier. I believe fintech's niche is data aggregation from financial service providers. Banks and brokerages say they are willing to "partner" with fintech providers but not necessarily acquire them. Fintech solutions give banks off-shelf added value they can't quickly build in-house. Even real estate is getting into document automation, although the sector's natural conservatism towards newfangled things is a barrier to adoption. Oh yeah, I had to tell the presiding wealth management experts here about how their sector has told me many times that my US military background is a disadvantage in wealth management. One executive advised me to move to Texas where that wouldn't be a problem. I don't think she's heard about how Texans dislike California transplants. Liars make me mad. Here's the truth: Maximizing a firm's Net Promoter Score (NPS) and minimizing "not in good order" (NIGO) data are popular approaches to assessing whether document automation enhances the customer experience.

The closing keynote revealed the litany of tools programmers need to succeed: DocuSign (of course), Python, Django, and Node.js. I was thrilled that a fellow military veteran led one of the winning hackathon teams. The free food at Momentum and its afterparty were good reasons to attend. The free insights into how companies like DocuSign are automating corporate back office processes are good reasons to come back next year.

Wednesday, May 31, 2017

Alfidi Capital at LAUNCH Festival 2017

The legendary LAUNCH people held their LAUNCH Festival 2017 at the Palace of Fine Arts in San Francisco. I never pass up a chance to attend a major conference in my town. I attended to check out the latest and greatest tech aspirations. I spent roughly equal amounts of time at the Scale Stage, where scaling and growth hints were hidden inside pitches, and the Main Stage, where startups competed for venture investors' accolades. My adoring readers get to absorb the tons of free wisdom I collected. I emphasize "free" because I was too cheap to pay for a VIP ticket.

Alfidi Capital sees the main stage at LAUNCH Festival 2017.

I have probably seen the Internet slang "TL;DR" before but seeing it at LAUNCH Festival made me want to look it up to refresh my memory. It means "too long, didn't read," alluding to people's short attention spans and their disinterest in reading lots of text. I don't write for those people so they can go away. One tech speaker advised entrepreneurs to buy ads outside their competitors' locations, presumably because their customers will see it and switch to the new product. I guess that works if your competition has brick and mortar stores you can locate. Another guy said that financial partners dislike P2P payment systems due to connotations of illicit activity, but I think that's an illusory pain point that Google Wallet solves.

Here with go again with the KPIs, people. Your KPIs must measure how app engagement leads to conversion; any iterative changes in UX or shopping cart stages to checkout must be justified by conversion improvement and revenue growth.

The pitches that resonated with me were often from people who could cite examples of their GitHub work. GitHub code samples are an emerging example of the future of employment verification and job qualification. IMHO LinkedIn (now a Microsoft property) must catch up by featuring work samples more prominently.

Red Bull was popular at LAUNCH Festival 2017.

I keep hearing way too much about how job candidates and acqui-hires can write their own tickets in negotiations. That might work if you're a legendary coder with an arm's length list of hackathon victories or grey hat penetration tests. I would like to find a respected book or white paper on compensation negotiation that's data-driven and peer-reviewed, not just some business press baloney.

It's interesting how tech subculture recognizes laziness among DevOps engineers as a desirable work trait. The preference acknowledges that techies with a strong interest in gaming and social media will solve business tech problems quickly and effectively, so they have more time to goof off. I would like to see this dynamic in action at a real startup workplace.

Nir Eyal caught my attention at LAUNCH Festival when he discussed lessons from his book Hooked. The hook/trigger, action/reward cycles drive emotional investments people make in their preferred services. Mr. Eyal noted that these habit-forming steps are at the core of business processes that Facebook, YouTube, and Google used to rapidly scale up from startup to huge successes. I believe startup founders can use his behavioral lessons in conjunction with their CustDev case studies to design addictive solutions.

It's never to early to think about exits, according to the gurus on hand. It's no secret that M+A strategies still favor acquisitions over IPOs for venture-backed startups. I always thought it was because the public disclosures and roadshows for IPOs require more involved work than the private market due diligence a buyer performs in an acquisition. One of the LAUNCH speakers opined that startups should think about which phase of their growth qualifies them to be in an acquiring corporation's due diligence pipeline. I thought the speaker was too limiting in stating that a Series B raise with a mature partner ecosystem was the sweet spot. The speaker also thought that a founder's yearlong relationship with the prospective acquirer's CEO builds trust leading to an acquisition. I guess that favors Stanford and Berkeley grads in the Bay Area, since those are the feeder schools for Silicon Valley's hottest startups and the venture firms backing them. I totally grok the admonition to keep startup board members in the lop on exit discussions and finding an acquirer with a matching business development strategy.

I am really convinced that corporate development people are just dumb trend followers after hearing about how "hot product" market validation often triggers a wave of interest in similar rapid acquisitions. It also implies that the work they do may be little more than supporting their CEO's confirmation bias if said CEO already has a favorite founder relationship in mind. I could point these CEOs to academic studies that most M+A deals fail to add value, but that would just upset them if they have their hearts set on deals with college pals running hot startups.

I paid close attention to the Investor Outlook speakers, because I'm an investor and someday I'm going to buy and sell everyone's sorry behinds like they're a bag of cheap candy. Here comes a blast of random commentary. Venture capitalists with operating experience have insights into product rollouts and recruiting scale-ups that matter to early stage growth startups. It occurred to me that I've never seen an ugly-looking VC firm partner; they all seem remarkably handsome. I shake my head hearing VCs wanting to pivot to AR/VR and agtech if they only have software experience; they don't know these verticals! Agriculture scaling is not the same as enterprise software scaling. The latest blockchain baloney is "ICO tokens" for crowdfunding, yet another misapplication of open-source transaction ledgers as nonviable currency. It's good that VCs are more interested in helping startups solve growth problems than in just doing financial engineering. It was interesting to hear one VC liking podcast monetization; IMHO voice and audio content like podcasts and audiobooks are an underutilized stream. The underutilization may be due to the difficulty of searching audio online. Audio needs better search, analytics, meta-tagging, and delivery platforms. I say the podcast revenue model could resemble freemium app revenue, with ads embedded somehow (perhaps with a visual tag on the audio console, similar to YouTube channel ads). Let's get back to the handsome VCs for a moment. They seem to like wearing expensive designer clothes with a casual chic, showing of wealth while implying they can be as informal as startup founders.

The LAUNCH Festival was the perfect opportunity for startups to show their wares at tables, booths, and pitch stages. I picked up literature from people pushing forestry drones and DIY hedge funds. The whole mash-up demonstrated why I have t live in this town and nowhere else. The next bonanza was somewhere on the expo floor. All the festival needed was some gourmet food trucks on site so the lunch lines would not have been so long. I'll be looking for those trucks at next year's LAUNCH Festival.

Sunday, April 30, 2017

More Haiku of Finance for 04/30/17

Bring on the Bluetooth
Future mesh for device spreads
Adding tiny costs

Alfidi Capital Attends Bluetooth World 2017

I have always been curious about this Bluetooth stuff, so I had to check out Bluetooth World 2017 down in Silicon Valley. I did not actually see anyone with blue-colored teeth at the conference but maybe I just didn't look closely enough into people's mouths. There's more to Bluetooth tech than just drinking blueberry juice.

Alfidi Capital got a free pass to Bluetooth World 2017.

Some Cisco guy supposedly predicted that the IoT market would be worth over $14.4T by 2023. It's one of those phantom quotes that gets thrown around at these types of conferences. The Bluetooth Low Energy (LE) aficionados here were all about grabbing that big IoT market. There's no free lunch with this tech, meaning there's a tradeoff between longer range and higher bandwidth forcing developers to choose between optimizing for either speed or power.

The "mesh networking" protocol enthusiasts here think it's some revolutionary leap for power optimization over many IoT devices without recourse to gateways or routers. We hear about revolutionary leaps all the time in this valley. IMHO developers for Bluetooth and others techs are way too enamored with smartphone I.D. authentication. Techies never want to admit that bad people can steal or hack phones. Once again, everyone's pitching convenience over security! The immaturity in this valley is mind-boggling.

Bluetooth dominates the wireless audio market and it will probably rule the beacon market in retail store promotion. Online shopping is decimating retail, so beacons have a closing window of opportunity. The next recession will see this window slam shut, and I predict only a few surviving upscale retailers will truly leverage store beacons.

The big push for Bluetooth Mesh as an IoT architecture is doomed to fail if it relies on end users to implement security. It is also unclear how Bluetooth IoT devices and apps will generate revenue. Bluetooth SIG whitepapers should spell out the Cloudonomics metrics that will guide investment. Beacon data generating contextual information about customers will have commercial value once it is aggregated in clouds.

Let me continue on this money metrics theme. Energy use and data processing throughput are measurable costs for IoT devices. Any value Bluetooth adds must exceed the energy and data costs per device. It's also worth asking whether Bluetooth promoters intend the tech to be a completely open source system like ARM, Arduino, and Raspberry Pi. The choice to keep it moving in that direction will affect how developers build apps.

Bluetooth IoT devices will generate enormous volumes of data and metadata, requiring a greater role for machine learning in analytics. Developers should define where machine learning belongs in the data flow from device to cloud. I suspect only a minuscule amount of AI can reside at gateways due to power and processing limits, especially as Bluetooth Mesh pushes these support functions beyond gateways. Developers should focus their AI efforts on the cloud, where power and processing are theoretically unlimited.

It is unbelievable that some people at Bluetooth world think that blockchain will add value to Bluetooth in IoT. The vast amounts of data flows I mentioned above will quickly overwhelm a blockchain ledger. Imagine the constant forking and multiple layers of ledgers to track the new forks. Just say yes to machine learning and no to blockchain.

I foresee a market opportunity for startups based on scraping, collating, and cleansing data from Bluetooth Mesh networks. Venture investors should ask how these startups translate data from Bluetooth and other tech systems into a single format, as long as Bluetooth has competition. Startup IoT devices are amenable to crowdfunding if they have some consumer hook, like a cute beacon base station that invites in-store selfies. I am certain we will hear a lot more about AI and IoT convergence as startups figure out the combo is a hook to get VC funding.

I keep seeing startups jump on the wearable tech bandwagon and Bluetooth World 2017 had its share of starry-eyed wearable devotees. There is very little chance the wearable train will ever leave the station, folks. Wearables will always be way too expensive for most consumers. Battery life is a major limiting factor. Embedded sensors and processors make the products so fragile that they will need delicate care and frequent replacement. The connectivity path loss by distance from embedded devices to sensors is a challenge for devices hanging on a human body. These things will never be a mass-market product, and any personal data aggregated from wearables would likely pose HIPAA violations if released without a user's permission. Security matters "over the air" for wearables.

I asked one tech expert here about how we can design physical plant for maximum flexibility with future digital architectures. The guy said bandwidth is the bottom line, with physical structures built for the maximum possible access points and transmission capacity. There you go, Bluetooth fans, just develop your devices to fit in every building's joints, corners, and shafts.

Anyone who wants a head start on the next big thing should start adding Bluetooth knowledge to their skill set. The IoT frontier is like a gold rush and vacant land rush combined. Proliferating Bluetooth tech that identifies devices should make QR codes obsolete. Startups building solutions that can flex between Bluetooth and other techs will own the IoT future. You heard it here first from Alfidi Capital, thanks to Bluetooth World 2017.

The Haiku of Finance for 04/30/17

Search engine ad reach
Optimize with special tags
Remarket funnel

Alfidi Capital Attends SMX West 2017

I am a known regular at every major digital marketing event in the San Francisco Bay Area, including Search Marketing Expo 2017 down in San Jose. I attended this year's SMX West Conference to hear what Microsoft Bing and Google had to say about their search capabilities, but there were other goodies on hand.

Alfidi Capital displays Expo badge at SMX West 2017.

My free Expo badge got me into the main events from the major sponsors, plus all the free candy I could grab during booth pitches. The badge selfie notes the Landy Awards from Search Engine Land  which I was not invited to attend. Someday, these folks will have me hosting their award ceremonies. Mark my words, because my badge selfies are prophetic. The only other photo I took was of some wild equation someone displayed on a pitch slide illustrating online ad spending; it did not come out nearly as well as my badge selfie.

The keynote address pitching Google Assistant was the latest roadshow chapter in Google's plan to take over the world, one household at a time. Google Assistant integrates with Google Home and probably enables other parts of the IoT ecosystem, like Nest. Before you know it, your thermostat will be searching Google for neighborhood microclimate forecasts. I suppose Google's in-home devices and apps will interface with Google's APIs by passing basic data on identity, payments, and geolocations back and forth. Doing this with users' permission requires users to become a lot more cognizant of security. The UI is always the weakest point in security chains. Good luck, Google; you're better off pitching automated security and letting the smartest users post helpful bug fixes online. Actions on Google gives developers hints on how to build for Google Assistant.

The Bing people talked up their ad programs' quality score metrics. I prefer that they raise the quality of their search algorithm if they ever hope to have a shot at taking market share from Google Search. I did like their tip on landing page optimization, where the "root word" of a word with many synonyms avoids a search engine penalty for keyword stuffing.

One big benefit for yours truly was to hear SEO legend Bruce Clay speak at SMX West. The guy has been doing search marketing since the earliest days of the discipline. The FTC has plenty of guidelines impacting search marketing, and everyone advertising in the search sector must comply. I did a Google Search of some combos of "FTC PPC SEO" to see the latest developments. Mr. Clay mentioned WebPagetest as one way to identify fixes that will raise a page's search rank, in addition to Google's long-standing webmaster guidelines. I asked Mr. Clay about how emerging industry guidelines on making Web pages accessible to people with disabilities will affect SEO. He generously answered that ADA Rule 508 (supported by treaty in many countries) enables audible readers for alt-tags of images, and a company can incur huge fines if a US federal government employee uses a website that's not ADA compliant. Lawyers are lining up behind the 21st Century Communications and Video Accessibility Act (CVAA) to pursue liabilities for websites whose images do not have matching alt-tags. The FCC is tracking CVAA regulation updates. Thanks again for the heads-up, Mr. Clay, because Web entrepreneurs like me need to stay out of trouble. Mr. Clay's tips were endless, telling us to mitigate referer spam and UTM injection, and cautioning against malware installation into plug-ins that cause negative SEO results.

The Google free talks were the day after the Bing talks. I scored multiple handfuls of free snacks from both sponsors, in addition to some cool marketing insights. There's tons of online commentary for Return on Ad Spend (ROAS) as an ad performance metric, including calculation methods. Marketers should use ROAS together with CVR, CPA, and CPC in a dashboard format, with conversions traced as "attributions" to each spending metric. I used to hear a lot about remarketing to prospects who fell out of a marketing funnel, and now it's accepted as a given with "dynamic remarketing" as a variant. The ultimate purpose of using data-driven ad buys is to raise CVR while lowering CPA, and the Google people made it clear that this is their ad platform's approach. I don't use Google Merchant Center, because I don't sell any products or run ads, but it's the future for online retailers of any size.

I picked up quite a few other specialized tips from the Expo that probably aren't applicable to my general readership, but they are definitely of interest to me. I have realized lately that sharing too much about my business strategy can be counterproductive. I took a bit longer writing this article about the Expo because I wanted to ensure I had time to update my own SEO techniques. SMX West 2017 was a winner for Alfidi Capital.

Friday, March 31, 2017

The Haiku of Finance for 03/31/17

Start some cyber tech
Find cyber channel partner
Cyber-lock it up

Mobile Monday's Cybersecurity for RSAC 2017

I have been poring over my notes from several recent business events I have attended, and I would be remiss if I did not share some key lessons from a Mobile Monday event that coincided with last month's RSA Conference 2017. I take my time to get this stuff right. The MoMo Silicon Valley team convened a cybersecurity panel on February 13, and I had to be there after being too busy too attend their sessions in 2016.

Alfidi Capital always notices Mobile Monday's cybersecurity events.

Cybersecurity startups are going to be a hot new investing trend for Silicon Valley venture capital. I now come away from these cybersecurity events convinced that startups with the strongest tech often have people with US military or intelligence community backgrounds. Those career fields are inundated with cyber practices that have life-or-death outcomes, so the challenge of running a cyber startup should be a piece of cake for those veterans.

It's great that the federal government sees the leverage it can apply in Silicon Valley's growing cybersecurity. Your tax dollars are hard at work in the DHS Silicon Valley Innovation Program, a companion of the Homeland Security Innovation Programs (HSIP). The assessed TAM for cybersecurity is over half a trillion dollars according to DHS, so expect a flood of VC investment into the types of portfolio companies that get some US government seed capital. Some VCs are of course stage agnostic investors, but they recognize that different stage companies have different needs. I despair to think that heavy late-stage funding still convinces some startups that they "need" gourmet catered lunches and expansive campuses.

The VCs on the MoMo panel liked retail and financial service verticals as target markets for cybersecurity startups, but I wonder which end of the enterprise is the best focus. I have long believed that apps are much more vulnerable to security breaches than enterprise infrastructure. Millions of people can download an app and ignore its security protocols, but an enterprise's internal geometry may have only a few thousand entry points to monitor (depending on employee headcount, server connections, etc.).

Rest assured that the US government is hard at work creating cybersecurity standards. The NSA's Simon (for hardware) and Speck (for software) ciphers level the playing field for new cyber entrants. I expect to see them mentioned in GitHub documentation for new IoT security apps. I also expect the smartest startups to identify leading managed security service providers (MSSPs) as targets to become their CustDev cases and early channel partners. A few Google searches reveal widely available lists of MSSPs.

There must be a market opportunity for a knowledge management (KM) cybersecurity dashboard that integrates different security tools and prioritizes a CISO's monitoring efforts. The difference between this type of enterprise solution and your PC's anti-virus solution is its integration of the cyber dashboards in use at all levels of the enterprise. The CISO should be able to monitor every business unit's IT tools and use gamification to encourage compliance. I look forward to finding a startup that can solve a CISO's monitoring pain points.

If anyone can figure out how to make cyber ideas work, it's the US government veterans I mentioned above who depart public service for the wilds of tech startup life. They should know what right looks like even if they got frustrated from working with things that obviously went wrong in the government. I hinted in my article on RSAC 2017 that I did not want to tip my hand about leveraging openly available public resources to launch tech startups. I know what I'm doing here, and I know how to get the right people involved. Keep watching the genius of Alfidi Capital for next-generation cybersecurity amazement.

Tuesday, February 28, 2017

Saturday, February 25, 2017

Alfidi Capital at RSA Conference 2017

I made my first-ever visit to the RSA Conference in 2017  because I really needed to catch up on the tech sector this year. The visual displays on the Moscone Center expo floor were phenomenal, as you can see in my standard badge selfie below. I was all set for some awesome cybersecurity action. I scored a free Expo Pass from a generous sponsor because I am still way too cheap to pay for anything. I still score massive wins after all these years tracking business.

Alfidi Capital witnesses the mighty RSA expo in 2017.

I sat in the front row for the first panel session and a local venture capitalist recognized me right away. I had not seen him for at least a year, so I obviously made some impression on him back then with my commentary. Anyway, the VCs held forth on the economics of countering hacking and the kinds of expertise they want to see in a cybersecurity startup before investing. It should come as no surprise that CISOs own a corporation's cybersecurity budget, so a security startup should focus their customer development on CISOs and nowhere else. The panelists with CISO backgrounds noted that they have longstanding trust relationships with sales reps who have hopped around different companies. Relationships matter even in tech, so startups should hire experienced sales people with huge contact lists if they want to win revenue. Startups will be disappointed to know that security solutions don't always scale well, so presumably large corporate customers have internal barriers that inhibit integration with other enterprise systems. Maybe automation can solve scalability, or maybe automation is another buzzword that VCs can chase for a year.

Executives addressed foundational controls.

The RSAC Innovation Sandbox was a hoot. RSAC users threw a bunch of words into a word cloud and the biggest ones were "data, cloud, risk, threat" in bold letters. If I had my own personal word cloud following me around, it would show words like "genius, brilliant, awesome" in big letters. One investor noted that total dollar-volume funding for cybersecurity startups was down in 2016 but later-stage funding was still keeping valuations high. The situation totally reminded me of the VCs' push for a cloud / mobile / Big Data confluence a couple of years ago because their portfolio companies in each specific sector were failing. Startups chasing those dollars now should know that innovation must address speed, because hackers' OODA loops operate faster than security professionals can respond. Get used to hearing phrases like "cognitive load" in startup pitch decks, because VCs want to fund solutions that add value through automation that reduces an IT team's cognitive load in managing cybersecurity functions. I think a startup that can demonstrate how the OWASP Benchmark Project validates its automated security solutions will have a big advantage in attracting venture funding. Any solution that can address processing encrypted data, particularly with cutting edge tech like homomorphic encryption, will garner a similar advantage.

People also implement foundational controls.

The Governor of Virginia came to tell us all about how cybersecure things are over in his state. He kept telling variations of a funny story about dolphins in his state's waters and how much Virginians loved them. I hope those dolphins are qualified cybersecurity professionals. I agree with the Governor's sentiment that state-sponsored education should offer more tech and less baloney, although he didn't use the word "baloney." That's one of my favorite words. Anyone who thinks there's no baloney in tech has never sat through a startup pitch fest. I did a Google search for the US's national STEM education standards and found the US Department of Education's K-12 standards page, so the STEM stuff may be in there somewhere. The NSF's STEM Education Data has gotten a lot more user-friendly since the last time I checked out its Science and Engineering Indicators report. The NEA surprised me with some useful STEM links; it's nice to see a union do something useful. Remember, folks, that arts education puts the STEAM into STEM.

Intelligence on threats must drive security decisions.

I was thrilled to listen to a security panel featuring cybersecurity legend Bruce Schneier. I have read his regular Crypto-Gram newsletter for years and he always has a fresh take on the biggest security trends. The panel addressed the emerging challenge of monitoring, maintaining, and certifying IoT products. It sounds to me like there are plenty of niches for security startups to make their cases. Industry will always sacrifice security for performance, so expect government regulation to drive security standards. Mr. Schneier mentioned how regulation has both fixed costs and marginal costs for solutions, and he somehow connected it to European Union regulations that will raise the marginal costs of producing IoT devices. It sounded like justification for US device manufacturers to on-shore more IoT device production here at home. I can see the walled gardens going up already in IoT thanks to security concerns. Here comes my awesome Alfidi Capital genius, folks. Secure models must connect trusted "walled gardens" (i.e., families of products from Google, Apple, and other big providers) to home IoT hubs (i.e., the coming smart home systems) that are certified under federated standards (i.e., cloud stack, network connectivity, and hardware all certified under some family of government-approved standards bodies). You heard it here first. Oh yeah, one more thing . . educating consumers on security never works! People ignore privacy settings and safety procedures, so regulation will have to build fail-safe protocols that make it difficult for non-expert users to leave themselves exposed.

Get used to hearing about securing ICS.

The RSA people livened up their conference by having actors and poets come out to introduce major themes. Hollywood actor John Lithgow gave an opening-day monologue with audience members raising their glowing wristbands. It worked as a performance art piece but I did not get a wristband. That's what happens when you only get an Expo Pass. A poet named Rives introduced a couple of cute musings on how ideas can represent data connections. I won't spoil his performance for you, so just go look up his TED talks.

Scripting in software is not like the movies.

I never miss a chance to hear Dr. Eric Schmidt from Google (aka Alphabet, its new corporate name) hold forth on tech stuff. His talk at RSAC mentioned Google's TensorFlow open-source AI library. Those Google folks are just non-stop innovators; it must be all the coffee they drink. Dr. Schmidt said he uses game theory to make strategic business decisions, especially when deciding to deploy tech that keeps Google at the center of a new ecosystem. It's no wonder why Google is so dominant if that's really how they think. Every company should be lucky enough to have geniuses running the show.

FireEye came out to the expo.

I acquired some good background information from the NIST Cybersecurity Framework presentation. It is destined to be the beta version of the federated standards system I mentioned above. Cybersecurity professionals need to know about the Center for Internet Security's critical security controls, the Center for Responsible Enterprise and Trade compliance standards, the CForum's development of the NIST framework, and the National Cybersecurity Center of Excellence's implementation of the framework. The framework's sponsors were fond of the Checklist Manifesto methodology, so there's a cue for startups that want to execute solutions in this space. Note that the Industrial Internet Consortium has its own security framework.

The final speaker that mattered to me was the phenomenal, incomparable, mind-blowing Dr. Neil deGrasse Tyson. Okay, I'll admit I attended other speakers but this guy was the real deal when it comes to pure, unadulterated genius. His genius probably ranks right up there with my own. I can't do justice to his blend of science wisdom, performance art, and comedic monologue with my meager words. Check out YouTube for tons of examples of his knowledge. It's all in the delivery. Dr. Tyson connected Albert Einstein's theories to lasers and gravitational waves during his RSAC talk. Previous eras had Dr. Einstein, and we are lucky to have Dr. Tyson among us today. His explanations of complex ideas make him a living national treasure. He should run NASA.

Read my blog article closely enough and you'll see how I spotlight hints for startups. I picked up a ton of printed information from expo floor presenters on technology implementation that I am not going to share in public. My intent is to attract entrepreneurs to some cool ideas and advise them on execution. I am not about to tip my hand in public lest potential competitors get a clue. Suffice it to say that anyone can track publicly available information on tech development, but only a genius such as yours truly can fit it all into a coherent business plan. Every conference I attend is by definition a massive winner, simply because I am there. Thank you RSA for enabling me to score in 2017.

Monday, January 30, 2017

Thursday, December 08, 2016