Alfidi Capital at RSA Conference 2017

I made my first-ever visit to the RSA Conference in 2017  because I really needed to catch up on the tech sector this year. The visual displays on the Moscone Center expo floor were phenomenal, as you can see in my standard badge selfie below. I was all set for some awesome cybersecurity action. I scored a free Expo Pass from a generous sponsor because I am still way too cheap to pay for anything. I still score massive wins after all these years tracking business.

Alfidi Capital witnesses the mighty RSA expo in 2017.

I sat in the front row for the first panel session and a local venture capitalist recognized me right away. I had not seen him for at least a year, so I obviously made some impression on him back then with my commentary. Anyway, the VCs held forth on the economics of countering hacking and the kinds of expertise they want to see in a cybersecurity startup before investing. It should come as no surprise that CISOs own a corporation's cybersecurity budget, so a security startup should focus their customer development on CISOs and nowhere else. The panelists with CISO backgrounds noted that they have longstanding trust relationships with sales reps who have hopped around different companies. Relationships matter even in tech, so startups should hire experienced sales people with huge contact lists if they want to win revenue. Startups will be disappointed to know that security solutions don't always scale well, so presumably large corporate customers have internal barriers that inhibit integration with other enterprise systems. Maybe automation can solve scalability, or maybe automation is another buzzword that VCs can chase for a year.

Executives addressed foundational controls.

The RSAC Innovation Sandbox was a hoot. RSAC users threw a bunch of words into a word cloud and the biggest ones were "data, cloud, risk, threat" in bold letters. If I had my own personal word cloud following me around, it would show words like "genius, brilliant, awesome" in big letters. One investor noted that total dollar-volume funding for cybersecurity startups was down in 2016 but later-stage funding was still keeping valuations high. The situation totally reminded me of the VCs' push for a cloud / mobile / Big Data confluence a couple of years ago because their portfolio companies in each specific sector were failing. Startups chasing those dollars now should know that innovation must address speed, because hackers' OODA loops operate faster than security professionals can respond. Get used to hearing phrases like "cognitive load" in startup pitch decks, because VCs want to fund solutions that add value through automation that reduces an IT team's cognitive load in managing cybersecurity functions. I think a startup that can demonstrate how the OWASP Benchmark Project validates its automated security solutions will have a big advantage in attracting venture funding. Any solution that can address processing encrypted data, particularly with cutting edge tech like homomorphic encryption, will garner a similar advantage.

People also implement foundational controls.

The Governor of Virginia came to tell us all about how cybersecure things are over in his state. He kept telling variations of a funny story about dolphins in his state's waters and how much Virginians loved them. I hope those dolphins are qualified cybersecurity professionals. I agree with the Governor's sentiment that state-sponsored education should offer more tech and less baloney, although he didn't use the word "baloney." That's one of my favorite words. Anyone who thinks there's no baloney in tech has never sat through a startup pitch fest. I did a Google search for the US's national STEM education standards and found the US Department of Education's K-12 standards page, so the STEM stuff may be in there somewhere. The NSF's STEM Education Data has gotten a lot more user-friendly since the last time I checked out its Science and Engineering Indicators report. The NEA surprised me with some useful STEM links; it's nice to see a union do something useful. Remember, folks, that arts education puts the STEAM into STEM.

Intelligence on threats must drive security decisions.

I was thrilled to listen to a security panel featuring cybersecurity legend Bruce Schneier. I have read his regular Crypto-Gram newsletter for years and he always has a fresh take on the biggest security trends. The panel addressed the emerging challenge of monitoring, maintaining, and certifying IoT products. It sounds to me like there are plenty of niches for security startups to make their cases. Industry will always sacrifice security for performance, so expect government regulation to drive security standards. Mr. Schneier mentioned how regulation has both fixed costs and marginal costs for solutions, and he somehow connected it to European Union regulations that will raise the marginal costs of producing IoT devices. It sounded like justification for US device manufacturers to on-shore more IoT device production here at home. I can see the walled gardens going up already in IoT thanks to security concerns. Here comes my awesome Alfidi Capital genius, folks. Secure models must connect trusted "walled gardens" (i.e., families of products from Google, Apple, and other big providers) to home IoT hubs (i.e., the coming smart home systems) that are certified under federated standards (i.e., cloud stack, network connectivity, and hardware all certified under some family of government-approved standards bodies). You heard it here first. Oh yeah, one more thing . . educating consumers on security never works! People ignore privacy settings and safety procedures, so regulation will have to build fail-safe protocols that make it difficult for non-expert users to leave themselves exposed.

Get used to hearing about securing ICS.

The RSA people livened up their conference by having actors and poets come out to introduce major themes. Hollywood actor John Lithgow gave an opening-day monologue with audience members raising their glowing wristbands. It worked as a performance art piece but I did not get a wristband. That's what happens when you only get an Expo Pass. A poet named Rives introduced a couple of cute musings on how ideas can represent data connections. I won't spoil his performance for you, so just go look up his TED talks.

Scripting in software is not like the movies.

I never miss a chance to hear Dr. Eric Schmidt from Google (aka Alphabet, its new corporate name) hold forth on tech stuff. His talk at RSAC mentioned Google's TensorFlow open-source AI library. Those Google folks are just non-stop innovators; it must be all the coffee they drink. Dr. Schmidt said he uses game theory to make strategic business decisions, especially when deciding to deploy tech that keeps Google at the center of a new ecosystem. It's no wonder why Google is so dominant if that's really how they think. Every company should be lucky enough to have geniuses running the show.

FireEye came out to the expo.

I acquired some good background information from the NIST Cybersecurity Framework presentation. It is destined to be the beta version of the federated standards system I mentioned above. Cybersecurity professionals need to know about the Center for Internet Security's critical security controls, the Center for Responsible Enterprise and Trade compliance standards, the CForum's development of the NIST framework, and the National Cybersecurity Center of Excellence's implementation of the framework. The framework's sponsors were fond of the Checklist Manifesto methodology, so there's a cue for startups that want to execute solutions in this space. Note that the Industrial Internet Consortium has its own security framework.

The final speaker that mattered to me was the phenomenal, incomparable, mind-blowing Dr. Neil deGrasse Tyson. Okay, I'll admit I attended other speakers but this guy was the real deal when it comes to pure, unadulterated genius. His genius probably ranks right up there with my own. I can't do justice to his blend of science wisdom, performance art, and comedic monologue with my meager words. Check out YouTube for tons of examples of his knowledge. It's all in the delivery. Dr. Tyson connected Albert Einstein's theories to lasers and gravitational waves during his RSAC talk. Previous eras had Dr. Einstein, and we are lucky to have Dr. Tyson among us today. His explanations of complex ideas make him a living national treasure. He should run NASA.

Read my blog article closely enough and you'll see how I spotlight hints for startups. I picked up a ton of printed information from expo floor presenters on technology implementation that I am not going to share in public. My intent is to attract entrepreneurs to some cool ideas and advise them on execution. I am not about to tip my hand in public lest potential competitors get a clue. Suffice it to say that anyone can track publicly available information on tech development, but only a genius such as yours truly can fit it all into a coherent business plan. Every conference I attend is by definition a massive winner, simply because I am there. Thank you RSA for enabling me to score in 2017.

Alfidi Capital Visits Oracle OpenWorld 2015

I had enough white space on my calendar this autumn to accommodate the other big San Francisco tech conference besides Dreamforce. That would of course be Oracle OpenWorld 2015. I love these big brand-driven showcases for the latest enterprise computing things. I also attended parts of Oracle's JavaOne 2015 even though I have no clue how the programming language works. All I know is that installing Java updates on my computer used to require changes to my browser's advanced options TLS and SSL checkboxes just to keep pop-up reminders away. I think the Java people finally fixed that bug.

A whole week of tech keynotes includes free food and booze. I scored access to multiple receptions during the week. I listened dutifully to product pitches while enjoying snacks and libations. The food was always excellent. I had more meatballs and sauteed shrimp than a mere mortal could handle. I did not leave one Oracle reception until I tried all three varieties of boutique whiskey on hand. Mission accomplished. My buzz wore off every night. It was nice to score free granola bars and banana bread during the day thanks to my high-powered tech connections. One vendor was very generous with pastries and smoothies. I learned a new cloud computing term: "Happiness as a Service" (HaaS). I think it means the consultants smile and say nice things while they migrate on-prem apps to the cloud.

Oracle's Java mascot "Duke" awaits the JavaOne opening keynote. I high-fived it as I entered the keynote hall. Duke has way more personality than some people I used to serve with in the US military. I spent some quality time at his namesake "Duke's Cafe" blocking Taylor Street during Oracle OpenWorld. I scored so much free coffee there that I may as well run on Java myself. I was tempted to find out what happens when tea mixes with beer. I did not have as much time as I did last year to probe vendor pain points on the OpenWorld trade show floor. One vendor gave me a mimosa but did not scan my badge. That scores a booth marketing fail.

Arriving early to the JavaOne opening act means sitting in front of giant screens like the one above. I have never done drugs in my life. When I see these wild animations at major corporate tech conferences, I think, "Oh, that must be what drugs are like." I get high on life, people. I must say, this corporate keynote canned warm-up music is really dreamy. One of my Spotify playlists is devoted to ambient music. I could spice that playlist up with this upbeat corporate conference house music.

The first JavaOne keynote covered orientation to their mini-conference, along with what sounded like product announcements. I don't see what's so earth-shattering about announcing that versions of Java now run end-to-end on Intel and other platforms. Java has always worked pretty well on all of the Intel and AMD desktop PCs I've used, so mobile use is the only real hurdle remaining. I missed the whole Geek Bar, Maker Zone, and on-site immersive experience celebrating 20 years of Java. That's what happens when an on-demand genius like me gets over-scheduled.

Oracle does listen to its developers' pain points when updating Java releases. Maybe that's how they solved the pop-up thing I noted above. I could have used a good definition of generic programming while the Java experts were discussing their innovations on stage. I did comprehend their explanation of how data laid out across different caches takes longer to process because electrons must travel farther. Their solution was to increase the number of instructions per clock cycle so data speed would increase. I could not understand why one Java presenter stood silently while two Java-enabled toy cars' onboard sensors sent cloud alerts to a display table. I know it was recorded, but he could have at least talked us through what was happening instead of waiting until the pretty graphs and tables came up at after the simulated data load. Sheesh, even engineers can learn to make running commentary.

The fun part was Scott McNealy's surprise video appearance wearing a classic Sun Microsystems sports jacket. In case you're too young to remember, Sun created Java when Mr. McNealy was its boss, and then Oracle bought Sun and everything. He did a top-ten list of inside jokes that only Java developers could truly appreciate. The video gave me flashbacks to the mid-1990s with magazine covers talking about how great the Internet was going to be. It turned out great, all right.

Java engineers celebrate the 20th anniversary of their programming language. I was tempted to take a selfie with the cake but I did not want to miss the next keynote. The OpenWorld opening keynote was the next thing in the Moscone North hall after the Java engineers cleared off the stage. I wanted to make time for their Modern Finance Experience sessions but I didn't think my lowly Discover pass would get me access. Hey there Oracle, I had a full-access analyst pass to Dreamforce 2015, so next year you folks need to upgrade my status. I'm a bona fide thought leader around this neighborhood. The discussion of data center optimization made me wonder whether Intel and Oracle consider data center HVAC and facilities management as pain points their solutions can mitigate. Run the Cloudonomics numbers, folks.

Speaking of cloud economics, the brief mention of cloud KPIs like variance/swing, workload, IOPS, and latency deserve more explanation for the non-engineers at OpenWorld. The CIO people throwing those terms around at their CFOs and COOs need to show that they've actually calculated the economics on how more IT spend will improve those metrics. Every CFO needs to ask for the CIO's data proving their proposed innovation has the promised higher IOPS and lower latency.

Oracle allowed Intel to introduce their "Trusted Analytics Platform" during the opening keynote. The platform enables domain experts and data scientists to run analytics during real-time data collection. Bay Area startups have been claiming they can do this for years. Some critical mass of acqui-hires and internal development now allow the big ERP providers to dominate this action. It is the natural end result of all of the knowledge management (KM) and business rule management system (BRMS) trends I have tracked for several years.

Larry Ellison came out for his portion of the OpenWorld initial keynote. His biggest disclosure was about how Oracle gradually discovered it must operate in all three cloud layers in response to competitors' moves. I inferred that Oracle has not driven the cloud sector's innovation. They are reactive rather than proactive, and it explains their acquisition strategy since buying Sun. I do not recall hearing Larry mention Workday as a major cloud competitor at last year's OpenWorld, so mentioning them here was news.

Security is very much on Larry's radar. The new Oracle stuff about automated backup and restoration with no human intervention is an omen for the end of human system administrators. Even engineers will now face a jobless future as the cloud sector matures. Larry moved Oracle to open standards so enterprise cloud accounts will be more portable between providers. He also thinks the full transition from on-prem to cloud will be sufficiently long to require a decade or two of continued on-prem support. Predictions of long transitions remind me of the migration from 1970s mainframes to 1900s client-server architectures. The client-server paradigm reigned supreme throughout the dot-com boom-bust cycle until the cloud was ready to replace it.

I liked Larry's improvisation without his glasses. "I don't have glasses . . . I can still do this" was his mantra when he ran his live tutorial of Oracle Learning modules showing employees how to pitch Oracle cloud products. I noticed one of the Oracle executives sprint past my near-front seat to go backstage; I wondered if she was going to fetch Larry's glasses. I couldn't LOL because that would be classic teamwork and loyalty. I would have done that for any boss, but my bosses never appreciated me with huge compensation packages like the ones Larry gives his people.

Tuesday's keynote was Oracle co-CEO Mark Hurd's chance to offer his predictions about the cloud sector. I gleaned his live insights into CEO thinking. He argued that CEOs care first and foremost about current period performance, i.e. survival. Growth, agility, and new markets are all secondary because CEOs don't have the luxury of long-term thinking if they don't meet short-term earnings expectations. He confirmed an assumption I have long held about how enterprises cut IT spending when their revenue growth stalls. Get ready for lean times in the next recession, people, and I've been harping on that note for a while. I was intrigued to hear the guy claim that the demographic shift to a gig economy will stress IT for rapid workforce development tools. I take that as another hint that Larry's demo of Oracle Learning is the next big thing. I agree with his prediction of an oligopoly coming to cloud, and you can recall my predictions from OpenWorld 2014 about how the sector's leaders would fare. The tech big shots from GE and AIG also came out to share how impressed they were with their own cloud stuff. Good for them.

The combined forces of Wipro and the Golden State Warriors in another keynote were instructive. Wipro thinks digital tech can reduce fulfillment cycles to two weeks, down from the current 8-12 weeks of design, production, and distribution in retail supply chains. I think there are implications for IT spending priorities if legacy records must migrate to the cloud before customer engagement systems migrate.

It was really awkward to switch narratives between the Oracle guy and the Warriors dude when they were on stage. They didn't even address the same subjects. The Warriors' building project and brand management are not the same thing as Oracle's cloud service scalability. I would have got their  points if they had stuck to leadership in renewing corporate culture, but the juxtaposition of the moderator's questions made no sense. The whole point was to enhance Oracle's brand by association with the Warriors. The experience of watching a Warriors game is not completely scalable with tech. The TV or mobile audience can only remotely experience the two dimensional visuals of the game.

I liked the coffee bean bag props thrown on stage during the video vignettes about how some IT bit player could use Oracle's open-source solutions. I could have used come coffee at that moment. My big takeaway from the coffee escapade was how containerized databases enable linking data to apps with no coding. Non-developers can thus create new business functions in sales, discounts, incentives, and loyalty programs without learning to code. I like how spreadsheet uploads mean mobile users can do analytics and visualizations without access to data warehouse. Darn it, these mobile sales people now have all kinds of on-demand OJT modules for prospecting and closing that I never had when I was in sales. I hope all of these Oracle things work as advertised.

Getting an early seat in Larry Ellison's keynote on Tuesday had its perks, like the seat photo I snapped above. The legendary founder had to wait for the warm-up acts from Infosys and GE. Infosys wanted everything automated because it reduces full-time employee headcount. Now I'm getting a clear impression that all tech CEOs want a jobless future for the rest of us. Here comes the bad news. Everyone who does not attend these tech conferences is doomed to be either a ward of the state or a peasant on some CEO's plantation. Now for the good news. I promise to be a benevolent plutocrat to my subjects, because I'm a really nice guy. The GE person said ERP must move faster, but I wasn't sure whether he meant with faster data processing or faster ERP deployment. I had no chance to ask him for clarification because I was sitting in the audience among thousands of Larry Ellison fans.

The long-awaited Larry Ellison keynote on "Innovations in Security and IaaS" was one for the ages. Larry's tour de force through modern enterprise security placed every recent mass data breach into one context. The singular point of failure in ERP security to date has been software vulnerability. Hard-coding security protocols into silicon hardware may solve this problem. Larry announced an always-on memory intrusion detection system into Oracle's hardware, claiming they are the first software company to encode security into a microprocessor. Their "Silicon Secured Memory" uses color matching to compute a number key that locks memory.

Larry also noted that any cloud service provider DBA who can read client data represents a massive security vulnerability. He emphasized Oracle's storage of encryption keys on-prem for clients, and I got the impression that he prefers clients storing their keys on-prem instead of in the cloud. Larry also announced other initiatives like the "Private Cloud Machine" that replicates an Oracle cloud's performance for on-prem clients who just aren't ready to migrate due to regulatory requirements or geo-specific preferences. The guy covered all the right bases. His presentation style is different from Marc Benioff's persona at Dreamforce. Personal characterization is great as long as the software works.

The Oracle CX afterparty at Moscone West was memorable. I had to try this "Blue Lagoon" cocktail with Curacao, one of my favorite liqueurs. A neon dance troop (pictured above) materialized out of nowhere and jammed to the Party Rock Anthem. All we needed were some glow-sticks and it would have been a rave party. This is normal for a San Francisco tech conference afterparty. My contacts told me another party had dancing electric violin players, but I missed that to hear a former US Navy SEAL discuss leadership lessons. Long live Oracle OpenWorld.

I attended the final JavaOne keynote only partly for the free lunch. I really wanted to see how engineers have fun. IBM people kicked it off with an obvious pitch for IBM Bluemix as a PaaS solution for cloud apps touching multiple APIs. The dudes from Big Blue hit the right note by toasting Java's 20th anniversary with mini whiskey bottles at the podium. That is just totally awesome. I might have become a software programmer if I had role models like that as a kid. Containers, business logic, the API economy, and microservices mean so much more if you can drink whiskey on the job.

Oracle's Java engineers have a house band called the Null Pointers. They entertained us prior to the JavaOne keynote. I think the extra percussionist in back should have done a cowbell solo. The real "JavaOne Community Keynote" was one big interactive party with free beer, cute sketches, and Duke the Java mascot. The kickoff video featured a geeky coder powering up on cans of "Java" to impress his attractive female boss. The level-up cues from video games would impress the male geeks in the audience. I don't think the video was sexist, but tech parodies ought to feature women as something other than foils for a male-driven plot if the tech sector is serious about encouraging women to have careers.

The skits were low drama that only an engineer could love. They had a UK-style red phone booth on stage (pictured above) but pretended it was the TARDIS from Doctor Who with the soundtrack, time tunnel, theme music, and everything. Dude, every true nerd knows the TARDIS is a UK blue police box. Only Bill and Ted's Excellent Adventure used a phone booth as a time machine. I didn't mind the mixed metaphors because these folks were on a budget. Duke was the central plot element in the skit series. The engineers were concerned when they saw him destroying San Francisco in 2035, so they time-traveled to various points in Java's developmental history to figure out how to stop him. The Paris programmers waved French baguettes and made inside jokes about development projects. The Brazil people used a "Future Communicator" to predict how Java would change. The outer space skit has a cute "soh-crates" mention of the Socrates character from Bill and Ted, which no one in the audience under 30 had probably ever seen. James Gosling, the father of Java, helped the skit engineers launch T-shirts into the audience. The JavaOne 2015 app revealed a secret code that enabled kid programmers to tear off Duke's angry mouth and save San Francisco from destruction. Wow, I have no idea why I noted all of these details except for the sake of posterity. If I had been an engineer instead of a finance person, I could have invented something that would have put me on stage. I did score a bite of some Java 20-year anniversary cake they had on stage, so I got my taste of nerd excellence for the week.

I did catch a few minutes of some workshops in the Modern Finance Experience after all. The door sentries generously let me in, so I guess they instantly recognized the pure genius of Alfidi Capital. I was shocked to discover that some SMBs still track financial reporting from geographically separate branches on linked spreadsheets instead of using cloud ERP. What is with those people? This isn't the 1980s. It's amazing that small-time CFOs and COOs now discover that automating some FP+A tasks reduces forecasting errors and saves time. That must have been how cave dwellers felt when they discovered fire. No kidding. The partner network people from larger firms talked about how Millennial generation employees expect tons of incentives even for marginal performance, because all of them got participation trophies growing up. I don't think those incentives will last long if the big-shot CEOs get the jobless future they expect. Millennials can expect zero self-esteem support when they're shoveling dirt on some plutocrat's ranch.

Oracle OpenWorld 2015 brought me more glimpses of the future. I didn't even need Duke's Java-powered time traveling phone booth to see the future, even though it was a nice touch. Here comes the standard Alfidi Capital mental jet-blast, so strap yourselves in for my genius. The future is a cloud full of encrypted silicon tended by a dwindling number of STEM graduates who slowly work themselves into obsolescence over the next decade or two. The early DBA and sysadmin dropouts still have a window of opportunity to create cloud service startups the bigger firms will acquire as they build their oligopolies. The final STEM survivors will be godlike analytics and domain experts keeping cloud systems running with AIs. The rest of the tech workforce in between these two forces will see their wages and career prospects gradually slide into nothing as everything they do is automated away. I will invest my capital accordingly so my perspectives survive indefinitely. Future tech conferences like Oracle OpenWorld are my path to salvation.

Peeking Inside BoxWorks 2015 For Cloud Wisdom

I had to peek inside BoxWorks 2015 in San Francisco this week for more than my share of free food and drinks. Box continues to shake up the enterprise file management product universe. People are groping beyond the clunky offerings in typical word processing and spreadsheet action. Box is here to migrate those legacy cubicle habits to the cloud, where Dilbert and crew can collaborate online while the pointy-haired boss watches.

The Developer pass is a legacy of my attendance last year when they announced a blanket special deal for prospective attendees. I still think Box should give me an Analyst pass instead because I don't code for a living. I have to convince these people that I know how to write. There was a lot of space available in Moscone North between the small number of large partners who ponied up for booths.

Aaron Levie, CEO and Cofounder of Box, was kind enough to pose for a photo with me. He is the star of this show. Someday I will learn to take a proper selfie by looking at the tiny camera lens instead of the shutter button. The company's C-suite honchos were really keen to wander the trade show floor and meet the little folks like me.

Tim Cook took an hour out of his busy schedule running Apple to chat with Aaron in the first keynote. A show of hands in the audience revealed huge iOS use. I was impressed. Cutting-edge techies still love Apple. Tim acknowledged Apple's early buildouts of enterprise software features and looked forward to something beyond today's early stage of enterprise mobility. If mobile is really forcing radical rethinking, maybe Apple could go ahead with the launch of self-driving cars that so many people in Silicon Valley are wishing for the company. Aaron didn't ask Tim about potential Apple cars so we all still have to wonder. The audience laughed when Tim implied iOS was a better product than Android. You just have to love spontaneity in techies. Writing iOS apps requires Mac hardware, so app adoption drives Apple device sales. That's a nice touch. I hope analysts pick up on that synergy instead of wishing for Apple automobiles.

I like the quiet genius Tim exhibits. His stage presence is reserved but he clearly commands respect without being emotionally expansive like Marc Benioff. Tim smiled when Aaron suggested Apple price all of its hardware upgrades into subscription services. The audience gave me the impression they would welcome such a move. Here's validation for a contention I've heard among some Valley people that subscription services will drive future recurring revenue models. Tim threw a few bones to the do-gooders in the tech community by mentioning Apple's work for society's betterment. Being on the right side of environmentally benign energy and human equality matters to the talent pool circulating through the Bay Area's biggest companies.

The big Box product update keynote was all about cheerleading. Every company needs to hear its top people evangelizing the public about their great products. Uncle Sam will thank Aaron for mentioning FedRAMP compliance. The product demos showing Box integration with Microsoft Office were cool. Microsoft is obviously repositioning Office as SaaS. No one can stay out of the cloud any longer. Push a button on the menu bar and your Excel spreadsheet becomes part of a shareable workflow in Box.

I really liked the VC panel's perspectives on innovation. I always follow the money. Whenever I wonder why VC firms never hired me, I remind myself that my military background must have made them think I was illiterate or homeless. Venture partners love their work. I would love it if they would pay me to do something. One panelist had a lot to say about an alleged gap between public and private market valuations for companies. He thought the public market is more efficient at price discovery and offered employees more liquidity options, while the private market only allows a "marginal buyer" (I assume the next round's venture investor) to determine exit valuations. I agree with the panel that leading private companies are probably overvalued, and their lesser-known competitors are undervalued. No one mentioned unicorns but I think that's what they meant.

I'm just going to keep on rolling with the VCs' lessons because they were all pretty sharp. My recollection of the overcapitalization discussion is that startups who raise too much money can raise employees' expectations too early. Early hopes get dashed before the startup's financial success can justify high compensation. I also think early employees in VC-backed companies get spoiled by gourmet food and game rooms thanks to overcapitalization. Finding huge scalable solutions is still a hard part of a VC's job. I hate to think these VCs make it harder on themselves by giving too much money to startups that have yet to scale.

It's cool that these VCs still think their job includes helping startups recruit employees, making introductions to customers, and being a CEO's sounding board. That's what I would do if I ran a venture fund. I have done similar things free of charge for startups I mentor, and it has never benefited my career or wallet. I guess having a VC pedigree really matters when it's time for venture advice to pay off. I knew what the VCs meant when they discussed portfolio construction in a high-risk macro environment. Everyone sitting on serious money is wondering how hard and fast the next recession will hit after years of Federal Reserve monetary stimulus. Any VC with a portfolio exposed to social media or cloud storage is going to get smacked in a downturn. Recessions always hit advertising budgets and IT capex budgets hard, so there will be lots of pain in social media and cloud storage. I still hold to my conspiracy theory that VCs force their losing portfolio companies to pivot to other parts of the cloud sector they think they understand. I have held this theory at least since GMIC's 2014 conference. Ironically, GMIC was holding its annual conference at the same time as BoxWorks. I had to align my week carefully, and BoxWorks won over GMIC because I knew I'd get free food.

The security panel was a blast. Aaron Levie convened several CISOs to give the subject a level of attention it has long deserved. State-trained security specialists can moonlight as freelance hackers for hire. The CISOs know their threats better than app developers. I have long marveled at app developers' preference for performance over security. Developers need to pick up the new buzz terms for behavioral detection, high-risk workflows, and single sign-on the CISOs shared on the panel.

Each cloud stack layer presents different security challenges. The CISOs noted that API activity generates data for behavioral analysis. The good news is that containerizing data can block some attacks. The bad news is that large-scale data migration opens attack vulnerabilities. One panelist had an awesome quote: "Move from a governance and audit model to a risk-based model" for security, once you assess critical assets first. I am totally with the panelists on the importance of partnering with law enforcement. Enterprises should collect the forensic data on attacks, but leave prosecution and retaliation to the US government.

I need to share some more of my own thinking after the security panel. Here's your access to my genius. I would like to see a UN convention on data privacy standards that would force governments to acknowledge cyber security norms. The nations that don't sign up become obvious rogues. Tolerance for data piracy in violation of international agreements will drive foreign direct investment away from those renegade nations. I noticed that none of the panelists discussed formal risk assessment guidelines. I have long believed that enterprise risk managers should build 2x2 matrices for the probability and severity of attacks. CISOs should build such a matrix for each layer of the cloud stack and plot incidents in the matrix that could impact their most critical assets. Assigning a dollar value to each incident's damage will drive priorities for security budgeting. The matrix will be different for every firm and even every industry, because enterprises have different cyber exposures based on their data use and network geometry. I've got this all figured out. I would make a great CISO but I'm really busy being a CEO here.

I was on the fence about going to the conference's after-party at the Bill Graham Civic Auditorium. I made the right call by attending. Indeed, free food and booze was there after all. These analyst gigs are great. OneRepublic rocked the hall with hits that we all remember from the past couple of years. I chowed down on hot dogs, corn dogs, and a salty pretzel that absorbed my booze. The pinot noir was really nice.

The DJ took over after OneRepublic signed off for the night. The photo above is what a hip-hop / house dance party looks like, for the benefit of those of you who do not attend top-notch corporate events in San Francisco. Software developers were going nuts on the dance floor. The small number of very athletic people on the dance floor competed with a large number of uncoordinated people. I made my way to the bar without getting kicked in the face. One gal convinced me to join her on the dance floor but I did not have the coordination to do much besides wander around. Lots of otherwise introverted people were bumping and grinding towards the end of the night. I am neither a bumper nor a grinder.

BoxWorks is living up to the reputation and expectations of one of its investors, namely Salesforce. Cloud computing cultivates a hip culture to attract young programmers. The flower of youth is the right demographic for all-night coding marathons. We interrupt this coding marathon for a flash mob dance party with booze in the middle of the week. Even dedicated nerds need an intermittent reward pattern. I am one nerd who needs to be at conferences like BoxWorks.

Dreamforce 2015, Day 4: Oceans, Mindfulness, And Wrapping Up

The final Dreamforce 2015 day felt like attendance was dropping off. Maybe people were hungover from the previous night's Dreamfest bash. All of that booze had to go somewhere and it sure didn't go into my mouth. I had three major events on my Friday agenda, besides scoring more free food, and I hit them all.

The ocean innovation panel was totally worth my time. Microplastic concentrations are increasing everywhere and disturbing the ocean's food supply chain. I have been waiting for the "marine industrial revolution" ever since I first noticed a couple of ocean floor mining stocks at the San Francisco Hard Assets Conference a decade ago. Those stocks have always traded in the pennies, and other attempts at ocean mining of manganese nodules, rare earth elements, and other minerals have all fizzled due to prohibitive costs and logistics. The innovators on this Dreamforce stage are mostly focused on gathering data about how human activity impacts the oceans. Crowdsourced Big Data will help us stop fishing piracy and preserve the export income of fishing-dependent emerging economies. I see an IoT theme in the plan for satellites and sensors that can estimate ecosystem size and wildlife migration patterns.

I tried to think of ways our ocean innovators could monetize their concepts. I have thus far come up empty. Financial incentives for recycling the floating plastic collecting in ocean gyres would have to include something analogous to carbon credit markets for air pollution. The last big tech idea to solve oceanic problems was to drop iron filings into the deep blue sea to help plankton stimulate the food chain. The science on iron fertilization is incomplete, so science needs the Big Data on ocean conditions pronto.

The Friday marathon themed keynote is usually the least data-driven part of Dreamforce. It's still entertaining but most attendees are too tired by this day to do the heavy lifting of more cloud computing. This year's theme for the fun lectures was "mindfulness," a topic suited to the amorphous spirituality of many San Francisco Bay Area people. Scraping away the pop-culture veneer leaves a core of knowledge comparable to ancient mystery schools. The subject is probably a fruitful training resource for military leaders and intelligence professionals who must think clearly under stress. Now you see my interest in the topic given my background. Namaste, and all that.

The most useful mindfulness speaker was Chade-Meng Tan, Google's Jolly Good Fellow and one of its earliest employees. He developed a mindfulness approach through his Search Inside Yourself Leadership Institute that is part of Google's emotional intelligence curriculum. Engineers approach undefined problems armed with data and principles from modern neuroscience. The data augments the traditional practices of spiritual masters who needed several generations of trial and error to produce personal enlightenment in students. I totally agree with Meng that remaining calm under stress is a leadership skill. I experienced a Zen moment when he described the "Big Sky Mind" concept, so do your Google search of that term and understand that we are not our emotions. Meng found that the best performing leaders score high in affection, and he confirmed this with US military special operators and combat pilots. That's all the confirmation I need.

Padmasree Warrior and Larry Brilliant are probably living national treasures. I will not attempt to restate their wisdom on my humble blog. Their influential writings are within everyone's reach thanks to Google. Highly evolved human masters can speak for themselves. Tara Brach and Jack Kornfield gave us some practical tips on staying calm while solving problems. I like the concept of imagining an enlightened master entering one's body to help accomplish a goal. I would probably imagine a historical figure or modern luminary who actually built something real. Marc Benioff's acolytes in Salesforce would probably imagine him as the Buddha embodiment entering their personas. If it works, use it.

Goldie Hawn was the final mindfulness speaker, pictured above. She was the least professionally qualified person to be on stage for this topic, but she was here because she has been on stage all her life. She shared personal stories of her overly sensitive childhood and anxiety attacks as a rising Hollywood starlet. It was embarrassing to hear her wax ecstatic for the 1970s transcendental meditation movement. She claims we create our reality . . . well, that kind of "woo" sells a lot of books. It worked for Shirley MacLaine when she was pitching New Age stuff in the 1980s.

I really hope Goldie's video from Dreamforce gets a public release. Unserious people should not run large projects. Her educational foundation is a nice hobby for a Hollywood star, nothing more. The lady is not a neuroscientist, psychologist, or even a peer-reviewed philosopher. It's okay for mindfulness programs to employ celebrities as spokespeople because they are great at staying in character. They're just not so great at running programs outside their natural expertise. Goldie briefly lapsed into ditzy blonde mode towards the end of her talk when she tried to explain the brain's amygdala. Goldie has stayed in character her entire career. The funny babe she played on Rowan and Martin's Laugh-In is not just a character, because that's the real Goldie. I prefer to remember her that way instead of thinking about all of the people at Dreamforce who somehow gave her a standing ovation. I also prefer to remember her work in There's a Girl in My Soup, especially the scene where she gets out of bed wearing nothing. I would really like to remember her work in Wildcats, especially the scene where she's in the bathtub showing everything. Goldie still looks great in her older years, but she's not my type. I really am trying to show women more respect here, people. I respect Goldie for what she does best.

Meng Tan joined the other mindfulness speakers on stage and left us with awesome advice: "Be excellent to each other." I had my own mindful quote in my head: "And . . . party on, dudes." Those two lines complete the wisdom of Bill and Ted's Excellent Adventure. The mindfulness marathon was some kind of adventure.

I went over to Moscone West for the final session with Marc Benioff and Parker Harris. I scored a prime seat for the next surprising spectacle, pictured above. Two big guys came out to sing Hawaiian-style songs, although I think the guitarist said he was from New Zealand. Anyway, these guys' warm-up act pumped the crowd with high-energy rhythms. Analysts and VIPs were in a conga line around the stage. A couple of very attractive babes were shaking it right in front of me. I totally respect their enthusiasm.

Marc and Parker answered a handful of tech-related questions about Salesforce products. Marc went gangsta for some sartorial reason but they did not have any epic rap battle. I bet George Zimmer could have set these guys up with some tuxedos from Generation Tux if they needed more style. Anyway, the absolute best moment came when one practitioner criticized immature language in some of Salesforce's marketing as insufficiently respectful of its audience's expertise. She thought that power users deserved more advanced, mature treatment. I was very impressed with the caring way that Marc probed the questioner for one specific improvement suggestion, and she offered it to the audience's applause. Wow. Marc then shared an internal employee consensus that developed on how marketing should address a prospect's CRM/cloud decision maker with a budget. Wow. I had just witnessed a major CEO spend more than 15 minutes in live, extemporaneous problem solving. I can get jaded sometimes, but now I really need to put aside my skepticism. Marc Benioff is the real deal. If he is the same in private as he is in public, then I will be doubly impressed.

Marc and Parker also had some advice for aspiring entrepreneurs. Here it is, paraphrased but unfiltered. Think more about solving problems and finding great people than building tech. Stay focused, work hard, build a great company. Get the timing right. Be happy; get away from unhappy situations (like when Marc was at Oracle). Take customer feedback seriously and adjust the product. Re-ask yourself the hardest questions in a continual process.

I don't think I can add any more to that pile of knowledge. My own knowledge base is now somewhat deeper thanks to Dreamforce 2015. I still plan to hold my own super tech fest someday. I'll invite Marc and crew to be VIP guests.

Front Row At AlwaysOn Silicon Valley Innovation Summit 2015

I spent some very valuable time this month attending the AlwaysOn Silicon Valley Innovation Summit (SVIS) 2015 down at the Computer History Museum.  I attended in 2014 for the first time and that's how I got hooked on the AlwaysOn events.  Tony Perkins always rallies a start-studded lineup for these confabs.  I sat front and center for every session.  The stream of consciousness narrative I generate below should capture the event's zeitgeist.

George Gilder displayed his flair for original thinking.  I heard him talk at the MoneyShow San Francisco 2014 and he retains his conviction that gold and bitcoin are future stores of value.  I disagree with him on the usefulness of Bitcoin.  Tech enthusiasts like Gilder love Bitcoin as a currency due to its supposed time-based scarcity.  If something must be scarce to be valuable, the ability to fork a digital coin into another variant (Litecoin, Dogecoin) dilutes its value.  Real currency is recognized as legal tender; forking introduces confusion as to which coin can be recognized in a transaction.  I also don't buy his contention that gold and bitcoin are somehow independent from economic reality.  Those things are very much part of the economy as long as jewelry demand drives the gold price and the demand for stronger blockchain ledgers in transactions drives Bitcoin's development.

I have been a big fan of programmatic RTB advertising placement since I first heard of it in 2013.  RTB requires massively parallel bids that make ad buys more efficient.  The auction method that optimizes a price across several channels can probably apply to other sectors besides online marketing.  Calling Wall Street . . . programmatic bids for securities across several exchanges can eliminate the ability of high-frequency traders to front-run other institutional investors.

The debate between advertising tech and marketing tech will never end.  IMHO marketing tech offers more opportunity than ad tech as Big Data and AI make automated DRM tools more attractive.  Tech advances bring a lower CPC for ad buyers, enabling a wider audience reach and lower CAC.  Standardization will happen as ad networks consolidate.  Only the biggest players have the market power to demand adherence to standards, as Google achieved with AdSense.  The pain point for "fraudulent ad buys" reminds me of payments fraud in finance and it is probably amenable to the same types of fraud detection solutions.  There's a pivot opportunity for fin-tech startups there if they understand ad tech.

It's nice to see enterprise software successfully disrupt the HR function.  Salesforce and other big players will want to buy that stuff someday.  The supply chain is next on the list for innovation.  I have nothing against in-memory computing if it can extend the life of Moore's Law.  Quantum computing already has that law in its sights, so in-memory players may not have five years to mature and cash out.

Big Data and business intelligence (BI) are supposed to work together.  Analysts develop hypotheses from their own experiences, and Big Data is supposed to expand those potential hypotheses beyond analysts' familiar heuristics.  Virtualizing BI empowers non-scientists to run analytics.  Curious types can read the stuff I've been writing about knowledge management and decision rules for several years.

One of the best quotes I heard at SVIS was that "linear solutions don't solve exponential problems."  I'll use that line the next time someone asks me why another European bailout program won't solve Greece's problems.  The human brain is wired for comfort and familiarity; it recognizes unsound patterns.  Automation and Big Data generate statistically sound patterns that will present robust visualizations.

I liked a couple of cool audio / video tools on display.  One automated video editing tool will reduce user friction in content creation.  A smart hearing aid had controls on a smartphone and plays music.  It reminded me of how Adm. James Stockdale turned off his hearing aid during the televised vice presidential candidate debate in the 1992 elections.  The admiral could have saved himself some embarrassment if he had worn this hearing aid.

Lou Kerner mentioned how Roy Amara's Law describes tech investment bubbles.  He concluded his talk by arguing that private market valuations are stretched (echoing VCs' public comments since 2014 about bubble conditions)  but markets are not close to the dot-com era's levels.  He also thinks tech within public markets appears fairly valued, but public markets look overvalued.  I disagree with his use of the NASDAQ's five-year CAGR to show we're not in any tech bubble.  Five years isn't long enough to reach back to the post-dot-com crash bear market, and it still exceeds the NASDAQ's long term average CAGR.  I also think his example of non-VC deal participants ramping dramatically contradicts his data showing VC investing as a percent of GDP not yet reaching 2000's bubble level.  I do like his awesome quote, "Beware of confusing donkeys in party hats with unicorns," originally from Bryce Roberts of OATV.  Good one there.

I loved it when a former management consultant said "people, process, and tech" with no context.  People throw that phrase around a lot in knowledge management with "tools" sometimes replacing "tech."  We'll hear it a lot more in on-demand markets as the demand for micro-task fulfillment continues to disintermediate people from the work they perform.  Laws and regulations are not catching up to the on-demand labor market that TaskRabbit and others fulfill.  Other online markets are making offline experiences in travel, taxis, and real estate more valuable.  It won't make participants smarter if they don't understand market basics.  Investors making "sight unseen" big purchases like real estate can waste money even faster with tech.

Video service entrepreneurs believe content will prompt transactions.  It sounds like a stretch and reminds me of the "push media" fad predating smartphones.  Television ads already have professionally produced content and YouTube enables amateurs to make mashups.  User-generated content now has more distribution options than ever.  I can foresee the existing user-friendly video channels inserting transaction prompts into videos.  The implied corporate development goal will be to acquire startups whose algorithms will recognize user actions as purchase triggers.

Let me revisit the blockchain one more time.  Open source developers need to think hard about how to make a distributed transaction ledger that no one can falsify.  Claims that blockchains are immutable ring hollow.  Ask any merchant who has been the victim of a fraudulent Bitcoin transaction.  If a blockchain is immutable, it cannot reverse a fraudulent transaction.  A falsified blockchain is useless as an auditing record.

I was very impressed with PageCloud's demonstration.  The ease of editing a live website will be a boon to small and medium-sized businesses.  It looked way easier than the tools I've used with other web hosts.  I especially liked how easy it is for a merchant using PageCloud to adjust portal prices.  That feature will come in handy during a hyperinflationary period when shops must update their prices daily.

Women have proven they bring advantages to Silicon Valley.  Marissa Mayer and Sheryl Sandberg know what they're doing.  I would like to believe the conventional wisdom that women project empathy when pitching a believable narrative, but the female supervisors I've had in my career who told me baldfaced lies always left a bad taste in my mouth.  One of the SVIS panelists mentioned a McKinsey study on the elements of female leadership.  A Web search for that report brought up tons of McKinsey work on the subject.  I would like more experts to mention the supplier diversity programs at big companies so that women-owned small businesses are aware of that path to subcontracts.  Closing the knowledge gap in SMB contracting will help women.

The VC outlook for the coming year is usually the highlight of these types of conferences for me.  I try to think like a VC, partly because I always wanted to know why they wouldn't hire me in the early 2000s when I was looking for work.  "Unicorn" is rapidly becoming one of the most overused words in Silicon Valley, just like "disrupt" and "curation."  I just LOL at the late-stage non-VC investors chasing unicorns with very unique preference structures.  Expect plenty of post-IPO writedowns.  I heard one VC endorse wild spending on customer acquisition while cheap capital is widely available.  The VCs who acted that way in the dot-com bubble aren't around for the rebound these days.  The excuse is that free spending is okay if the LTV/CAC comparison makes sense.  My critique of that is a too-generous LTV assumption will tempt inefficient startups to spend like drunken sailors on unattainable metrics.  One laugh line quote from a VC is worth repeating:  "You can walk down the street, shake a tree, and two angel investors will fall out" because risk capital is so easy to get.  I'll try that the next time I'm on Sand Hill Road.  Someone else discovered that a group of unicorns is called a "blessing." The blessing of Uber, Lyft, Airbnb, and others will make a handful of founders rich.

AlwaysOn's latest list of hot private companies shows them staying private longer.  The late-stage capital injections are a big factor in long incubations.  Founders now have every incentive to hold out for larger pre-IPO valuations.  This year's big winner was Docker, a sort of "hamburger helper" for app developers that pivoted during its Series A raise.  Docker's CEO says we should play the hand we're dealt, and I agree.

Analytics for sales data is mostly "undefended territory" because it doesn't integrate with internal knowledge management systems.  No one in Silicon Valley ever discusses KM but I believe that's the ultimate determinant of how analytics delivers value from enterprise systems.

I would like cloud experts to announce which part of their stack is the most expensive to deliver.  The up-front cost of any open source solution is lower than a proprietary solution because customers aren't paying a premium to develop a proprietary code base.  I initially thought vendor lock-in is more likely in the hardware (IaaS) part of the cloud stack.  Now I think SaaS lock-in may be more costly; imagine the difficulty of switching from Oracle to Salesforce.  Consider how Amazon Web Services' price cuts and competition from other data centers makes IaaS a commodity, competing only on price.

Knowing your average revenue per user (ARPU) is a start to building credibility in a startup pitch.  Losing credibility happens when founders don't describe their target market or team background.  They also lose when they assume customers will pay a premium for a commodified service.  They gain credibility when they compare their total cost of ownership (TCO) to their competition, describe entry barriers that will protect their market position, understand their sales cycle, and hack their pedigree for endorsements and tech validations.

I have very little insight into the vice economy.  The Rosewood Hotel on Sand Hill Road is the local epicenter for VC vices.  Knowing that will come in handy at some point.  Apps offer instant gratification and gaming is the only vice that can be done 100% online.  The eventual legalization of online gambling may displace video gaming.  Addictions are more powerful if they generate real financial rewards.

The unicorn roundtable was the single best panel of SVIS.  Truly brilliant people were on hand.  The rise of secondary market liquidity is changing the exit options available to early investors.  I agree with Tony Perkins that companies will find staying private very attractive.  One panelist said that a large stock market decline means mutual funds and hedge funds will be forced to meet redemptions, and will no longer have the late-stage capital for startups.  Another expert said each megatrend has a value pyramid, and each level of the pyramid from base manufacturing to top content adds value.  New tech can invert those pyramids.  Startups must anticipate changes when those value-added activities will shift the pyramid in verticals they understand.  Folks, this was brilliance I never learned in my MBA program.  I attend AlwaysOn events for just this stuff.

Everyone is looking past mobile, just like a previous panel when someone said 5G tech will turn all mobile phone companies into short-sell stocks.  I have not heard anyone say "data sector" or "data supply chain" at recent Silicon Valley events.  I have blogged about those concepts and that's why I have a data-related speaking engagement coming up in September 2015.  It's also why some tech media people have been following my Twitter feed.  AlwaysOn might as well follow me too.  I learn enough from their events to build my own thought leadership.

The Haiku of Finance for 05/23/15

Cost of cyber choice
Impacts enterprise budget
Pay to defeat hack

CIOarena IT Security Inspiration 2015

I secured a last-minute invitation to CIOarena's San Francisco conference last week.  I had to skip the last day of Apps World North America but that turned out to be the right call.  The CIO types held forth on security policies that enterprises must address.  I did not see any signs worth photographing nest to my handwritten name badge, so forget that Alfidi Capital tradition this time.  Just imagine the InterContinental Mark Hopkins San Francisco in all its glory.  My thoughts below reflect what I learned from the speakers.

I get my normal fill of updates on advanced persistent threats (APTs) through military-related news.  The private sector tracks the same open sources.  IT gatekeepers should think hard about what they reveal on LinkedIn to avoid becoming social engineering targets.  The APT attack process is sufficiently well-defined that proactive IT people can monitor data exfiltration and shut down exposed portals that display abnormal usage spikes.  Machine learning means automated IT security audits should develop predictive abilities after some critical mass of iterations.

I love the term "managed services."  It ranks right up there with "paradigm shift" and "game changer" for scoring points in after-work drinking games.  Outsourcing routine IT ops means inexperienced contract managers can hand managed services over to high-cost outsiders.  Watch out when senior managers start using the term in strategic planning when they need to cut headcount.  Enterprises seem to have challenges maintaining a robust configuration management database (CMDB).  I don't see how any outsourcing makes that challenge easier to handle.

I noticed that no one at the Apps World talks I attended mentioned any preference for HTML 5 or Javascript.  They may be keeping some tactics close to the vest.  I did not discern a clear preference at CIOarena either.  The choice of one over the other is probably clearer after a Cloudonomics analysis.  Listen up, IT people.  Cloudonomics is to IT/cloud/mobile what modern portfolio theory is to finance.  It is the defining framework for making asset allocation decisions.  Cloud and mobile pros must prove they can do the math before settling on a favorite tech.  CIOs can earn credibility with CFOs by being more agnostic toward programming choices.

I have no elegant solution to identity management problems.  Managing identities with MS SharePoint was simple enough when I was a knowledge management officer several years ago.  I can only suggest a way forward.  Building a 2x2 matrix to optimize identity management for each business unit would be a start, with number of identities on one axis and number of devices on the other axis.  The SBUs in the quadrant with the most of each get the closest scrutiny.  I also have no elegant solution for data lifecycle management.  Industry standards for data lifecycles and analytics frameworks are widely available.  Lifecycles will compress as speed becomes the critical factor in processing huge Big Data volumes.  High performance computing (HPC) will be a growth industry, given the need for speed in more organizations handling Big Data.

CIOarena met its stated goal of furthering my educational needs.  I can't speak for the other attendees, who did not appear to be taking notes.  I'm usually the only person who takes notes at these things.  I have no idea why other humans have so little interest in documenting what they know for further reference.  Maybe some top corporate people think they can blow through their careers without ever applying what they are supposed to learn.  That is not my style.

Alfidi Capital at BoxDev 2015

I've followed Box periodically since I attended their first-ever developers' conference last year.  I had to check what has changed since then at BoxDev 2015.  Check out my awesome badge photo below, and my even more awesome commentary farther down.  I had a front row seat for almost all of the major talks.

I need to make something really clear right off the bat.  The app Box published specifically for this conference was absolutely atrocious.  The different theme tracks were laid out horizontally for swiping, but the talks that were specific to each track were not lined up chronologically in the vertical view.  I stuck with the Innovate track full of CEOs and other big shots.  The fireside chat with Marc Benioff, for example, was listed way down the page after the closing happy hour.  What's up with that?  A lot of the Innovate talks also lacked detailed descriptions of the participants.  I deleted this app immediately after the conference, but I would have been better off if I had never downloaded it in the first place because it was so useless.

Box executives announced a lot of new products, which I don't use because my enterprise document management needs are very small.  The biggest news from CEO Aaron Levie was their IPO earlier this year (ticker BOX at Yahoo Finance).  A quick look at the stock's progression shows why it got so little attention at BoxDev.  The stock debuted at $22.60 in January and closed at $18.29 on April 22, the day of BoxDev.  It's dropping because Box is still losing money with EPS at -$11.48/share.  This company has been around for a decade and still can't find a profitable niche despite its flashy conferences.  If you leave a cake in an oven for that long, it will probably turn into something resembling a small meteorite.  Do not ever try that yourself.  It's just a thought experiment.

The Innovate talks themselves were much more useful than the app.  Eric Schmidt from Google came out to praise Box for their work with Google Docs.  The latest canard among Silicon Valley tech giants is that their higher standards for encryption are frustrating the US intelligence community's surveillance efforts.  Yeah, right, whatever; the public is really gullible.  Dr. Schmidt is still fond of small businesses as job creators, which is great for those small businesses Google acquires.  I liked his phrasing of IoT as "Instrumentation of Everything."  His insight that small and medium-sized businesses represent and underserved market for affordable enterprise solutions is useful for startup founders trying to enter an established market.  I was privileged to witness firsthand the value of an experienced tech hand mentoring a young striver.  Aaron Levie joked about selling Box software to North Korea, and Dr. Schmidt pulled him back by remarking that most trade with North Korea is illegal due to US government sanctions.  Dr. Schmidt may have learned his own lesson when he visited North Korea in January 2013.  Entrepreneurs should all seek out such a seasoned mentor.

Box set out a pretty ambitious goal of bringing enterprise-level security to apps.  Great for them if they succeed.  One of their developer people praised some app that allows cats to take selfies.  DevOps people may have too much time on their hands.  I was impressed at Box's claim to have a full-time compliance team building compliance guidelines for health care, finance, and other verticals.  I am not that easily impressed, so I may be slowing down as I get older.  It's cool that two prominent VC firms are committing serious money to companies built on the Box platform.  I'll tell my fellow veteran tech entrepreneurs to go chase it.

Marc Benioff came out to share some bromance moments with Aaron Levie.  These dudes kept poking each other on stage.  I was surprised at Marc's admission that he had only recently started meeting CEOs when touring Salesforce's customers in major cities.  I thought a guy like him would go straight to the CEO every time, but he prefers to meet line of business leaders and CIOs.  Marc laid out his three dimensions of great companies:  align with the next tech (cloud, mobile, metadata); shift from subscription revenue to a deferred revenue model; adopt a philanthropic model like Salesforce's 1/1/1 idea.  Box has made its own philanthropic effort a more prominent part of its public story.

I admire Marc's boldness for wanting to build a corporate culture of philanthropy.  All I can say about the corporate do-gooder philosophy is that it should reflect bottom-line business strength.  Salesforce and Box have both had trouble earning profits over the years.  A company can't do any good if it's broke.  I did not know that Salesforce had invested in Box.  That makes this younger company part of Marc's ecosystem.  Marc is big on ecosystem thinking; he discussed how electing a US president brings that person's entire "ecosystem" of supporters into office.

I always pay attention to the VC panels at tech events.  Box's VC people noted that billionaires became angel investors in the '90s dot-com final blowoff phase, and now they're seeing it again.  D'oh!  I think one of the VCs was skeptical of the phrase "VCs are the new NASDAQ" because it implies VCs know something the public markets don't.  I agree with the panelists that this ignores the huge bubble risk today.  I am not as familiar as these VCs with the nuances of driving a company from late-stage private to early-stage public.  Even these VCs are admitting how late-stage private firms are seeing fictional valuations driven by non-VC institutional investors.  Hedge funds need to quit playing games with late-stage finance just to get the pop from an IPO that they're not getting from the rest of their baloney strategies.

The VCs' revelations make me want to get on my soapbox.  Here it comes, people.  When smart, early-stage investors like these start warning the public about what they see, the bubble game in multiple asset classes is in serious trouble.  The easy availability of capital (thanks, Federal Reserve, for nothing) and anomalous late-stage funding events have skewed many founders' expectations.  This easy money environment for high-risk businesses is very unhealthy.  A cohort of the Valley's hottest Generation Y engineers have been spoiled into thinking this bubble is their birthright.  My Gen-X cohorts learned the hard way back in the '90s how this story ends.

The single best panel comment I heard at BoxDev was from the security panel.  Someone said startups should pick their founding team with care when applying to big accelerators like Y Combinator.  The big idea is to map out everyone's skill sets as a Venn diagram to cover as much surface area as possible.  Wow, that is mind-blowing.  I'll have to try that with the next bunch of floundering founders I meet in my favorite accelerator, the Cleantech Open.

The founder panel was almost as enlightening.  One founder said that good advisers spend seed time with their startups to earn their stock options.  The best example offered was one adviser who came in several days a week, for several weeks.  He brought lengthy checklists of things to accomplish and descriptions of jobs the startup hadn't even thought of hiring to fill.  Here comes another key lesson for any potential founder who wants to grow something big.  The single most commonly cited method from this panel for acquiring early customers quickly was the early hire of a sales or business development person who had an extensive, longstanding network within the startup's target vertical.  The next most effective business development tactic was cold calls to CIOs (with LinkedIn as a good source) using an effective one-line pitch hitting pain points in cost and volume.  I am seriously going to make that part of the repertoire I impart to founders who seek my wisdom.  I knew there was a reason I needed to be at BoxDev.

The final Q+A with Aaron Levie showcased his rapid-fire humor and decision making style.  The dude is just irrepressible.  He revealed a brutal daily schedule of handling people tasks in the morning and afternoon, with admin and strategy tasks lasting through the evening.  His typical 16-hour day at the office ends at 2:00AM.  Founders, that's your life for several years when you grow a startup.  Hey Aaron, if you read this, I'm the guy who sneezed in the front row toward the end of your session, and thank you for saying "Bless you."  Common courtesy matters.

BoxDev 2015 was worth the time I spent just for the insights in the three paragraphs immediately above.  Knowing the secrets of early team design, business development, and founder work ethic gives entrepreneurs a big advantage.  Box also had a lot more food trucks on hand this year compared to 2014.  That honey waffle sandwich with fried chicken, egg, and bacon was unforgettable.  BoxDev keeps inviting the right experts; their wisdom is also unforgettable.

Full disclosure:  No investment position in Box at this time.

Alfidi Capital at Data Connectors San Francisco Tech Security Conference 2014

Data Connectors has a full schedule of tech security road shows across America.  I attended their Tech Security Conference this December when it rolled into San Francisco.  I had to get my fill of cyber defense knowledge while I filled up on free coffee.  My completely subjective reaction to the many highly qualified IT presenters will now follow.

The electronic recycling industry is seriously big business.  It gets bad press when some recyclers resell hardware without wiping hard drives.  That's how pirates access unencrypted personal data.  The best recyclers chop up every electronic component, recover metals, and process hard cases into plastic pellets.  The State of California Department of Toxic Substances Control (DTSC) knows all about processing hazardous e-waste.  Recyclers in this state must register with DTSC.  They should also apply OHSAS 18001 and the relevant ISO standards if they're serious about recycling.  Clearing and overwriting old hard disks are less complete safeguards than physical destruction.  I'll remember that the next time I turn in an obsolete laptop for recycling.

WiFi networks should have commonly available design templates.  Lack of such templates is one reason municipalities have been stymied in their efforts to create free WiFi infrastructure.  Wireless Networking in the Developing World has obvious solutions for countries that do not have to overcome legacy land line infrastructure.  The Network Startup Resource Center (NSRC) published a number of administrative guides for Internet architecture.  Public domain WiFi design is an under-resourced area in telecom.  More attention from open source designers would speed WiFi adoption.

Cyber security pros should talk more about being proactive.  Lockheed Martin's Cyber Kill Chain process is the best definition of how business intelligence fits into cyber security.  Brian Krebs' Spam Nation offers insights into unwanted emails as attack vectors.  Enterprises developing their own apps still leave them riddled with vulnerabilities for the sake of convenience.  They should change that approach before the huge amounts of bandwidth their apps require for sharing files and videos become attack vectors.

Experts on hand claimed the titles of CIO, CTO, and CISO are becoming interchangeable.  That is lamentable.  I say they should be distinct in an enterprise.  Come on, it's simple.  The CIO is the overall IT boss with the CTO, CISO, and Chief Data Officer (CDO) as direct reports.  The CTO's portfolio includes the IT infrastructure, SDLC, hardware LCM, and the lead effort on DevOps.  The CISO handles security for the network and devices.  The CDO develops the data supply chain and supports the CTO's DevOps.  I totally disagree with one speaker who claimed a CDO can replace a COO.  Really?  Maybe in some software firms, but not in the rest of the economy.

One person mentioned that poor data center architecture invites external threats.  NIST's Advanced Encryption Standard (AES) is at best a partial solution; data centers cannot ignore physical security.  Perimeter barriers and physical gaps are not scalable security measures in large organizations.  None of the speakers mentioned knowledge management (KM), but that drives security classification and network access privileges.  There is no one universal technology stack but several baselines exist.  An open UMA is one way to manage access to parts of a stack but IT people need a fuller understanding of that protocol's privacy implications.

Email retention policies can look to legal guidance that varies by sector.  California's email retention requirements are clear for its state government agencies but less clear for the private sector.  FINRA and the SEC have detailed guidance for data retention in the financial sector.  Once again, there is no universally applicable standard.  The EU invalidated its Data Retention Directive this year over privacy concerns.  I cannot locate any industry association source for a data retention standard.

Data loss prevention (DLP) requires data loss detection (DLD).  If you don't know something's gone, you won't know how to recover it.  The SANS Institute has a white paper on DLD and DLP open source tools; use their search function with those phrases for good info.  A Web search of "DNS vulnerability" brings up reports from the SEI CERT, IANA, and a few tech experts.  Prolexic's Quarterly Global DDoS Attack Report provides regular threat updates.  The IT community has learned to police itself of spoofing with the Open Resolver Project.  Plenty of thieves want to get their hands on enterprise data.

Collaboration opens up a whole new can of worms now that the cloud and BYOD are norms.  Cloud Security Alliance members should have some idea of how to use ISO 27001.  US-based multinational enterprises must also know ITAR and other US government export controls apply to their cloud services, as does FISMA if they do business with Uncle Sam.  The financial sector figured out collaboration long ago with its FIX protocol, so IT pros should check with the FIX Trading Community to watch information exchange done right.

The Ponemon Institute's annual Cost of Data Breach Study makes the IT community's case to CFOs for investments in network security.  Advanced persistent threats (APTs) have a defined life cycle that only a conscious actor can maintain.  NSS Labs and ICSA Labs do plenty of independent testing for platforms at risk of breach.  The Anti Virus Information Exchange Network (AVIEN) and the Anti-Phishing Working Group (APWG) share knowledge in the fight against cyber crime.

I have noticed that the "Ed Snowden look" of scraggly facial hair and wire rim glasses is popular among techies.  It's even in ads for tech sector companies.  Brogrammers can relate to that image but it may turn off women who want IT careers.  Getting more women - especially attractive ones - into cyber security would be a really great thing.  Attending these Tech Security Conferences is the place for them to start.  I'd be happy to escort them in myself, if you know what I mean.