eCrime
I spent last week at the annual APWG eCrime conference. Among the great presentations and papers, I was able to engage with some really smart people and talk about the different ideas they were researching. Some of them were; machine learning, passive dns, social behaviors as it pertains to phishing as well as moving threat intelligence at blazingly fast speeds. Of course, it wouldn't be an eCrime conference without a talk or two (or 5) about how the bad-guys are providing liquidity into their underground markets- but that's a different unicorn for a different day.
The current marketplace for general ecrime ideas and research is rapidly growing by the day. While none of these ideas are really new, there are lots of ways to solve each of these problems and no silver bullets that will dominate the market any time soon. However, the growth and sustainability of these ideas is starting to bother me a bit. It's almost as if, every technophile (cryptophile?) and entrepreneur I talk to either thinks of their idea as "just research, and I have no idea how to build on it" or "I am another unicorn, the monies will just come to me". When I ask them, "where's your PayPal button?", I get kind of a blank stare.
Why Businesses Fail
Just because you have a good idea, doesn't mean anyone will pay you for it. Ideas are a dime a dozen and in and of themselves aren't profitable. 80% of all businesses fail and almost 90% of those were probably great ideas, just suffer from poor execution and timing. While you can't really solve for timing, you can solve for execution. This can lead to better timing which gives you a higher probability of sustainability.
You have to think of your business as having a 16% probability of success and plan your resource (time, money, marketing) with that in mind. If you can keep the lights on just 1 day longer, that's one extra day you have to find the right customer that will help you turn the corner. Spend too much too fast? You'll run out of money before you make your first sale. Spend too much time on marketing and not enough on product? Nobody will believe you can deliver.
It's a balance and only those that strike it (minus the 1% that hit it out of the park the first time) end up creating long term sustainability for their idea. The trail of Unicorns is littered with things nobody remembers because they weren't able to create something profitable. From day 1, you have to be patient for growth and impatient for profits and learn how to make money, rather than how to spend someone else's. Most companies fail, because they actually never learn how to make money.
Changes
“What’s not going to change in the next 10 years?”
More than once i've cited the famous Jeff Bezo's quote. To me this means- the marketing and billing systems won't change. Why is this important? Most security professionals believe they're going to be the next unicorn. I know this, because in the past I was one of them (hi!). We ignore the general statistics of "winning the lottery" because "we are smart" and "have a great idea nobody's ever thought of- " and forget that- we're not the first one's to pioneer this path.
By ignoring these statistics, we build too big too fast, trying to attract high margin clients. We spend our energy investing in the perfection of the backend (eg: the thing that will ALWAYS change) instead of the perfection of the front end. If you're building a new restaurant, while you might spend SOME time on the initial menu- you already know it's going to change day to day. The more important bits are location, marketing and how your customers will pay you when they walk through the door. You're focus is on getting a certain percentage of foot traffic to swipe their credit card, not perfecting your soup of the day recipe. You might make a killer cupcake- but if someone starts paying a higher margin on craft beer- you might start serving that too.
In security though- that's what we do. We present our research, maybe create a mailing list and a website, but the billing and normal day to day infrastructure to extract revenue is an afterthought. We think; if you sign up for our restaurant, we'll come and tell you what the menu is after you sit down. There won't be any prices, we'll try and figure out what to charge you after you sit down. That's not to say those resturants don't exist- but usually they're by chef's who have a history of hitting it out of the park.
Takeaways
Create a landing page with a PayPal button
Create an initial price sheet, start small and do some price discovery- what things is your potential market willing to buy into
Create a newsletter- if you don't hook me today, maybe you will tomorrow.
Write regularly about the problems you're trying to solve from YOUR viewpoint
Only after these things are in place- start working on your idea
Remember- you don't need to be a unicorn, you just need to be profitable
You are certainly able to build something and run around the world trying to sell your idea. However, there's a subtly in doing things this way, the passive metrics that your users provide you, WILL TELL YOU WHERE THE MARKET IS. If, over time nobody clicks on your PayPal button, you'll know your prices are off relative to the value of your product(s).
How do I know this? My wife and I click on PayPal buttons FOR THE STUPIDEST STUFF YOU COULD POSSIBLY IMAGINE… and we don't usually think twice about it. If you write a blog post, and it doesn't gain any traction- while your idea might be good, the market might not be there yet. If nobody subscribes to your newsletter, your ideas may not be resonating with the wider audience and may need to be refined, or better positioned. Sometimes, with great ideas, you have to help your audience both find, learn and understand the problem you see, that they may not.
Listening to the Market
These metrics will shape the market for you- without you having to waste a lot of time and overhead on travel, sales pitches and infrastructure. It will also provide the most powerful feature of all- it'll enable you to completely ignore what you think is your 'competition' and have a better ear for what the market is actually suggesting. Far too often I see people running in an odd direction because "well, everyone else has that feature- I should too!". They forget, the return on investment of "not doing something" may be your biggest competitive advantage. If you can remain profitable just a single day longer than your competitors, or simply just have higher margins (lower costs vs gross profits), you win.
Who knows- maybe with your ear close to the ground, you'll hear a more lucrative opportunity. Maybe you'll then be the next big unicorn… or more likely, create something where you are free to do whatever you want for the rest of your life.. Isn't that the point?
