by Dave Lowenstein of Federated Networks
Starting something new, anything new is always hard, for the gravitational pull of complacency has immense power. What’s even more difficult is starting something new that is transformational in its scope. Initiating disruptive transformational change in an IT industry that is skeptical and pretty darn jaded (but hey, who can blame them given the current state of affairs) is much harder still.
No doubt we software vendors have not made our path any easier by aggressively calling out the shortcomings of existing solutions, irrespective of the admittedly fortuitous timing of our now seemingly discerning comments.
When we set out to form Federated Networks with the goal of developing a secure product suite that could protect user data, content and communications against networked software’s most pervasive threat vectors, we had no idea what we would be in for along the way.
Intuitively, one might have thought the stage was well set for a pied piper selling “The Answer” to an industry with a self-evident set of problems. But, alas, the world is not beating a path to our door (cue violin music) … but then again, our product hasn’t even been released so we actually have no reason to whine (too much).
Admittedly, we miscalculated in quite a few places. It’s now abundantly clear that the benefits derived from being industry outsiders that allowed us to objectively evaluate all existing industry ideas from first principles, actually was to our disadvantage as we began marketing the company. Additionally, we have also made at least the following marketing errors:
Entrenchment – We failed to recognize just how entrenched the skeptical IT industry world view is. In most industries, skeptics are usually right for some period of time but, in the case of cyber security, the skeptics have always been right. This, of course, makes being skeptical a very logical position to take; therefore the entrenchment.
It strikes us as more than just a little convenient that the “impossibility notion” provides a convenient excuse or perhaps a plausible one for existing purveyors of weak security solutions to hide behind. Well, we believe that software can in fact can be made secure (particularly if aided by hardware isolation).
But, lest the Pharisees get too worked up, we do not believe that everything can be made impossible to hack forever. Nonetheless, remains our BHAG (thought we’d give a shout-out to a now underused mid-90’s business buzzword “big hairy audacious goal”).
Standard Practice – We erroneously chose not to follow industry standard practice of creating a technical white paper outlining our theories. Our thinking was that black box empirical investigation was much more applicable than words on paper — as many solution providers seem long on talk and short on results. We still believe that’s the case, but more words on paper might have helped with the “how/why” folks.
Commitment – We did not initially realize the intellectual and emotional commitment many of software security analysts, consultants, practitioner’s and even casual IT observers had to their own ideas regarding the solution directions most likely to be effective. At the end of the day, there are many, many more cyber security arm-chair quarterbacks than we imagined; most with pretty strong convictions in their beliefs and ideas related to what might or will work to secure cyber space. It’s tough to be heard when everyone’s trying to talk.
And so we miscalculated. In the meantime, we will take at least some comfort in the fact that having our ideas qualified as crazy or absurd, seems to be viewed at least by some as an important step on the path to greatness.
“If at first the idea is not absurd, then there is no hope for it.” ~ Albert Einstein
Dave Lowenstein is the CEO of Federated Networks.