Skip to content

Investing in Profitable Revenue

I live in the “land of plenty” in Silicon Valley – aka there are plenty of startups that don’t have their go-to-market (G2M) figured out. I can’t tell you how many times I’ve heard about “great technology” but there is little to no product/market fit or ability to reach their buyers properly….or a combination of both. If you have product/market fit and a clear path to your buyers…well, you have an opportunity to create some profitable revenue growth.

At this point in the Janrain journey (having one quarter behind me) I made sure the whole company knew what to expect for 2016. Change was underway, and we settled into our overall 2016 theme as “Execution with Repeatability”. By end of 2016, I wanted to have clear visibility into every aspect of the business that was accurate, automated, and scalable. But this wasn’t the only thing we did…there were a few things to fix along the way.

Our 5 year plan

In order to establish a roadmap for the entire company to follow – ultimately providing the guide for the change we were architecting change – we created annual and quarterly themes for 5 years. It was my way of being in every meeting, every hallway discussion, participating in every decision…not physically, but virtually by giving the staff a roadmap for the business’ transformation.

Profitable Revenue (Qtr 2 out of 11)

This annual theme was further supported by the following quarterly themes and associated messages (straight from materials shared with the staff):

  • Q1: Setting the “HighBar” – HighBar is more than a PE investor. They are an extension of our team and have the resources to assist us in being successful. This quarter has been about HighBar and Janrain setting the basis for a long-term partnership.
  • Q2: Taking the “Tribalry Summit” – This is about leadership – starting with the senior team learning how to take the more difficult paths, challenging ourselves to do things differently, and preparing ourselves for the change needed to fuel our growth.
  • Q3: Investing in “Profitable Revenue” – This quarter is about not only continuing our investment in our Sales and Marketing model, but proving that it will result in profitable growth.
  • Q4: Proving our “Repeatability” – By the end of 2016 we need to achieve repeatability across ALL parts of our business, from engineering, to delivery, to sales and marketing with clear, measurable metrics. This will be a must-have, entering into 2017.


In 3Q16 we applied the following playbooks:

  • Product Innovation MVP: Using outside consultants to help establish a thesis on future potential MVPs we could use to differentiate the company (we used IDEO + Datascope).
  • Use-of-Funds Workshop: Making sure we are always spending our money on the right areas of the business
  • Top 3 Issues Processing: Brainstorming on what the entire company would attempt to solve in the next quarter across organizations.
  • Business Metrics Walkthrough: Knowing your key metrics by business function, know the industry benchmark, and starting to devise a plan on how to accurately capture and compare on a monthly basis.
  • Painted Picture: We created “2016 Goals” by senior team member (what would “success” look like for each exec year-end on December 31st, 2016?), and then I pushed past 2016 to a mid-point in the 5-year plan, aligning the team behind the goal of: 1) revenue = 2x of 2016,  2) requiring 50% YoY booking growth, 3) profitability (or cash-flow BE), 4) all by mid-2018 (2 years from the exercise).
  • Profitability (P&L) by Customer: The purpose of the exercise is to address questions like: 1) What is the “cut-off” for a customer worth pursing? Do we use size of identity footprint? ARR? 2) How do we operationalize this with sales? ARR minimum? 3) Effectively filter out in our qualification process 4) What do we do with the existing customers who fall “below the line”? Fire them? How/When? 5) How do we improve profitability of existing and future customers (aka higher GM)?
  • Sales Strategy & Plan: Profitable revenue requires a sales strategy by region, by rep, by product. We had to redefine account assignments, a minimum ARR target, and pipeline qualification (pick your methodology: ANUM or BANT)
  • Professional Services Capacity Planning: Addressing capacity concerns so that we don’t trip up sales with the lack of ability to deliver.
  • Customer Success DRR Review: This is a detailed exercise in planning to achieve a healthy Dollar Retention Rate (DRR). It is a “twelve-step” process including: 1) DRR YTD (Gross Retention + Add-on) vs. Goal; 2) Total Year Outlook/Projection (Closed-Won, Commit, Forecast to close, Closed-Lost); 3) By Quarter Q1-Q4; 4) Q1 Loss Summary;  5) Q2 Loss Summary; 6) 2H Upcoming Renewals by Account; 7) Analysis on Add-Ons vs. Price-Downs 8) Health by Account; 9) Utilization of platform by Account (Used vs. Sold); 10) Red Account Plans; 11) Summary of Customer Success Manager assignments; 12) Key Accounts with Plans vs. Yet to be completed.
  • Partner Strategy & Plan: This includes: Key KPIs, partner category definitions,  associated business models (including target gross margins), matrix in steady state, quarterly plan and objectives summary with “asks”.
  • Cost of Customer Acquistion by Market Segment: Customer acquisition cost (CAC) is a metric that has been growing in use for SaaS companies. The CAC can be calculated by simply dividing all the costs spent on acquiring a customer (marketing and sales expenses) by the number of customers acquired in the period the money was spent. For example, if a company spent $100 on marketing & sales in a year and acquired 100 customers in the same year, their CAC is $1.00.
  • Product Backlog Prioritization: How to measure: 1) roadmap item value to the business (customer $revenue increase, customer sat increase, cost of infrastructure decrease), 2) Level of effort associated in building, 3) Risk associated in our estimates; 4) priority = function of (value / cost) * Risk Factor.
  • Engineering Velocity Allocation: Early on we began to measure and target how we allocated our “build engine” of engineering talent. We categorized by: 1) Run the Engine (RTE) which included production support and maintenance, 2) Customer Commits which included product roadmap items we knew customers needed (in some cases we needed to commit to in order to win RFPs), and 3) Innovation which covered our experimentation and more advanced new capability research (adv R&D). The desire was to get to a 20/60/20 vs. the 60/35/5 we were at during this particular quarter.
  • Corporate Development Strategy: Senior team analysis of 1+1=5 scenarios – categories of ecosystem players, brainstorming with one leader in each category.
  • Executive Sponsor Program: Goals, duties as an executive sponsor, selection of customers and executive sponsors.
  • Product P&L and Customer ROI Analysis: This is an exercise that supports categorizing your offerings into the BCG matrix of 1) Dogs, 2) Cash Cows, 3) Questions Marks, 4) Stars.
  • Vision, Mission, Values + Employee Sat: This is one of my focus areas, as it anchors across so many parts of the business, including G2M. We also included a workshop on how to properly measure internal employee satisfaction, knowing that change management was going to be key. We set up the TinyPulse platform, established a monthly “Cultural Ambassador” program, and encouraged “cheers for peers”. We also kicked off a “values” initiative which involved the whole company.
  • Pricing & Packaging: A complete overhaul in the pricing model, effectively an increase in all pricing by 20%, the addition of support tiers, etc. How else can you achieve the “profitability” component along side of revenue growth?
  • Top 5: Setting Quarterly “Top 5 MBOs” by business function / executive

Laying the Innovation Groundwork

We also invited the founder, Dean Malmgren, of Datascope, a data science consultancy of over 20 of the brightest data-savvy minds (and later acquired by IDEO). My agenda with Datascope/IDEO was to establish the basis for long-term competitive advantage at Janrain, using the network of identity data available to us. We brainstormed 487 potential use-cases that the Janrain data could support. Out of those we ranked and chose the top four:

  • Developer Love: Data-driven tools for dev/tech support
  • Customer Journey: “Shades of Grey” (from initial unknown user to high customer lifetime value)
  • Customer Risk Scoring / Segmentation: How to protect your digital identity
  • Peer Benchmarking: One customer relative to the “network” of other customers.

We initially prioritized developing our anonymous data tracking capabilities while partnering with a risk-score partner (Iovation, Threatmetrix, and/or Telesign) to accomplish an early MVP on “Customer Journey” and “Customer Risk Scoring” respectively. We also agreed that our “Identity Analytics” needed a complete overhaul to support both “Developer Love” and “Peer Benchmarking”. Therefore, we needed to move off of Tableau and adopt Looker for our Identity BI.

As a side-note, it was becoming apparent was that no one at Janrain understood how to build a scalable data and analytics capability and that we also lacked the Product Management leadership as it applied to data products. We needed to focus on the team as much as we did the strategy and tech.

3Q16 Top 3 Issues

  1. Long-term Stability of the Platform: How to achieve 99.999% consistently (based on our strategy to go after the high-end customer).
  2. Delivery Partners: How to prepare to deliver on what we sell (and profitably) through an ecosystem (vs. building too much PS into our P&L).
  3. Increase sales pipeline for 2H16: Reshaping our pipe with >$1B profile clients and adopting a better qualification criteria overall.

The Team

We managed to get out to do some zip-lining at the Pumpkin Zip Tour just outside Portland. It was a fabulous zip that reaches heights of up to 120 feet during our two hour canopy tour.

Posted in Leadership.

Tagged with , , , , , , , , , , .

Supercharging Your Leadership Team

The Leadership Team Profile

“Culture is driven from the top.”, Jack Shemer, Founder & CEO of Teradata

Jack used to put sticky notes on my desk every time he visited me at the office, back when I was CEO of INCEP Technologies (the first company I founded). I find myself reflecting on the leadership skills Jack passed onto me, quite often. He gave me my “wings” as a CEO, mentoring me in my very first CEO role. I used to describe Jack Shemer as “the Jack Welch of Data Warehousing”.

When you look at both Jacks’ management styles (Shemer and Welch), they had a few things in common:

  1. They both rose through the ranks, starting as junior engineers.
  2. They prioritized employees and customers, knowing that shareholders would benefit.
  3. They had the reputation of being ruthless in hiring A-team players – effectively always firing the bottom 10 percent of management, but at the same time significantly inspiring people to become and/or be the top 20 percent.
  4. They brought an informal feeling to the employees – creating a strong inclusive company culture.

Great leadership can be the difference between the ordinary and extraordinary company experience. Taking your business to the next level always requires great leadership. Most people understand the cliche statement that management is not leadership. But what does that really mean?

The two roles are often conflated and, again, most know that a manager isn’t necessarily a leader. Great managers are facilitators while poor ones are focused on hierarchy and exercising their ‘power’.

When I recruit staff, I’m looking for special people…at all levels – whether in senior positions or in the ranks. Does an employee prospect excel  based on their abilities and strengths, or do they need to leverage their “power”, typically associated with their job title? The not-so-subtle difference between a manager and a leader is that the best leaders encourage/nurture/maximize others for the mutual benefit and inspiration of all, including themselves. Here are a few behavioral questions I think of when getting to know my future leaders at my company:

“Give me an example of where you initiated a project that involved positive/impactful change.”

“How did you communicate your vision for the project?”

“How did you translate that vision into reality?”

“How did you inspire/motivate others along the way?”

“What were some of the tough decisions you led? How did you get others on board with them?”

Heidrick & Struggles conducted extensive research involving more than 14,000 senior executives (including more than 1,250 CEOs) and identified eight statistically distinct leadership styles or “signatures” as follows:

  1. Forecaster: Learning oriented, deeply knowledgeable, visionary, yet cautious in decision making
  2. Provider: Action oriented, confident in own path or methodology, loyal to colleagues, driven to provide for others
  3. Producer: Task focused, results oriented, linear thinker, loyal to tradition
  4. Collaborator: Empathetic, talent spotting, coaching oriented
  5. Harmonizer: Reliable, quality driven, execution focused, creates positive and stable environments, inspires loyalty
  6. Pilot: Strategic, visionary, adroit at managing complexity, comfortable with ambiguity, open to input, team oriented
  7. Energizer: Charismatic, inspiring, connects emotionally, provides meaning
  8. Composer: Independent, creative, problem solving, decisive, self-reliant

CEOs, specifically, scored as follows:

  • High: “Forecaster” & “Provider”
  • Relatively High: “Producer” & “Collaborator”

Understanding your own management style as well as your team can be very helpful. It gives you insights into why/how people approach problems; why/how they interact with others. You can use behavioral tests like DISC or Myers Briggs, of course, to get a consistent view of your leadership team based on their behavioral traits.

I use Myers Briggs with all my teams, to see how the leadership team fits into the 16 personality types. I am an ENTJ (“The Commander”), which is typical for a CEO. At my last company, I had 12 direct reports and, in the end, they exhibited the following personalities:

This was one of many tools I use to get to know my team. Reflecting on my most recent experience at Janrain (now Akamai), it was very similar to many of my previous company journeys – I began with my focus on the senior team back in the beginning of 2Q 2016.

Taking the Tribalry Summit (Qtr 1 out of 11)

After two weeks on the job (I started April 4, 2016), I kicked off my first senior leadership team QBR (Quarterly Business Review). I titled the 2Q 2016 QBR “Taking the Tribalry Summit”. I focused on the senior team, solely, teaching them how to take the more difficult paths; challenging them to do things differently; and preparing them for the significant change needed to fuel our growth over the next three years. I used some of the messaging from “Tribalry: A Business Tale” by Jared Stewart.


Some of my playbooks that quarter, specifically for the senior team, included the following:

  1. Taking a Myers Briggs test and analyzing the results with the team together
  2. Having all team members read “Five Dysfunctions of a Team” and discussing similarities at our company
  3. Asking the team 6 personal questions which gave them all a deeper view into who they were
  4. Participating in a team-building event (in this case it was skydiving!)
  5. Leading them through their first “Team 360”
  6. Performing a Senior Team 1:1 Risk/Operational Assessment
  7. Leading them through a Staff Talent Assessment (of the entire company)
  8. Indoctrinating them into my “Management System”

This was the beginning of a business transformation which started at the top. Four of the senior team members were new (including me) at that QBR, four members moved on after that quarter, leaving four of the original team who weathered the transformation over a total of 11 quarters (including the founder). The above picture was the team at iFLY, an-HR approved version of sky-diving.

Other playbooks for 2Q16 included:

  1. Establishing the right hiring plan
  2. Creating a KPI Dashboard by business function (with key target values for all metrics)
  3. Issue processing – Identifying & solutioning the “Top 3 business issues” for the company
  4. Setting Quarterly “Top 5 MBOs” by business function (and executive)
  5. Establishing an Annual “Painted Picture” Strategic Planning Process
  6. Laying the Groundwork for the #1 Future Competitive Differentiator
  7. TCO/ROI modeling that would fuel our value proposition messaging

Outside Perspective

Lastly, as part of this QBR, I also brought in TWO outside speakers including:

  • PacificCrest Securities analyst, Brendan Barnicle, to review what is now the KeyBank SaaS Survey benchmarks that we used to establish targets across the entire business.
  • O’Reilly Media’s VP of Innovation, Roger Magoulas, who at the time chaired the largest Big Data & Analytics conference globally – Strata. He was (and is) one of the most well-connected and knowledgeable people in the “data and analytics space”. We used Roger to establish our thesis around the use of identity data and behavioral analytics as a key differentiator for both marketing and security use cases.

2Q16 Top 3 Issues

At this early stage, I wanted to direct the team’s energy on planting seeds for future growth within three areas (see below). Also, each senior team member would have a chance to solution at least one burning problem within their business function (something we did at every following QBR). The 2Q16 Top 3:

  1. How to Grow the EU Business (It should will be the future growth engine with the upcoming data regulations)
  2. Product Innovation (the beginning of data & analytics initiative establishing our key competitive advantage)
  3. Creating an “ROI” picture for customers (the beginning of our value proposition exercise and transformation for Customer Success)

Here’s a little bonus idea for you – on my first day on the job, I sent a 5-year-in-the-future press release out to the entire company. It played into my first monthly all-hands, and the beginning of my “Vision, Mission, Value” exercise with my head of HR and head of Marketing later.

Posted in Leadership.

Tagged with , , , , , , , , , , .

Digital Identity Reflections


It’s been quite an identity ride over the past three years (2016 – 2018), as I’ve led the leader in Customer Identity and Access Management (CIAM). I couldn’t help but reflect a little over the holidays…

2016 in Identity – CIAM shifts from marketing to security.

Hindsight is great. So if you’re an identity executive and you’re now saying that customer identity is more about security than marketing….well, welcome to the group. However, we had the foresight to predict that and create a 5-year strategy that invested into that thesis, starting in 2016.


2017 in Identity – CIAM becomes politically charged.

No one could have predicted the level at which customer data was being used inappropriately. Hindsight now confirms that customer privacy is not only important, but if not properly protected can be leveraged to perform the worst actions. 13 Russians have been indicted by special counsel Robert S. Mueller III on an elaborate conspiracy to incite political discord in the United States presidential campaign. Why do we attach CIAM to this? Well, this is 100% about protecting against harmful digital hackers disguising themselves as upstanding citizens. If you recall, Clinton campaign chairman John Podesta received a phishing email masked as an alert from Google that another user had tried to access his account. It contained a link to a page where Podesta could change his password. He shared the email with a staffer from the campaign’s help desk. The staffer replies with a typo – instead of typing “This is an illegitimate email,” the staffer types “This is a legitimate email.” Podesta follows the instructions and types a new password, allowing hackers to access his emails.


2018 in Identity – CIAM covers the entire journey of personal information & trust becomes the focus.

The Zero Trust Architecture model was created in 2010 by John Kindervag, who at the time was a principal analyst at Forrester Research Inc. Zero Trust is a security concept centered on the belief that organizations should not automatically trust anything inside or outside its perimeters and instead must verify anything and everything trying to connect to its systems before granting access. The first step to enable a Zero Trust model IS strong identity and access management (building strong authentication, authorization, and encryption throughout) , and I think we can all agree that Zero Trust for consumer data became the focus for 2018 (practically everyone jumped in – including Google, Microsoft and others) and will drive a suite of new innovation in 2019.


  • Trumpism Is ‘Identity Politics’ – politics based in appeals to the loathing of, or membership in, a particular group.
  • Government of Canada announced it will launch a pilot for the new Known Traveller Digital Identity prototype, in collaboration with the World Economic Forum
  • Mastercard and Microsoft announced a strategic collaboration to improve how people manage and use their digital identity.
  • PSD2 applies as of January, 2018 – European Banking Authority (EBA) recently released new guidelines on open banking systems, which named data security a top priority as banks will begin to share their customers’ financial information with other authorized providers.
  • General Data Protection Regulation (GDPR) is enforced as of May 25, 2018. Digital identity data becomes the center of every digital transformation project.
  • Marriott breach exposes over 500MM digital identities; Under Armour expanded to 150MM; Adidas; and even Identity theft protection firm LifeLock experience breaches.
  • Facebook Cambridge identity data misuse advances to a Facebook identity data breach. The world begins to treat all personal data as a first class citizen (anonymous, known, social, health, financial….it doesn’t matter). Who can a consumer trust anymore?
  • US digital identity breaches reach 1,370,710,977 in total.
  • Relx, the UK-listed information and analytics group, purchases ThreatMetrix, an online identify verification business, for £580m

Again, it’s been an exciting time in the land of digital identity. Digital identity, in general, and Customer Identity and Access Management (CIAM), specifically,  has become the center of all digital transformation projects. “Identity-first” brands have begun to treat each customer’s unique digital identity as the key to their personally connected world and, thus, the most valuable thing they own.

Posted in Identity.

Tagged with , , , , , , , , , , , , , , , , , , , .

It is how the team responds to it’s time(s) of crisis

I began my engineering career at NCR in 1988. Shortly thereafter, NCR entered into a joint development project with Teradata (called P90). I was selected as one of five principal engineers to develop Teradata’s Banyan crossbar circuit-switched high-speed network (referred to as the BYNET), that made the Teradata system linearly scalable up to 4096 physical compute nodes. It was then that I met Jack Shemer, co-founder and CEO of Teradata, and the man who literally changed my life.

And I actually have to thank David Hartke, co-founder of Teradata, in 1999, because it wasn’t until  I first approached David…that I would start the most wild ride of my life with Jack.

“David, a few of us are working on this concept we’re referring to as ‘inter-circuit encapsulated packaging’. We think it might enable a new power delivery architecture for microprocessors. We’re proposing to combine the microprocessor die and its chip-carrier substrate with the microprocessor’s power conditioning circuitry in such a way that could transform the industry.”

David looked into our concepts and quickly came back to us. It was very exciting times….we really thought we had something game-changing.

“Jim, if this works, you’re right…you could be onto something. But you understand that if you can truly deliver a novel chip package for the microprocessor industry, your biggest problem will be business…you’re go-to-market. I suggest that you talk to Jack. He would have a better appreciation of how you might be able to build a business out of this.”

And that was it. My life had changed. Of course Jack would take a look at something that David recommended he investigate. And with David’s support, it didn’t take long for Jack to get excited. He has always been an entrepreneur at heart….which I later had an opportunity to learn about in detail.

He would tell me about his days studying mathematics and physics at Occidental, his electrical engineering at Arizona State, and his PhD from Southern Methodist. But I would never forget the stories he told me about his business experiences at GE, Scientific Data Systems, Xerox, Citicorp, and, of course, Teradata, all carefully offered to make critical points during our journey together…a journey that began after David had encouraged me to reach out to Jack.

“Jim, I’ve discussed your proposed technology with David, and I agree that it’s quite compelling.”

After much due diligence and further business planning, Jack agreed to come out of retirement for one last venture…but only with certain conditions:

  1. That he be able to invest in the company
  2. That he become the Chairman
  3. And that he be able to mentor me as a CEO

We founded INCEP Technologies in 1999, with the vision of disrupting the computer industry. We would develop a new microprocessor package with companies like Intel and AMD. We combined the microprocessor die and its chip-carrier substrates with the CPU’s power conditioning circuitry (voltage regulator) in such a way that we could help sustain Moore’s Law in silicon density for decades. Intel, AMD, IBM, and others would have a chip packaging architecture that would support generations of their CPUs….and we would make history being a critical change agent.


Not only did we get a design win with Intel for the McKinley (Intel’s second generation of the Intel’s Itanium CPU), but we also developed a desktop CPU prototype with Intel’s arch rival, AMD (that’s a whole other story).

INCEP AMD Prototype

I will never forget the day that we received news from Mike Fister, Intel’s Vice President and General Manager of the Enterprise Platform division responsible for the Itanium. In early 2004, Intel made a change that would essentially rob us of our dream.

Intel announced its plan to add 64-bit capabilities to its Xeon server processors, following the approach that AMD had embarked years earlier. AMD had gambled on creating a new line of chips that included special 64-bit extensions on their exiting 32-bit CPU architecture, making it possible to run traditional 32-bit Intel-compatible programs as well as newer 64-bit software.

So rather than keeping their 32-bit and 64-bit CPU lines separate, Intel followed suit….essentially building 64-bit capabilities into their popular 32-bit CPU lines.  The Itanium product was essentially dead.

Having bet our company on the Itanium, we would be forced to sell and never realize our dreams.

“If anyone thinks the journey is going to be easy, you are mistaken.  Success requires on hell of a lot of hard work and dedication.”

This was one of many musings that Jack would share with us. Matter of fact, he compiled a list he referred to as “one-liners” which was a collection of material he had compiled over the years – reflections of well known sages, including himself; all supporting his own personal philosophies in five general areas: entrepreneurs, management, sales/marketing, hiring, and culture (the last a slight paraphrase by me, and my personal favorite). I still have that list today.

“Every venture will experience at least one point in time when it is on the brink of failure. It is how the team responds to it’s time(s) of crisis that will determine whether you succeed or not.”

Jack, I want you to know that I have never forgotten this! I use this phrase all the time. You had told us that you paraphrased this from quotes of “Tommy” Davis and Peter Drucker.

I reflect every day about how lucky I am…for everything you passed on to me. My list of lessons from you is long, and they will never be forgotten. I only wish I can achieve a fraction of the success you have created, and even more importantly, I hope that I can pass on everything you taught me to other aspiring leaders.

You are my inspiration and you essentially made my ability to become a CEO possible. I am truly in your debt and forever grateful.

Posted in Leadership.

Tagged with , , , , , , , .

How brands should prepare for the convergence of identities and the Internet of Things


Q&A with Merritt Maxim of Forrester

Anyone who knows me, knows that I’m extremely passionate about opportunities involving Internet of Things (IoT) – or should I call it Identity of Things – and what it will bring to end-consumers and businesses alike! The industry of connected devices is growing at a breakneck speed and consumers are getting more and more excited as they learn about the ever-expanding possibilities.

But are brands preparing themselves properly for IoT? Do they know the complexities involved?

I recently invited Merritt Maxim, Senior Analyst at Forrester Research, to join me for a webinar to discuss the importance of protecting customer identity data in the era of IoT. We covered such topics as:

  • Understanding the landscape of identity threat vulnerabilities and the impact of breaches on brand experience and customer loyalty
  • Managing the relationship between users and devices
  • Exploring case studies and best practices for protecting customer identity data

Merritt and I then had an opportunity to reflect a little more after our webinar…

Jim: What are the main security implications as Internet of Things is taking off?

Merritt: IoT-enabled connected devices create a range of security and privacy risks. First, IoT devices can increase risk to your company and brand because these devices expand your company’s potential attack surface. The increased attack surface can place your company’s core systems and data at risk, as was clearly demonstrated during the Mirai botnet in the fall of 2016. IoT security requires an end-to-end approach. IoT security must incorporate an end-to-end architecture from the IoT device to the cloud back end. While many security teams focus on securing the IoT device with technologies such as encryption, trusted execution environments, and other chip-level measures, security teams can’t implement these device-centric approaches in isolation. In many cases, IoT devices may operate autonomously, or semi-autonomously, and will not have a human identity involved to validate and authenticate actions. This means that the security teams need to place an equivalent level of emphasis and priority on securing network communications and the back-end data stores connected to IoT devices.

Jim: What are the right questions to ask when considering an IoT vendor or partner?

Merritt: When evaluating any IoT vendor or partner, a crucial consideration is the breadth and depth of the vendor’s IoT ecosystem. The reality today is that it is unlikely that any single technology vendor can address all enterprise requirements for an IoT solution. This places a premium on vendors that maintain or participate in a broader ecosystem of IoT products and services. Rich IoT ecosystems possess more partners and talent familiar working with the systems, which helps ease integration challenges and accelerate deployment times in a risk-appropriate manner. Security certifications are also emerging in importance, and while there is no single definitive IoT standard, certifications are still a useful measure on a given supplier’s commitment to data security.

Jim: With the merging of identities and connected devices, how are brands going to safeguard customer data and trust?

Merritt: Encryption is an absolute must. In IoT scenarios, encryption (whether on the data, the network, or both) is an essential IoT security best practice. And although encryption is necessary to meet the usual requirements around personal privacy and confidentiality, many IoT scenarios now involve automation of industrial, business, and personal processes. This may create business value, but it also introduces scenarios where breaching of these IoT systems can lead to destruction of property and equipment and even personal safety issues. The higher potential risks associated with IoT scenarios mandate encryption of data in motion and at rest and that the security team maintain appropriate key management processes and procedures to ensure integrity of the encryption keys.

In addition to securing the data in motion and at rest (on the device and in the cloud back end), brands must also provide adequate policies around usage and sharing of data that consumers can easily opt in or opt out of, thus providing customers the confidence that their data is being used and shared in an appropriate manner. When done correctly, such measures can reinforce customers’ perceptions toward individual brands.

Jim: How should IT departments prepare to support customer identities across connected devices?

Merritt: Organizations need to focus on the basics first. The first step would involve conducting a base assessment to identify which systems, devices, and users connect with or store valuable data, and prioritize those assets over all others. This ensures that any security alerts are prioritized based on risk.

Once the assessment is complete, a next step would involve investigating technologies such as strong device authentication controls to the identity of an IoT device and verifying its state. This could include usage of digital certificates/PKI to identify devices as authentic. The next layer would involve assessing how to enable end users to set policies on which actions, data collections, and software updates can be performed on a device and how such policies can be enforced across devices or across individuals (such as in a connected home environment, where there may only be one device but multiple family members with different levels of authorization.)

Another growing area of interest is assessing how analytics can be used to identify device and user behavior that may indicate security vulnerabilities and compromises, so that the security team can proactively respond to such possible breaches.

Jim: What are Forrester’s predictions about IoT trends this year?

Merritt: In 2017, we expect that hackers will continue to use IoT devices to promulgate distributed denial of service (DDoS) attacks and attack devices themselves. The biggest targets will likely be the hottest areas of IoT adoption, including:

  1. Fleet management in transportation
  2. Security and surveillance applications in government
  3. Inventory and warehouse management applications in retail
  4. Industrial asset management in primary manufacturing

The fact that many IoT solutions lack simple update and patching mechanisms exacerbates the security problem, making remediation of security vulnerabilities more challenging.

The continued rise of IoT threats will require security teams to collaborate more closely with developers to ensure the ability to release and deploy remediation quickly and prevent organizations, brands, and devices from becoming the 2017 poster child for IoT security incidents.

To hear more from our recent webinar on IoT, please watch the replay here. And if ever you’d like to have a meaty conversation on where the IoT industry is going, I’m always up for a chat!

Posted in Data, Identity, IoT.

Tagged with , , , , , , , , , , , , , , .

My Home Was Hacked!

Kaskade Home Hacked

I can’t tell my wife about any of the details of our new home security cameras from NEST. I fear that she’ll learn about the level of security associated with all my digital home product choices, and literally shut me down before I perfect all my possible security measures.

Take a look at this live preschool webcam here. If you catch it at the right time, you’ll see the room full of kids playing. It doesn’t take much to use the latitude / longitude within a given radius to search a select number of day care and preschool locations. I  narrowed this webcam down to less than 5 possibilities. I suppose the good side of this is that anyone can check to make sure the staff is working hard, taking care of our kids! The bad thing is that anyone has access to this day care in downtown Houston, TX. If you’re curious, take a look at the other 4400 unsecure webcams in the US by city on this site. If you’re real bored, you can use this IoT search engine,,  to find any unsecured device around the globe.

One can also direct their attack at a specific person. Webcam infections, like many other malware infections, can occur if you download a program that contains a Trojan. Trojans, unlike viruses, do not spread through replication. Instead, they’re hidden within programs that you install on purpose. When a webcam hack occurs, Trojan malware finds a way to activate cameras and control them without the owner’s knowledge. If you’re on a MAC, like I am, stare into the webcam on your monitor and ask yourself, “am I being watched?”. Just ask Miss Teen USA Cassidy Wolf about her compromised Apple laptop webcam.

There’s an old saying that we’re only as safe as the weakest link in the chain. That saying has real meaning with the Internet of Things, where one weak link (IPTV, smart coffee maker, etc.) can bring down a chain of connected devices…and/or your entire home network. Here’s a list of default usernames and passwords of a number of targeted devices, in case you’re ready to test your own home security.

Remember how easily Lakhani, security researcher at Fortinet, took control of a video camera? He said that gadget makers are partly to blame because they want to make their products as simple to set up as possible. That often means using default passwords like “admin” and encouraging users to log in to their devices through unsafe web accounts.

Here’s a list of the username and passwords of the most widely used webcams:

  • ACTi: admin/123456 or Admin/123456
  • Axis (traditional): root/pass,
  • Axis (new): requires password creation during first login
  • Cisco: No default password, requires creation during first login
  • Grandstream: admin/admin
  • IQinVision: root/system
  • Mobotix: admin/meinsm
  • Panasonic: admin/12345
  • Samsung Electronics: root/root or admin/4321
  • Samsung Techwin (old): admin/1111111
  • Samsung Techwin (new): admin/4321
  • Sony: admin/admin
  • TRENDnet: admin/admin
  • Toshiba: root/ikwd
  • Vivotek: root/<blank>
  • WebcamXP: admin/ <blank>

I include this list because, yes, I too was successful in hacking my neighbor’s webcam this weekend using one from this list. OMG!! In case you’re worried, here are a few precautions to keep your geeky neighbors off your home network.

Using your IoT device to hack into your home network

Fortinet researcher, Axelle Apvrille, found a Fitbit in her vicinity, and she used its Bluetooth connection to upload a small piece of unauthorized  software into the device. When the Fitbit was synched via Bluetooth up to a smart phone and/or laptop, the Fitbit sent software to the connecting device as it uploaded its data. Once this back door was created into their system, Axelle could can gain full access to the user’s machine. She demonstrated this simple method of using a consumer IoT device to gain access to your home system at a European computer security conference last year. It was the first time malware has been viably delivered to fitness trackers.

Using your IoT device as part of a Botnet

If you were anywhere near the internet in the US on Friday, October 21, you probably noticed a bunch of your favorite websites were down for much of the day. It’s all because thousands of IoT devices — DVRs and web-connected cameras — were hacked.

Once the hackers had control over these devices, they manipulated them into sending an overwhelming number of requests to a company that serves up the websites for Netflix, Google, Spotify and Twitter. When the traffic became too much to handle, the sites crashed. It was an old-school attack — often called a distributed denial of service attack, or DDoS — powered by the new web of devices called the internet of things.

To take over the cameras, hackers inserted Mirai, malicious software that lets bad guys use at least 100,000 devices as soldiers in its IoT army. The technical name for this IoT army is a botnet, and hackers have been making them out of computers for a very long time. Except this time they used internet of things – an even more powerful tool to carry out attacks. They used the botnet to send tons and tons of junk requests to Dyn, a company that manages web traffic for all the websites that were affected.

Integrity of Things?

The European Commission is now drafting new cybersecurity requirements to beef up security around so-called Internet of Things (IoT) devices such as Web-connected security cameras, routers and digital video recorders (DVRs). News of the expected proposal comes as security firms are warning that a great many IoT devices are equipped with little or no security protections.

The Wall Street Journal didn’t help my digital home efforts with my wife when they highlighted all my devices as security threats.

Arggg. We need a way to ensure the integrity of our IoT devices before I finish my home remodeling, and definitely before my home is hacked!

Posted in IoT, Security.

Tagged with , , , , .

Integrity of Things

The Beginning of Your Digital Identity

This somewhat dates me (as I just recently celebrated my half-century birthday)…I remember my Radio Shack TRS-80 color display computer with a dial-up modem connection to the CompuServe Information Service (CIS) in the early 1980’s. I received my TRS-80 under the Christmas tree when I was a teenager.

Screen Shot 2016-05-02 at 8.46.34 PM

Back then the “Internet” was all about file transfers, bulletin boards, and email. This is also, arguably, the beginning of social networking when users could communicate with a central system where they could download games and post messages to each other.

AOL created its member-created communities (complete with searchable “Member Profiles,” in which users would list pertinent details about themselves). If you don’t agree that CompuServe created the first social network (aka community), then maybe you’ll agree that AOL led the social network era with its community-based website.

By the mid-1990s it was in full motion. Yahoo! had just launched, Amazon had just begun selling books, and the race to get a PC in every household was on (Windows Version 3.0 became the default for every new PC).

Then a transformational social media site launched, called Six Degrees in 1997. It was named after the ‘six degrees of separation’ theory. Six Degrees allowed users to create a profile and then friend other users. Six Degrees also allowed those who didn’t register as users to confirm friendships and connected quite a few people this way.

By the year 2000, around 100 million people had access to the internet, and it became quite common for people to be engaged socially online. Of course, then it was still looked at as an odd hobby at best (e.g. for geeks like me).

In 2002, social networking hit its stride with the launch of Friendster. Friendster used a degree of separation concept similar to that of the now-defunct, but refined it into a routine dubbed the “Circle of Friends” (yeap Google, you weren’t the first to try!), and promoted the idea that a rich online community can exist only between people who truly have common bonds. And it ensured there were plenty of ways to discover those bonds.

From there it’s history! Most people recall that “social” took off from there with networks like MySpace (2003), Linkedin (2003), Facebook (2004), and Twitter (2006).

From 2002 to 2016, we’ve seen 100M people in total across all social networks become over 2 billion users with 1.7 billion monthly active users on Facebook alone. The number of digital identities on the Internet has grown to almost half of the global population. As an end-consumer, you now have access to over 2 million digital applications just on your phone, and over 1 billion websites on the web….and social has powered much of this digital growth.

Social Networks Empower Digital Identities

Back in 2002, few knew that Larry Drebes was studying the huge potential of social networking while he was at Yahoo!. He had became a part of the Yahoo! team earlier when they acquired his company, Four11, which created the product RocketMail. Four11’s RocketMail became the basis of Yahoo! mail today.

Larry had envisioned a need where companies would need to manage the growing number of user digital identities. This led to his work as part of the founding team of OpenID, a protocol that allows users to be authenticated by co-operating websites (known as Relying Parties or RPs) using a third party identity authentication service. The thinking was that people on the Internet could register and login into their digital applications without having to have a separate identity and password for each. The OpenID protocol work led to Larry starting Janrain, and Larry realizing his vision. Janrain became the first to provide what is referred to as Social Login today, and that was only the beginning.

Identity Access and Management Explodes

Managing customer identities on both web and mobile applications is known by you and me through our daily experiences with traditional registration and login, social login, Single Sign-On (SSO), profile management (e.g. filling out your public information like your nick name, your city, schools attended, hobbies, etc) and preference management (e.g. what information that you want to opt into). It may seem simple, but the seamless consumer experience takes a lot of work under the covers by companies who are constantly enhancing your digital experiences.

Behind the scenes, your banks, retail stores, wireless carriers, hospitals, digital home product providers, and utility companies are all working with a group of Identity Access and Management (IAM) providers to offer a host of digital identity services that effectively automate identity services such as:

  • User Provisioning
  • Access Management
  • Multi-Factor Authentication
  • Single Sign-on
  • Directory Services
  • Password Management
  • Governance & Compliance Management

Janrain may have been the first to create the category back in 2002, but now it’s one of many companies who have seen the potential in making consumer digital experiences simple and safe. Other companies in this space include:

All these companies have two fundamental things in common: 1) Identity and Access Management, of course,  and 2) the End-User or Customer. These companies are better known for providing identity services to external end-customers as opposed to internal employees of global enterprise companies (employee identity and access management is used for legacy workforce applications and/or workforce to SaaS use-cases).

Vendors known for internal or more traditional employee-centric IAM include:

There is also a big difference between older solutions originally engineered for on-premise deployment (initially designed for physical servers in company data centers) versus native cloud engineered solutions. For example, companies like IBM, Oracle, Microsoft, and CA all initially addressed IAM through traditional software solutions whereas new entrants like Okta and OneLogin were born out of the public cloud generation.

Similarly, Janrain launched its native cloud services on Amazon in late 2005 right after the public cloud giant launched, whereas others in the customer identity and access management market established themselves as traditional software products.

Your Worst Nightmare – Digital Identity Theft

Javelin’s report, “2015 Identity Fraud: Protecting Vulnerable Populations“, found that fraudsters stole $16 billion from 12.7 million consumers in the U.S. ALONE in 2014. With a new identity fraud victim every two seconds, there continues to be a significant risk to consumers who embrace going digital.

Data breaches were a big headline in 2014 (per the Javelin report), and they had a significant impact on identity fraud – see eBay (145M customers), Target (110M customers), Anthem (80M customers), TalkTalk (4M customers), and Dropbox and Box. The study found that two-thirds of identity fraud victims in 2014 had previously received a data breach notification in the same year, with many indicating their wariness about shopping at merchants, including big box retailers.

The Yahoo! breach of over 500 million consumer identities announced this last month established 2016 as the “year of customer identity breaches” – it was the largest in history.  Most consumers might not think there’s much in their Yahoo account that would be of use to hackers, which typically might only include their email and Yahoo password. However, those two bits of information offer multiple uses for ingenious hackers bent on extracting the maximum value from information, say experts.

According to a Gartner survey, 50% of users reuse their passwords across multiple platforms. So armed with an email address and Yahoo password, hackers might be able to gain access to multiple accounts. The technique is called “credential stuffing” and it’s become epidemic over the last year and a half, said Avivah Litan, a vice president and analyst at Gartner Research. “The bad guys get lists of user IDs and password and then test them, they run through them at all the sites they want to attack to see where they work,” she says.

Other credential theft results due to “holes” found in company’s identity implementations. Back in 2014, Target’s massive data breach in the U.S. that was tracked back to December 2013 involved personal information being stolen including credit/debit card details of close to 110 million individuals. According to Cowen Group’s (a financial services firm) note to investors, criminals were able to hack into Target due to a lack of security, which was later determined to be a direct result of under-investment. Target quickly embarked on technological changes that cost more than $100 million in addition to $61 million incurred in breach related expenses in Q4 fiscal 2013 alone! Since proactive investments into things like customer identity security is a CEO decision, Gregg Steinhafel was in the firing line. Shortly after the breach, the company stated that Steinhafel and board members had mutually decided that it was time for Target to continue under new leadership.

One particularly notorious identity theft story involves one Simon Bunce, an Englishman who subsequently lost his six-figure job and became alienated to friends and family. This all happened because his credit card was used to purchase and download child pornography. Bunce, an avid online shopper, claims to only have dealt with large retailers and secure sites. Nevertheless, he was swept up as part of a massive UK anti-predator police offensive called Operation Ore. He was arrested on charges of possessing, downloading, and intending to distribute indecent images of children. His home and work computers were confiscated, along with a range of storage devices and media. As you may already have gathered, though, Bunce was innocent of these crimes. Investigators later determined that his credit card details had been entered into a computer in Jakarta, Indonesia, and that he had actually been using the card at a South London restaurant at almost exactly the same moment. His credit card details had been taken from one of the many popular online shopping sites he frequented, as a result of a data breach. Although the situation was eventually resolved, Bunce said the damage had been done. “Being arrested and accused of what is probably one of the worst crimes known to man, losing my job, having my reputation run through the mud, it was a living nightmare,” said Brunce.

External Bad Actors using Your Credentials

You may have heard something differently, but the threat actors haven’t shifted much over the last five years. Based on the Verizon 2015 Data Breach Report, internal employees and partners (typically covered by enterprise identity access management vendors) is not where the real risk lies. It’s data breaches occurring from outside or external parties.

Screen Shot 2016-05-15 at 10.43.34 PM

We find that most of the attacks make use of stolen credentials, “which is a story we’ve been telling since 1A.D”.

Screen Shot 2016-05-15 at 10.59.44 PM

With attacks making use of stolen credentials, over 95% of these incidents involve harvesting credentials from customer devices, then logging into web applications with them.

Is it Identity or Integrity of Things?

I don’t know about you, but my digital identity is one of the most important things I own. As I’m renovating my home, I’m thinking of of the all the new digital applications I can leverage….from indoor and outdoor security cameras, digital door locks, IP-connected thermostat, digital water heater, IP-connected lights, and digital entertainment center. It’s one thing to have someone hack my credentials and force me to reset my social network password, but could they also take control of my digital home?

I want my digital world to have the utmost highest level of security, ensuring that the integrity of everything associated with me and my family. So, should I worry about my identity as it applies to the digital things in my life, or the integrity of the things associated with my identity? I do know that my digital identity will  be even more important as I expand my digital world from web and mobile applications to consumer IoT devices.

When I drive home in my new Tesla S with built-in infotainment, I’m thinking about relaxing at home. I prefer my easy-listening station on Spotify around volume 5, with my home lights dimmed, and the temperature around 70 degrees Fahrenheit. That’s “Jim’s setting”. This is compared to my wife Annie’s preference for Indie Pop that would be up to eleven (if she could), with the lights bright, and the temperature around 60 degrees (I know what you’re thinking..but don’t say it!). That’s “Annie’s setting”.

We’re a “connected family”. I have two sons, Trevor and Devon, who both are heading into their teens and lets just say they don’t know what the word “analog” means.

Am I afraid of a rouge device adding itself to my network? Do I worry that someone can see my family lounging to Indi Pop through my indoor cameras? It’s definitely a growing issue, and a space that makes thousands of employees, or millions of consumers look like a small problem….trillions of internet connected things all exposed to bad actors?

I want that experience from my Tesla to digital home  to be seamless…but also safe. How about you?

Posted in Data, Identity, IoT, Security.

Tagged with , , , , , .

Chapter 17 Starts


WOW. What a ride!

I write this as I complete Chapter 16; namely, my time at CSC comes to a close.

Infochimps, a CSC Company

I think back to the day I called Mike Lawrie, CEO of CSC, back in June 2013. I was the CEO of Infochimps, a Big Data Cloud company.

Me: “Mike, I’m looking to expand my board as we prepare to close our Series B financing.”

Mike: “Jim, I can’t take any board positions myself. I’m busy with CSC. What is it you guys do?”

As I explained my fledgeling startup business, it became clear to me that Mike and his senior team were investing into Big Data, the space I was disrupting.

Mike: “Jim, you need to talk to Dan Hushon, our CTO. It sounds like what you’re doing in building out a network of datacenters with Big Data analytic services is exactly what we need to do with our 50 CSC datacenters.”

Me: “Sorry Mike, you’re too big. Talk  to me in two years.”

Having done this several times, I knew that big companies don’t always partner well with small companies. Fast forward to my discussion with Dan Hushon. He and I aligned around the use of SUPERNAPS (datacenters that are certified Tier IV in both design and facility categories) to deploy data analytics services to Global 3000 customers who had already begun their journey in datacenter modernization, consolidation and datacenter outsourcing. The idea of co-locating our analytics services with the data already housed in CSC’s datacenters made sense. But, I was still not sold on working with CSC.

Dan: “You guys are doing exactly what we need to do. How can we work together?”

Me: “Forget it. I told Mike the same thing. Talk to us in two years. We’re closing a round of financing. Let us ramp a bit and we’ll reengage later.”

Dan: “We should just buy you.”

After that comment, the CSC chapter began. I had realized quickly that we had positioned ourselves perfectly in the market and that it aligned 100% with CSC. We were acquired by CSC August 5th, 2013, with our focus on disrupting the CSC client base with a new Big Data Platform as a Service offering.

I had created a carefully architected 6-month integration plan that started with partnering with CSC for one quarter, followed carefully with the integration into their Big Data & Analytics business unit in the second quarter.

Big Data & Analytics

After a successful integration of Infochimps, I was ready to leave. I had finished my job establishing Infochimps as the engine for the BD&A business unit growth (we exceeded 50% YoY), adding the Big Data Platform as a Service to its offering mix. The various business functions of Infochimps were carefully assimilated into their corresponding BU business functions – marketing, sales, consulting, delivery, offering/product management, etc. Then it came time for my next conversation with Mike at a CSC sales conference in May 2014.

Mike: “I understand you’re ready to leave.”

Me: “Yeah. I’ve completed my integration. It’s time.”

Mike: “I have another idea. How about you run the Big Data & Analytics BU for me?”

Me: “Why me Mike? My profile is more aligned to being the CEO of an emerging company. I’ve finished my job here.”

Mike: “Our biggest challenge at CSC, moving forward, will be it’s culture. I need leadership that understands how to energize the workforce with vision and execution that helps us shift from ‘optimizing’ to ‘growth’.”

Me: “Shifting from the ‘old CSC culture’ to the ‘new CSC culture’….from ‘optimizing’ to ‘growth’….hmmm. Ok, I’m in.”

I then spent the next 18 months leading the fastest growing segment of CSC. I was a part of Mike’s executive management system for the entire time, and this turned out to be one of the most amazing experiences an executive could have.

People, in general, have inflection points in their careers, being influenced by an individual/mentor, a significant event in the business, something life-changing. Well, I’d put this experience in that category.

I’m still amazed with Lawrie’s management system which facilitated one of the most amazing turn-around one could witness first hand. Taking over a company that had many silos globally with virtually no visibility into their businesses, 15 layers with over 370 VPs, no money on the balance sheet, bad credit….a company that was, essentially, near bankruptcy. I can imagine the conversations with the Board when Mike first came in. If I had been a fly on the wall, I could imagine hearing:

“I give us a 25% probability of turning this around.”

The stock went from $27 at the time of his announcement to an all-time high of $70 just before the split of CSC and CSRA. Mike managed to reduce management to just 8 layers, reduced some 370 VPs down to 70, 50 of which who were new,  replaced the entire senior team, put $2B on the balance sheet, and then delivered 9.5% EBITA with renewed credit ratings. Every business function inside the company was reinvented. CSC’s market cap went from around $4B just before he took over  to over $9.8B by the time of the split. He and his new senior team created almost $6B in shareholder value, which is not achieved by many.

Witnessing the CSC transformation as part of his senior team is also not experienced by many – this was not only an opportunity, it was a privilege that I didn’t take lightly.

Digital Applications

As my contributions to the BD&A business within the Emerging Business Group (EBG) came to a close in August 2015, I was, once again, planning my departure….my second attempt to leave.

At this time, Mike and members of the senior team where planning to combine two parts of the business, that later became the Digital Applications business. I was approached by two of Mike’s EVPs – Jim Smith, EVP of Global Business Services, and Dave Zolet, EVP of the Americas Region. As I saw it, I could either leave to lead a mid-size company as its CEO, or accept a new challenge at CSC and work for a couple dynamic EVPs. Long story short, both Jim and Dave convinced me to help them.

Jim Smith: “I want to work with you Jim. Help us with the largest square in the business.”

David Zolet: “The Americas is the largest region in the world, and the new Digital Applications business will be the most important line of business.”

In September 2015, we were tasked with combining what previously was the Enterprise Software Consulting business with CSC’s Applications Delivery business – a combined $2B business globally and $1B in the Americas.

Bumping into Mike in the hallways at the corporate offices in Falls Church, Virginia, Mike catches me talking to the head of Digital Application HR talking about….yeap, my favorite topic: Cultural change.

I had just finished with my offsite with my senior team in the newly formed Digital Applications organization (over 35 direct reports). I’m giving the head of HR my typical cordial hello….in this case a hug, talking about organizational changes which I was pondering for Q4 (the new business unit was being created through Q3 and I needed 3 months to get the “house in order”).

Mike approaches and he mimics the HR VP and me by putting his arms out. So why not, I turn and give Mike a hug as well, suddenly feeling awkward. If you have worked with Mike, you’ll appreciate it when I say, this was probably a first (at least publicly). In any case, Mike and I have a brief  exchange:

Mike: “We’re counting on you. You have a huge challenge on your hands.”

Me: “I know. I won’t let you down.”

Well, Mike wasn’t kidding. I had 7,000 challenges on my hands. That was the size of the team, and we needed to come together under a new suite of application services that aligned with our customer’s need to manage their portfolios holistically.  The main application platforms, of course, included legacy on IBM, SAP, Oracle, and Microsoft; as well as emerging next-gen enterprise SaaS applications using Workday, Salesforce, and ServiceNow. “All we needed to do” was “simply” rationalize every one of our customers’ application portfolios to determine what to replace, rebuild, refactor, rehost, revise, or retire.

Application portfolios varied in where they fell in their  life cycle and what platform they were deployed on, and it was definitely a challenge on how to rise above the technology and focus on the application rationalization. However, that wasn’t the real challenge in the business. The real challenge was that my business was predominantly time & material (“staff aug”) across over a 100 of the fortune 500 in the Americas. We were essentially in the business which I described as “Talent Solutions”.

This meant that our largest near-term opportunity was to improve our ability to recruit, onboard, and place talent into our existing accounts. But not just place “talent” but place the “best talent”. I figured that if I could grow the staff aug business by 5%, we could have the same business impact as growing the consulting business by 20%. As many in the business know, growing a headcount business by 5% differs quite a bit when compared to creating a differentiating C-suite consulting services and growing by 20%. And, in the end, the reality is that we needed to do both.

Fast forward to the end of Q3, we managed to get line of sight to as much as 12% growth in the core business (not counting customer terminations or, in general, one-timers). Everyone understands that customer happiness = protected base (e.g. no terminations, no completions without follow-on work, no price-downs, etc.). So, besides the typical operational hygiene improvements, we focused on the real jewel…the breakthrough opportunity.

If we inspired our workforce to embrace a culture of creativity, innovation, “glass-half full” thinking, we could, in term, inspire our customers. Our customers would begin thinking that the culture of CSC was becoming more aligned with their success. This meant moving from a position as a “vendor” to a position as a “strategic partner”. In some cases, this meant that we would have to “fire the customer” and get out of a “race to the bottom” offshore $/hr battle with Indian pure plays. This wouldn’t be easy, because it meant leaving revenue on the table (but it meant leaving low, if not unprofitable revenue on the table).

By the end of 3Q16, the Digital Applications team came together and took this from concept to reality….and customers began to notice, accounts began to see us differently. In fact, we began to see ourselves differently. If you’re curious, listen in on CSC’s report for the third quarter 2016, Tuesday February 9, or IDC’s point of view in “CSC 3Q FY16: Quarterly revenue down 10.2%, operating income margin down 60 basis points — Meet the new CSC…same as the old CSC?

Why Chapter 17?

So why leave CSC now? The momentum sounds positive, and the experiences great. Well, I come back to the culture. Remember when Mike said, “Our biggest challenge at CSC, moving forward, will be it’s culture.”? As I reflect on this for any company, CSC or otherwise, I can’t stop thinking about the difference between management and leadership…or managers and leaders. I digress only a little.

The main difference is that leaders have people follow them while managers have people who work for them. The manager’s job is to plan, organize and coordinate. The leader’s job is to inspire and motivate. In his 1989 book “On Becoming a Leader,” Warren Bennis composed a list of the differences:

  • The manager administers; the leader innovates.
  • The manager is a copy; the leader is an original.
  • The manager maintains; the leader develops.
  • The manager focuses on systems and structure; the leader focuses on people.
  • The manager relies on control; the leader inspires trust.
  • The manager has a short-range view; the leader has a long-range perspective.
  • The manager asks how and when; the leader asks what and why.
  • The manager has his or her eye always on the bottom line; the leader’s eye is on the horizon.
  • The manager imitates; the leader originates.
  • The manager accepts the status quo; the leader challenges it.
  • The manager is the classic good soldier; the leader is his or her own person.
  • The manager does things right; the leader does the right thing.

In short, I aspire to lead. Thus, it’s finally time. I’m off to Chapter 17, which will have much more leadership than management in it. The ride was great, but it’s time to get back to disruption and it’s time to thrive with leadership.

Make sense?

For those interested. Here is a recap of my “chapters”:

Posted in Leadership.

Tagged with , , , , , , , , , , , , , , , .

2015 Big Data Startups


The following were a few  Big Data companies that I was keeping an eye on starting back in January of 2015  (yeah, this is NOT a statistically significant sample)….some for “old times sake” because I new the founding team and was curious how things were progressing, some because I trust their venture capital partners, and some because they inspire me with an application of the technology that is meaningful (I’m tired of hearing about yet another “Big Data Platform”).


Founder(s): Christopher Nguyen, Mike Bui, Tony Do
Headquarters: Sunnyvale, CA
Type of business: Data Intelligence for All
Adatao is Big Data 2.0, enabling the convergence of business intelligence, data science and machine learning directly on top of big data. Adatao is leading the Big Data 2.0 charge by making it easy for business users, data scientists and engineers to collaborate on data analytics. Their vision is to deliver Data Intelligence for All.


Founder(s): Todd Papaioannou, Jonathan Gray, Nitin Motgi
Headquarters: Palo Alto, CA
Type of business: Big Data Application Development
Cask (originally called Continuuity) makes it easy for any Java developer to build, deploy, scale and manage Apache Hadoop and HBase applications in the cloud or on-premise. Continuuity Reactor, its flagship product, is the industry’s first scale-out application server and development suite for Hadoop. Continuuity Reactor empowers developers to focus their efforts on the development of the application by abstracting the complexity of Hadoop components and exposing the power of Big Data in a simple and intuitive way.
Founder(s): Prat Moghe
Headquarters: Waltham, MA
Type of business: Enterprise Big Data as a Service
Big data is too hard and too slow. Enterprises need big data on demand. Cazena was founded by former Netezza leaders with a mission to radically simplify and speed up access to big data, allowing much faster business outcomes at a fraction of the cost. Cazena is backed by Andreessen Horowitz and North Bridge Venture Partners.

ClearStory Data

Founder(s): Sharmila Mulligan, Vaibhav Nivargi
Headquarters: Menlo Park, CA
Type of business: Big Data Analytics
ClearStory Data’s solution is a new data-intelligent analysis solution that eases and speeds disparate data analysis enabling fast blending and convergence of data from internal and external data sources for holistic insights. It enables more disparate sources to be accessed, converged and analyzed without requiring deep IT skills, data experts or data manipulation. End-users visualize, interact, and collaborate on insights in real-time to speed data-driven decisions. ClearStory’s customers are G2000 companies that need fast-cycle, multi-source analysis to answer new business questions that span more sources of data.
Founder(s): Ion Stoica, Matei Zaharia
Headquarters: Berkeley, CA
Type of business: SaaS Data Platform
Databricks is building next-generation software for analyzing and extracting value from data. Databricks is led by a team of professors that has created the in-memory Apache Spark and Shark platforms for analyzing big data. Databricks is currently in stealth mode.


Founder(s): Wes McKinney, Chang Shellhammer
Headquarters: San Francisco, CA
Type of business: Visual Data Analytics
DataPad is building an agile, collaborative tool that helps you prepare, explore, analyze and share your data. By building on years of perceptual research studies, DataPad is engineering a visualization system that is best suited for human eyes to see and for the brain to understand. With DataPad, finding insights in your data is a breeze: our smart defaults and intelligent tools help you choose the right visualization for the job, every time. DataPad went from being in stealth mode to becoming a part of Cloudera.


Founder(s): Roman Stanek
Headquarters: San Francisco, CA
Type of business: Business Data Monetization
GoodData, the leader in end-to-end cloud analytics, enables more than 35,000 companies to store, combine, analyze and visualize data to quickly answer business-critical questions. GoodData’s mission is to help companies become all data enterprises: organizations that gain a competitive advantage by leveraging all data through advanced analytics. The GoodData Open Analytics Platform helps companies manage and analyze that data in one seamless, interactive environment and create breakthrough applications to empower their customers and users.


Founder(s): John Stockton, Ari Tuchman
Headquarters: Menlo Park, CA
Type of business: Big Data Customer Intent
Quantifind is a marketing insights platform that leverages predictive analytics models to extract insights from large sets of consumer conversations. Quantifind finds consumer language patterns that are meaningful in driving sales or other key performance indicators (KPI) for brands. The technology evaluates thousands of consumer language patterns and calculates which ones are most likely connected to movement in a given brand’s KPIs. The technology then determines which patterns can be used in a predictive model and performs cross-validation techniques to rule out spurious correlations. Quantifind’s Signum platform can help major consumer brands guide brand strategy decisions. Today, Quantifind’s clients use Signum across their organization spanning marketing, product, ops and company-wide strategy.


Founder(s): Suhail Doshi
Headquarters: San Francisco, CA
Type of business: Mobile & Web Analytics
Mixpanel’s mission is to help the world learn from its data. They’ve built the most advanced analytics platform for mobile and web, growing the number of actions they analyze to over six billion every single month. Mixpanel’s platform empowers individuals and businesses to explore their data instead of reading canned reports. Every day, some of the leading companies in gaming, e-commerce, social networking, and media are surprised by what they learn from Mixpanel and ultimately are in a better position to make strategic decisions.


Founder(s): Ben Werther
Headquarters: San Mateo, CA
Type of business: Big Data Analytics for All
Platfora is the #1 Big Data Analytics platform built natively on Hadoop and Spark. Platfora puts big data directly into the hands of business people through self-service analytics that help them uncover new opportunities that were once impossible or impractical across transaction, customer interaction and machine data. An interactive and visual full-stack platform delivered as subscription software in the cloud or on-premises, Platfora Big Data Analytics is creating data-driven competitive advantages in the areas of security, marketing, finance, operations and the Internet of Things for leading organizations such as Citi, Sears, AutoTrader, Disney,, Opower, Riot Games, Vivint and TUI Travel.


Founder(s): Mark Kaganovich, David Caplan
Headquarters: New York, NY
Type of business: Big Data for Bioformatics
SolveBio delivers the critical reference data used by hospitals and companies to run genomic applications. These applications use SolveBio’s data to predict the effects of slight DNA variants on a person’s health. SolveBio has designed a secure platform for the robust delivery of complex reference datasets. We make the data easy to access so that our customers can focus on building clinical grade molecular diagnostics applications, faster.


Founder(s): Jessica Richman, Zachary Apte
Headquarters: San Francisco, CA
Type of business: Big Data for the Microbiome

uBiome provides personal metagenomics (bioinformatics analysis) for the microbiome – the trillions of bacteria that compose much of your body. Unlike human DNA-based genomics, bacteria can be used as biosensors to monitor and change your health. uBiome is building a platform so that the public, clinicians, research foundations can ask and answer questions about the microbiome and helping us to build the world’s largest dataset of microbiome and metadata in the world which can then be used for diagnostics, therapeutics, and product development. uBiome is the first direct-to-consumer microbiome sequencing company, giving citizen scientists access to cutting edge sequencing technology, with thousands of users who have already purchased kits. They also help companies and institutions connect with research participants by working with the public to sequence their microbiomes.

Posted in Data.

Tagged with , , , , , , , , , , .