Episode 149 | AuditShark and Drip Updates

• Facebook
• LinkedIn
• Twitter
• Email

Show Notes

• Drip
• AuditShark

Transcript

[00:00] Rob: In this episode of Startups for the Rest of Us, Mike and I are going to be talking about launch dates for Drip and Audit Shark. This is Startups for the Rest of Us: Episode 149.

[00:09] Music

[00:17] Welcome to Startups for the Rest of Us, the podcast that helps developers, designers and entrepreneurs be awesome at launching software products, whether you’ve built your first product or you’re just thinking about it. I’m Rob.

[00:25] Mike: And I’m Mike.

[00:26] Rob: We’re here to share our experiences to help you avoid the same mistakes we’ve made. What’s the word this week, Mike?

[00:29] Mike: Well I kind of wanted to address some comments that were on the podcast blog from episode 147. There was a lot of discussion there. Some of it was based on Audit Shark and what’s been going on with it. It said basically Mike and Rob as co-host is just ignoring what’s going on, pretending everything is fine when Audit Shark hasn’t even been launched after several years. 50 so I kind of wanted to take a couple minutes and address that issue. I think it’s only fair to address it for the listeners.

[00:56] Rob: Yeah. Fire away.

[00:57] Mike: I don’t want to go too far into the details just because they’re not entirely relevant but at the same time one of the things that I haven’t really been forthcoming about on the podcast is that there’s a medical issue that I’ve been dealing with for the past several years which has severely impacted my ability to work on the product. There are some things around motivation as well that are associated with this medical issue.

[01:10] It was probably about I’d say three weeks ago that I was actually diagnosed with it. I’ve been going to a doctor for a couple years trying to figure out what’s going on, finally switched doctors and it was probably only two or three visits and a couple of tests and they were able to pinpoint it. Right now I’m on treatment for it that is a radical change if nothing else.

[01:38] Rob: Right. It was all kinds of symptoms that have impacted your ability probably not only to work on AuditShark but on your consulting contracts I’d imagine to get a lot of stuff accomplished.

[01:49] Mike: Yeah. I mean it’s totally been severely affecting my life in general. You’re encountering the same symptoms over and over and the doctor you’re seeing says oh, I think you should do this, this and this and you do those things and it doesn’t help. And he’s like well you’re not doing them enough. You’re its like there’s something else going on.

[02:04] So, eventually I just decided okay I need to go see somebody else and I did and like I said, I figured out what the problem is and I’m on treatment for it already and things are going extremely well. I mean literally the very first day of treatment, absolutely radical change. I don’t think this is the sole contributing factor. I think it’s a major contributing factor but not the only…

[02:21] Rob: Right. I think that’s important. I mean specifically you emailed me and one of the things you said is I’m not sure I want to talk about it because I don’t want this to turn in some kind of pity party and I don’t want people to think I’m scapegoating this health issue. I would’ve launched Audit Shark years ago if I didn’t have this health issue going so I think we should be clear that’s not what you’re trying to do here.

[02:42] Mike: Like I said, I feel it has been a major contributing factor but it’s certainly not the only one. One of the big things is obviously with AuditShark it’s clearly a much bigger product or project that I would not necessarily advice people going after for their first or second time out but it’s a huge, huge product. There’s a lot of moving parts. It’s very complicated and it’s just hard to put certain things in to focus for everybody in general and make it understandable.

[03:08] Rob: Let’s throw out a couple of mistakes that you’ve admitted to me and I’m sure I will have no problem talking about on the podcast. Bit off, probably a more complex product than you originally thought it would be like I’d bet in your head when you first started you said I’m going to run some auditing stuff and this can take me a few months to cobble together and then if you spent 1,000 hours working on it, it’s probably larger than you originally envisioned.

[03:30]Mike: Definitely. One of the things I did was I built a command line version of it first and that did not take me all that long to do. I was like this is going to be easy. This isn’t going to be very difficult to put something together that I’m going to be able to push out and its going to be a short timeline to get it out to market. And that turned out to be completely not the case and I made several mistakes. I started delving into a bunch of different technologies that I just wasn’t familiar with, I’ve never worked with them before. Windows Azure was one of them, SQL Azure, WCF services.

[04:00] Right now we’re kind of steeped in the middle of MVC and all these other things that are associated with it. They’re all things that I’ve never worked with before and it’s hard to estimate how long something is going to take when you’ve never done it before, anything you’ve been remotely close to it. I’ll be honest, those were just huge mistakes I would say in terms of the implementation, are they the wrong decision ultimately? I don’t think so but they certainly contribute to the amount of time that it’s taken.

[04:25] Rob: Yeah. I think they contribute. You can look at that as maybe mistake number 2 is like you’re going to build a new product and then you’re also biting off the learning curve of multiple technologies at once. They’re probably the right technologies for the job. I think in the end like you said it’s the right decision but it just meant that you spent 2, 3, 4 X what you would’ve spend if you were using the tools that you already had experience with.

[04:46] Mike: Definitely. That’s probably an underestimate.

[04:49] Rob: Yeah. I think another misstep was kind of your early focus on banks and financial institutions. You had some leads there. You talked to a few banks but when it came down to it and you finally had an app that really worked, the sale cycle was going to be really long. There was just a lot of complexity and you needed a high price point to sell into them and so you needed a much, much – I’ll say a much more valuable app. You need an app that provides a lot of value if you’re going to sell it for $10,000 or $20,000 a year than if you do if you’re going to sell it for $500 a year.

[05:16] Mike: Right. Some of it was my own fault for not asking the right questions once I was in there but even in discussing with them they’re like oh well that sounds like a great idea and I’d be interested to see how it goes. But they were more interested I found out later, they were more interested in finding out about how my business worked and how I did it because I was a local entrepreneur. It wasn’t that they were actually interested in solving their own problems. It was they wanted to know how it went because I was a local entrepreneur in their area and it had nothing to do with solving problems.

[05:46] Rob: Right. So if someone’s out there listening now and they probably have heard a lot of the steps over the past few years that you’ve talked about AuditShark, I still get questions. People come up to me at MicroConf and other conferences and say what is Audit Shark and what does it do? Can you explain it in one sentence in a way that I would understand and someone who’s not steeped in security really understands what it does like the simple value proposition. Not the engine behind it, but the value prop.

[06:17] Mike: Sure. So AuditShark allows you to get a second set of eyes on your server that essentially looks at all of the important things that you should be looking at from a security perspective but you probably aren’t for two reasons. One is you don’t know what you should be looking at and two, there’s just so much stuff that you should be looking at that it’s just not worth becoming a security expert to go look at it.

[06:38] Rob: Right. So you sent me this document. The reason I’m asking these questions is you and I have a conversation offline hashing through all this stuff and you sent me a document from cisecurity.org which is like a self funded or a nonprofit that sets up all these agreed upon security checkpoints. So if you have a windows 2008 server, maybe there are 250 different things, knobs that should be checked and they should be set to a certain thing in order for that server to be secure.

[07:02] What AuditShark does is you install it on your server, you install a little client piece on your server and then AuditShark has a web admin that I can log in and I can look to see if everything’s setup correctly. And if it’s not, you’re going to show me, at least give me a little bit of information. This where the remediation part comes in that you’ve talked about. You’re going to give me at least a little bit of information about how I should proceed to go on and fix that.

[07:27] And you’re going to have an up sell where I should be able to subscribe at a higher level or pay you a one off thing to have you or someone like another security expert on your team come in and fix that. Is that correct?

[07:39] Mike: Yeah. That’s pretty accurate.

[07:40] Rob: Okay so that’s your value prop today. So this is the thing that I haven’t understood because you’ve talked about like building your rules engine – this is like 18 months ago. Talk about how you had to get your roles engine built. And that didn’t make sense in the context of just this kind of vague auditing thing. But now that we’re really talking about nuts and bolts of what AuditShark does it’s like oh I get it, the rules engine really just looks at your control points. That goes out and looks at is this bit flipped in the registry or is this port closed or whatever. Is this security setting appropriate?

[09:09] So not only did you build the rules engine, then you went to the cisecurity.org document and you took the things they recommend and you implemented those in Audit Shark. So that the value to Audit Shark to someone like me like the Numa group or another small Saas app is not that I can install an auditing tool. The value is that you’ve pre-programmed all of the specific checkpoints in so that I don’t need to know about security. I can run it, get a report and then either fix the stuff myself if I know how or hire someone to do it.

[08:39] Mike: Exactly and it will give you a score essentially. Let’s say that it runs 250 different control points and you pass 200 out of 250. Well there’s some percentage compliance score that you’re going to have based on that. And you may go trough those extra 50 and say well, this applies or this doesn’t and you can mark them as exceptions or something like that. But basically you can boil that down to a score that says I am 85% compliant according to this policy and over time, your goal is to raise that from 85% to 90% to hopefully close to 100%. I mean there’s certain things you’re not going to do for business reasons and I’ll give you a very specific example.

[09:18] One of the recommendations that they generally have is don’t install a web server on the servers on your environment. It’s like well if you’re running a web server you kind of have to install a web server on the machine. So there are certain things you’re going to just blatantly ignore and you’re going to say I don’t need to listen to this because it’s not important and I have business reasons for doing what I’m about to do.

[09:37] Rob: Okay. So you said you’ve figured out this health issue hopefully and you’re hoping kind of the treatment that you’re on is going to sustain you and your motivation is going to stay up. You’ve been cranking on it for three weeks. What have you gotten done on the past few weeks and where does AuditShark stand today like a realistic assessment of what needs to get done to get it launch?

[09:58] Mike: Sure. I’ll give you a rundown of the things that I’ve done over the past couple weeks. I started getting familiar with Facebook ads and is it just me or the more ads you run, the more they bump up the suggested…

[10:10] Rob: I haven’t seen that. I’m wondering if you run them with different times with the same demographic, sometimes you’ll have other competitors that will bump up or are you using the demographic or have you changed that at all?

[10:20] Mike: I’ve changed the demographic a little bit but on one of them I was running every time I went to save it and this was throughout the course of an hour or two. Every time I went to save it, they would bump it up.

[10:31] Rob: Yeah. I’m not sure to be honest. I’d have to look. Now if your click through rate is going down, every time you click through rate goes down as it decreases, the minimum bid will bump up.

[10:43] Mike: I haven’t paid attention to how much it went up or down. I think it’s actually gone up so I don’t know. I’ve started exploring the Facebook ads. I created a Facebook page so I could actually do paid advertising on Facebook and get it into the news feed area.

[10:58] Rob: The news feed ads are doing a lot better than the right hand side stuff.

[11:02] Mike: yeah. I got very, very little traction on the right hand side. It did show some of them but the click through rates were abysmal. So I didn’t even bother.

[11:11] Rob: So you’re running Facebook ads to do what? Are they going to like an Audit Shark landing page to collect an email address to build a launch list?

[11:16] Mike: Yeah. I actually have two different landing pages that I setup specifically for this and basically I’m funneling people in to those two. I’m testing a couple different marketing pitches kind of for the tag line to see what resonates with people. I tried targeting just computer programmers and that did not work out. That thing just tags hardcore. People click through but they wouldn’t actually convert. I literally got zero people converting to the point I was like well is there something technically wrong that’s preventing them and I couldn’t find anything so I think it’s just the wrong demographic. They’re not interested.

[11:48] So I targeted pretty much every single security related interest that you could find through their specific interest area. I’ve got about a 30% conversion rate when people hit that page so it’s doing I think reasonably well. I did an HTTPS redirect on the page which messed up all of my referral conversions for kiss metrics so I had to undo that. I was thinking well it’s a security product. I should probably make it HTTPS and then anyone who hits it, if it gets flipped over to HTTPS then it messes up the referral. So kind of small mistake there.

[12:25] I also got AuditShark featured on beta list a couple days ago. That drove in a bunch of subscribers on the launch list. I’d say in the past 30 days or so I’ve roughly doubled my launch list. I want to triple it again before the end of September but I haven’t quite figured out how I’m going to go about doing that.

[12:41] Rob: I think paid acquisition if you want to do it that quickly and I have some other ideas for you not Facebook that I think could work well with AuditShark.

[12:49] Mike: But I am committed to actually putting forth a good effort to try and make that happen. Right now I’m working with the new UI design with my lead developer and I’m cautiously optimistic that we’ll be able to actually have it not only in place but on the build server and being pushed out directly through the web by the end of this month.

[13:07] Rob: Right. And just to clarify them, you wrote a new UI because you’re using 3 or 4 year old technology that was clunky and the legacy code was making it very hard for you and your team to build new features so you basically re factored your UI and that’s done and you’re launching that.

[13:24]Mike: Right. The other thing is that over the past four weeks, traffic has consecutively every single week been higher than it was the previous week. Now it looks like it will be higher this coming week. I don’t know for sure but it depends on what other things that I do.

[13:37] Rob: Right. okay so that’s what you’ve done in about the span of three weeks which is probably more than you had done in maybe the few moths prior to that.

[13:42] Mike: Right. That’s an understatement I think.

[13:45] Rob: Okay you’re rolling again and you’re ready to get this thing going. Where does AuditShark stand? How soon can you launch it and what’s left to get people using and paying for AuditShark?

[13:57] Mike: So I have a signup page that’s in place where I’ve sent the URL to a couple people to sign in, install it on their servers. As I said before I got some people using it for early access. The biggest complaint that I’ve seen so far is that there’s no instructions on how to remediate things. So if you look at the reports and it says X is wrong then how do I fix that? The UI doesn’t give any indication of how to do that. You basically have to go back to the policy builder or you have to go back to the reports from the source of where these control points are from.

[14:28] It’s not going to work for the customers. Essentially what I did was I went back to the policy developer and I said hey I need you to start putting these in. He put a bunch of them in. It started working out and then something busted on the policy builder and it took a few days to get that fixed. Right now it’s fixed and I’ve told the policy developer he should be able to go back in and start adding those in. Right now he’s only got 5 out of about 500 done but I’m hoping he’ll be able to go back through the rest of them and put those in place such that when the policies execute against the machines that the customers are running then they’ll be able to see in their reports exactly how to fix these things.

[15:01] Rob: Got it. So that’s where you stand today. You need to get this new version out and do you think you’re going to have it done in the next week and then is that it? Are you all integrated with stripe like you have a sign in page where its going to put a credit card token and all that stuff. All that code’s written?

[15:18] Mike: All that code is written. We ran into a slight problem where somebody couldn’t sign up for early access because Stripe was denying it but it turns out that…

[15:27] Rob: I’ve seen that too. That’s not your problem. I’m seeing that not all over the place but especially with international cards, really get problems with Stripe.

[15:35] Mike: That’s exactly what it was. What happened was the card was entered and then the bank denied it. They just blocked it and the person in the early access didn’t really know what was going on. They said well I tried it and gave him another fake card to use and they were able to get in and actually install it and start working with it and it was probably a week or two later they said hey by the way just to let you know this is what happened and it turns out that their bank has locked the account and locked all other things that they were using it for.

[16:03] Rob: Yeah. We haven’t seen it that bad but I definitely seen one or two people trying to get in. It was our post early access. It was the actual mini launch and we’re still dealing with their bank trying to get them to approve the charge. So you setup on the payment side then. So is there much else to do? Could you flip the switch? Let’s say you get this version two UI live next week. Are you going to launch next week or what’s holding you back?

[16:29] Mike: I’m trying to get the marketing message right. I really want to try and figure out exactly the type of people who I guess would be the initial core market. What tag lines resonate the most with them is really what it comes down to. Because in between the two that I’ve done so far, one of them clearly resonated but I think that the other one was on the wrong demographic. Right now I got them both targeted at the same demographic and I want to test to figure out which one would resonate more so I can do more paid advertising and paid acquisition. But beyond that, there’s not a lot that’s stopping me from just kind of flipping the switch other than the marketing side.

[17:02] Rob: Right. You want to make sure that if you send people to the site that at least a few of them are going to convert into trials. Right? That you’re communicating it well. Now in terms of your early access list, I know you have a launch list and you have some people who you have let in and are using the app. Is it at the point where you think that people will be willing to pay for it as of next week when the new UI comes out? Or do you think that there still more has to be done with remediation in order for it to be worth X dollars a month to folks who are using it?

[17:34] Mike: The remediation  information has to be there. I don’t think that it’s a viable product without that remediation information there and that’s reliant upon my policy builder putting that stuff in there. I can certainly talk to them. I probably will and say hey, can you really make an effort to get as many of these possible as you can in this week and next week? Then I’m sure he’ll be able to do that that’s not going to be too big a deal.

[17:55] But its going to take him time. I mean there’s 500 of these things and he’s got to go into every single one of them individually, look it up on the PDF and say okay well what is it that needs to be added in?

[18:06] Rob: Right. 500 control points. Right? 500 settings that you’re checking across two different OS’s like Windows server 2008, Windows server 2012 and you’re checking all these points so you have to basically have some simple instructions on how to fix that or at least resources.

[18:18] Mike: Exactly.

[18:20] Rob: Got it. So sounds like from what you’re telling me is you are honing in on a launch like a true point where people can sign up, use AuditShark and that you think you’re going to be providing enough value that some people will start paying for it very soon.

[18:34] Mike: Yes.

[18:35] Rob: Got it. So MicroConf Europe is coming up in just under a month. You think you’ll launch before then?

[18:41] Mike: I would like to. The question is kind of time…

[18:43] Rob: What are you big risk that are going to keep you from launching here in the next – it sounds like 2 to 3 weeks is the window you’re talking about. What’s going to keep you from doing that?

[18:55] Mike: Right. I think the biggest risk that I face right now is how long its going to take to get the build server to push the new version of the code because it’s a completely different repository. So I’m going to have to reconfigure a lot of different things. And I’ll probably have to basically build a new build script for that to push that out. It leverages all the same data underneath so I don’t have to worry about inconsistencies there because we didn’t make any structural change. It’s basically just a new GUI over the top of it.

[19:21] But obviously I’m going to have to touch base with the early access people and say hey, just letting you know all these stuff has changed a little bit. It’s just going to take time to verify that just because there’s so many moving parts. There’s a bunch of different libraries. There’s the policy builder to which is self updating. There’s the agent which is self updating. I need to make sure that all of the interactions back and forth between work as well as all the self updating capabilities because that’s one of the key pieces that makes AuditShark easier to use so that you don’t have to go in and constantly  update the agents every time there been a new build.

[19:51] Beyond that, there’s also a risk with adding all the remediation information. It’s not really a risk so much as it’s how long is that going to take and I don’t know what the answer to that is because of m contractor. He’s not full time. It’s not like he’s doing this every single day for 40 hours a week. So he’s only been able to put in probably 10 to 12 maybe 15 hours a week on any given week and I don’t know how long its going to take him to do all of those.

[20:14] Rob: Kind of thinking out loud here because we haven’t talked about this part but there’s this interesting question of is it more important to get to launch to where people can publically sign up or is it more important to get to where people are paying you for something in private? You know what I’m saying? Because if you think about how I did Drip, I did the ladder. Though we still haven’t launched. And yet I have 100 people in there trying it out. I have a handful of people paying for it and so I would almost…

[20:41] It’s funny that in the comments that we’ve seen there’s always this push towards launch like when are you going to launch it? I would actually say not when you’re going to launch it but when are you going to get that first paying customer? When are you going to get that 10^th paying customer? Those are more important than having a public web page that someone can come and sign in and download Audit Shark in my opinion.

[20:58] Mike: I totally agree. It’s definitely important for me to get to the point where people are paying for it because that means they’re seeing value out of it and if they’re seeing value out of it then I can essentially backtrack and say okay well why are you seeing value out of it? And then take the words and phrases of why they’re seeing that value and use those to get more people who would also see that value.

[21:18] Rob: Right. It sounds like you could feasibly – in theory, if you were to go crazy, you could send out an email tomorrow, dear launch list, you could start running ads tomorrow and you could just send people in. They could sign up. They could give their credit card and you’re all set up to do that. They could download it. They could install it and it would do something. It actually audits their server and it tells them hey these things are wrong. And you could say look at me, I launched. But what does that do? Right.

[21:43] It doesn’t do anything because you probably know those people are going to pay because you’ve launched without the value that you need to provide in order to charge someone. And so it sounds like getting the remediation piece in there, that information in there so that people actually hopefully at that point are willing to pay, and I think that’s maybe a bigger risk than anything else you named I think. You named getting V2 UI out and I think you’re going to do that. I have no doubt you get technical issues, I know you can handle. Less than a week that will be done.

[22:14] I bet that remediation stuff will take a couple weeks like you said. The biggest question mark in my mind is once you get remediation in and will then that be enough value for people to pay because if it still isn’t then you have to think about it more. That’s where you have a big question mark of what can I do? What can AuditShark do to make it worth the monthly fee?

[22:37] Mike: Right. And actually that kind of leads back to what I mentioned a couple weeks ago in an episode where I said I’m really thinking about going with a hybrid solution where I’m essentially offering security as a service or to people such that when AuditShark finds something I can go in and then essentially analyze to figure is this applicable to your environment? Is it going to be right for you to do? How do we actually go about remediating this?

[23:02] Because right now, AuditShark is really just an information tool. It tells you the information. It doesn’t actually do it for you but there’s this concern. Obviously these are production servers that people are using. Do you go in and you just automatically fix something? If you find something that’s busted, do you undo it do you bring into compliance and it’s a very hard question to answer because it depends a lot on what you’re looking at.

[23:27] Rob: Yeah.

[23:26] Mike: Even if it’s a new user, oh, well somebody created this new user so they could run a service account for this new software that they installed. And then if I delete it then it just breaks that software. And if it was something they were legitimately using, then of course that’s not going to be a good thing. I could disable the account but I’m still going to break that piece of software that they installed.

[23:43] Rob: Yeah. I don’t see any way that you can just automatically do things like that on a production server. I wouldn’t install something on a production server that did that, that actually made changes without me understanding what it was doing.

[23:56] Mike:And the question that I’ve actually talked to other people about it is would you feel comfortable with a system where it allows you to do that? So like for example there’s this thing that’s wrong and maybe it just gives you a big red button that says this is wrong would you like to fix it? Do you click that button?

[24:12] Rob: I think there’s got to be more info though because fix it, what does fix it mean? That means revert it to what this security doc says it should be but what if I have it that way so that my connection to XYZ, API works or so that a certain piece of software works. I just think there are too many exceptions.

[24:29] Now I get it and I hope if you listen to this, I hope you get the complexity of this and that your tool audits and it actually does something valuable and it shows you information but it’s probably not valuable enough as of today for someone to pay for. So you’re moving trying to push that bar forward and saying in a week or two then I’ll at least have remediation instructions into the app. Hopefully that will be enough for people to pay for.

[24:56] I think your biggest risk is definitely not the technical issues but the question about what point does AuditShark provide enough value that people will pay your monthly fee for it. And it sounds like your hypotheses is that it is having the remediation steps in there will at least convince some people to do it and then offering that value add of you to came in and fix it for an additional cost is maybe even another step up in the value chain.

[25:22] Mike: Right. There’s definitely other things that it have thought of that I think would add value to it and would help push people into the direction of saying yes this is valuable enough for me to pay for but some of them are complicated to the point that there are entire products built around just that functionality. So it’s not like I could say oh, well let me just throw this in there and I’ll wait for that to be done before I launch and so that I know its valuable enough because some people may not care about some of those things. I really need to just get it to a point where its I’ll say valuable enough and then kind of take things from there.

[25:56] Rob: Right. And to clarify, you’re marketing towards small software and Saas businesses is that right?

[26:03] Mike: I wouldn’t necessarily say that it’s just small Saas businesses. It’s more of the businesses who are advanced enough to actually be interested in looking to protect their servers because they have something to protect. One of the things that strikes me is the people who are really interested in AuditShark have been hacked before. The people who have gone through that experience and have gone through the pain to say oh well, what happened on my server? Why did this thing get hacked? Those are the people who have this burning pain to say oh well, I need to actually do something about my servers because my entire business rests upon having these things up and running and if I lose those servers, I lose my business.

[26:41] Rob: Right. People are going to have a dedicated server because they need to be able to install an actual EXE so it’s not shared web hosting or something but it’s a dedicated typically a web server I would imagine. Sure it doesn’t have to be but my guess is the people you’re going to find using the content marketing SEO kind of the online marketing techniques you’re going to go after are more likely going to be small businesses on the web at least to start with. And then it’s like you said, its people who are aware enough that they need to be secure that you can have the notion that they need to lock some stuff down and the willingness to spend the time to do it.

[27:13] Mike: Right. I’ve seen a couple show up on my launch list over the past couple weeks who are healthcare related or financial related whether they’re banks or loaners and some things like that which is interesting to see they’re the people who actually take it seriously. If you’re just looking for a scan of your servers because you want to do it once, probably not a good fit. But if you’re the type of company that’s a little bit paranoid but you don’t necessarily have a security expert on staff and that’s really what it comes down to is if you don’t have a security expert on staff or you don’t have tools that you’re already using to help lock down your machines, then AuditShark is probably a good fit because it can at least point you in the right direction.

[27:53] Rob: Right. Because its runs a scan everyday right? That’s the thing. You install it once and then it gives updated information because you can download – I’m sure I could go online and find like a $99 scanner or a free scanner or something that will scan my server for security holes but yours is as a service.

[28:08] Mike: Right.

[28:09] Rob: And what’s the pricing?

[28:10] Mike: On the low end for two servers, its $79 a month and it basically goes up from there if you get to eight servers a month that’s $199 a month and then for 20 servers its $399 a month. Those are kind of initial prices right now. There’s other functionality that I want to add in but I don’t think that bumping up the price point would be justified until I start adding those other things.

[28:32] Rob: Right. You got to get the first customers in there first paying you for it.

[28:35] Mike: To be fair, I’m not necessarily as interested in saying oh well I have all these people paying me $199 a month. What I’m really interested in is making sure that they are getting the value out of it to say hey $199 a month is a no brainer. So like okay, well what about $299? What about $399? And then trying to find the ideal price point, no that there really is one.

[28:55] Rob: You’re not saying you’re going to raise prices. I mean I would imagine you’d grandfather people in but it’s kind of as you find it’s a no brainer for people to do it then you want to potentially raise prices on future folks.

[29:06] Mike: Right.

[29:07] Rob: So we’ve kind called out a few steps that need to fall into place for you to get to launch. We talked about the V2 UI you’re trying to get out, that’s a technical issue. There’s getting remediation in and that’s a technical issue. Then there’s kind of the risk issue of with remediation, are people willing to pay for it, does it provide enough value and then you want to hone your marketing message right? You want to get like a headliner, a tag liner or a way to describe Audit Shark in just a couple sentences basically or a couple of words frankly because that’s all you have in a website headline or an ad headline.

[29:36] You want to find a pretty good one that converts well for you. Do you feel like if you get those four things dialed in that you’re ready to basically get people paying for it and asking early access customers for money and seeing what happens and then maybe releasing it to the world assuming that they say yes?

[29:54] Mike: Yeah. I think so. The remediation piece is big. I would like to kind of pursue figuring out how to work in services is kind of that hybrid model that I talked about but I haven’t really put any mental time or effort into figuring out how that might look.

[30:09] Rob: Anything else you want to add because I think we’ve kind of done a decent run down of basically the last three years as well as what we hope to see here in the next month or two.

[30:19] Mike: I don’t think there’s too much. I understand the sentiment from people that it’s been a very, very long time and I haven’t launched AuditShark and I’m not exactly a shining example here of how to launch a Micropreneur business but at the same time I do want to point out this is not a Micropreneur endeavor. I’ve said that upfront. I don’t want to scapegoat everything on to the medical issues that I kind of eluded to earlier. But it’s been about three weeks since I started the treatments and everything.

[30:46] So I think that things are going reasonably well and I don’t see any reason why they shouldn’t continue to go well. I can keep people posted as what the progress is. I don’t think it’s going to be very much longer though. So now what we’ve talked a lot about AuditShark do you have any updates of Drip?

[31:02] Rob: Yeah I have 90 seconds of updates. I’ll keep it short. Basically nothing has changed with Drip since we last talked because I’m in the middle of 1) waiting to see how many of our trial users convert because until I see that, I don’t want to send an email to the other thousands on the launch list. In the mean time we’re just building out stuff like cancelation logic and on boarding assistance and FAQ, email support snippets and it’s just trying to get Drip to scale up just a little bit.

[31:32] We’ve had our hands full for the past couple weeks and I just couldn’t imagine emailing ten times what we emailed a couple weeks ago. We couldn’t handle it. So we’re trying to get things like support and on boarding and cancelations automated enough that we can essentially move forward. I don’t have an exact date in mind when we’re going to email that. I’ve been kind of brainstorming of do we maybe just email another 300 in a couple weeks and see how that goes? It’s a super slow way to take it but I just don’t feel like we’re there yet.

[32:02] Development is – I’ll say it’s a bottleneck the most things that need to get done are in the development queue. Marketing is now moving forward. My growth hacker intern started this week and he’s in the ground running so marketing stuff is great. A lot of stuff in place for the launch. We’re stoked about it but we just have to get – there’s more features that have to have to get done that aren’t even features like parts of the app but it’s things that just have to be done in order to bring in several hundred trials all at once. So that’s really it.

[32:31] Next week will probably be boring too because we’re just going to be cranking away at this queue of things that people have asked about. There are also things, we are building a couple things that people have canceled for and I’m concerned that 10% or 20% of the new trials will also need that feature so I’m not building them just to build it. I probably have hundred features that we could build just to build but there are a handful that basically are deal breakers for folks so we want to get those done before I also let the masses in.

[32:55] Mike: Yeah. I know what you’re saying. There’s hundreds of features that I have are in FogBugz that I just have not decided to pursue at the moment. There’s just a huge list and it’s just not worth it right now. Nice to have.

[33:06] Rob: Yeah. They’re nice to have. I’m in a milestone that just says future. It says like V 2.0 future and they’re just all assigned to that.

[33:13] Music

[33:17] Mike: If you have a question or comment you can call it in to our voice mail number at 1-888-801-9690 or you can email it to us at questions@startupsfortherestofus.com. Our theme music is an excerpt from “We’re Outta Control” by MoOt used under Creative Commons. You can subscribe to us in iTunes by searching for startups or via RSS at startupsfortherestofus.com where you’ll also find a full transcript of each episode. Thanks for listening. We’ll see you next time.