Episode 182 | The State of AuditShark

Startups For the Rest of Us

Episode 182 | The State of AuditShark

Play Episode Pause Episode

Mute/Unmute Episode Rewind 10 Seconds 1x Fast Forward 30 seconds

00:00 /

Apple Podcasts Google Podcasts Spotify Stitcher

RSS Feed

Share

Link

Embed

• Facebook
• LinkedIn
• Twitter
• Email

Show Notes

Transcript

[00:00] Mike: This is Startups for the Rest of Us: Episode 182.

[00:04] Music

[00:10] Welcome to Startups for the Rest of Us, the podcast that helps developers, designers and entrepreneurs be awesome at launching software products, whether you’ve built your first product or you’re just thinking about it. I’m Mike.

[00:19] Rob: And I’m Rob.

[00:20] Mike: And we’re here to share our experiences to help you avoid the same mistakes we’ve made. What’s the word this week Rob?

[00:23] Rob: Well, feels good to get back in the swing of things after MicroConf last week. I spent about 8 hours going through email, had several hundred in the inbox but I go to inbox zero again yesterday. It feels good to get back working on Drip and HitTail again. Drip is still 1-2 weeks out from the launch of behavior email or email automation and I thought we were a couple weeks out a couple weeks ago but just due to us leaving for MicroConf and all that stuff things get delayed. Well we talked to the UI I should say with myself and Derek and we’re getting moving on it. I’m not doing a ton of marketing on Drip right now just because all the marketing changes once that’s out because we become a different tool for kind of a different audience to be honest. We still have our old capabilities but it’s just a different thing.

[01:10] Mike: Cool.

[01:11] Rob: How about you?

[01:12] Mike: I think I mentioned in the last podcast that I was taking a vacation out in the desert. The plan was to go out and drink whisky and smoke cigars and I had maybe one glass of whisky and no cigars the whole time. I actually fell asleep on Thursday like right next to the campfire twice in the same day.

[01:26] Rob: It’s exhausting. I felt the same way. I slept a lot. The extrovert hangover I kept saying.

[01:32] Mike: Gotcha. Well I think being in the desert it just dries you out and dehydrates you so even if you don’t drink, you still just wake up with a hangover.

[01:40] Rob: And I guess on the Brightside for me HitTail is looking to have one of its best growth months ever but just in monthly recurring revenue growth and it’s moving back towards in the previous high that I had it at and this is due to getting away from tracking code and using the Google web master tools importer. So it’s good to have a win now and again to keep you motivated. There was like several months there where it just felt like all losses and the winner, it discourages you especially if it comes during that dark and cold time of year, glad to kind of be through that and be able to kind of hang my hat on something for the time being. And it’s not that Drip is not doing well or that MicroConf was a success. Drip is doing well but to really have something going up into the right is always a good motivator.

[02:24] Music

[02:27] Mike: I guess we’re talking today about the state of AuditShark.

[02:30] Rob: There were several comments in I think it was in the 170’s. Folks just asking about AuditShark you hadn’t given a thorough update in a while. I know that there’s been stuff going on behind the scenes. Some of it is sensitive. Right? It’s stuff that you can’t necessarily just come out and say what’s going on because so we wanted to kind of get passed MicroConf and get to a point where we could spend a whole episode digging into a lot of the specific comments, thoughts, questions that folks had. And there were several different commuters on both sides of the table. There was a guy named Mathew, Larry Scott Charles and Josh, thanks for your comments. But I think we’re going to cover four main topics today. These are all brought up by commenters specifically.

[03:09] The first one is slow progress. Like what do you say to the slow progress of AuditShark? Second one is the target market like do you have a target market? And the next one is talking about features and development versus talking about marketing, talking more about writing code than talk about marketing and the last one is about whether you are following your own advice. Someone put it if you wrote in to startups for the rest of us, what would your advice to yourself be?

[03:33] So let’s dive into the first one here. We’re going to talk about slow progress. I have a couple quotes. One quote is what do you say to AuditShark and its very slow progress? The other one is in the episode about 12 ways to know when to bail on your project and that was episode 171 at least 10 ways clearly applied to AuditShark. Now I actually don’t think 10 of those ways. I think maybe half of them applied but what are your thoughts on this? You’ve been working on AuditShark I think or about four years now and you started with a target market of banks that didn’t work out you’ve since been looking for a target market and like web and online folks were the market for a while, it seems like that maybe has or hasn’t worked out and you’re working on new stuff. I guess the first thing that you should probably comment on is what do you say to the fact that AuditShark feels like it has pretty slow progress?

[04:22] Mike: Well I think that most people who listen to the podcast don’t necessarily realize that I own three different companies, one of them is a consulting company and then my software company and then the Micropreneur academy with you. And with the consulting company, really, I spend a huge amount of time there which I’m not particularly happy about but the fact is that I’ve spent years where I’ll spend between 40 and 45 weeks a year on the road. Of that time, I’ll fly out on a Sunday and I fly back on a Friday and between travel and the actual work schedule, I’m probably putting in 60+ hours a week just doing the consulting stuff.

[04:56] So it doesn’t leave a whole heck of a lot of time outside of that in order to work on it and that’s kind of why I really went down the road of hiring people to kind of bring in and help put different pieces of AuditShark together because I was spending so much time on the road and what that allowed me to do is it allowed me to do the consulting which is essentially high pay and then turn around and take that pay and allocate it to different contractors who cost significantly less than me and then I can manage them. But that’s still not easy to do because they’re still a huge latency you’ve got to deal with.

[05:26] But at the end of the day when you’re working 60 hours a week during the week from Monday to Friday and then you go home and you want to spend that time with your family. Realistically it’s hard to allocate a lot of extra time to AuditShark and I’ve been able to do it but it’s still hard.

[05:41] Rob: Right. And you’ve been working on it for four years. The first two years you were trying to code everything yourself and so you would come back from consulting and some weeks you were getting like three hours a week of coding but you were talking about it because there’s a product you’re working on but it wasn’t like you’re making these massive strides towards the goal and it wasn’t until you’re a couple years in that you really started and you were able to let go of some of the code base and kind of outsource it. And then that is when you actually started making more coding progress. Right?

[06:10 ] And you’ll notice a shift at that point. I don’t remember but what episode it was but a lot of feature started getting built at that point and then that wasn’t like another year and you were moving forward but what I think your blind spot during that time is I don’t think you went out and find the market or you thought that you had the market but it just wasn’t there and then that’s been like kind of the last year has been coming to that conclusion of like oh no, I missed the mark on this. The market that I thought wanted it doesn’t want it and then since then you’ve been trying to find what that is.

[06:36] Mike: Right. And that market was banks. I was originally going after small banks because I saw this list of I think it was around 8,000 banks or something like that 8,500 banks. And of those, only 10 took up the top 80 or 90% of the market. So the rest of the market was left of these much smaller banks and I thought oh well they have regulatory compliance. They need to do this stuff. And what I found out after talking to them, I realized that and I’ve already built a bunch of stuff they said yeah, we’re interested in that. And then when I went back to them and said hey, I’m almost ready to show you something, that was when I started getting into more in depth conversations with them they said well, actually we have a third party company come in and do those audits for us. We don’t do it on a regular basis.

[07:18] There were a couple of different things that kind of went through my mind at that point. One is like I could say I could go to the third party people that they have come in that these consultants but at that point it’s not necessarily going to be something that the banks are going to end up using on a regular basis. They basically need it once and then that’s it and they don’t need it again for another year and then I’m like well that’s not really an ideal Saas model for me. That’s not what I want.

[07:43] The other thing is I knew that scaling up and trying to go after a bunch of those companies was going to be somewhat difficult so I kind of backed off of that. I didn’t really want to go the third party auditor route at that time kind of looking back on it, it might have been a better idea but I guess I didn’t think hard enough about it.

[07:57] Rob: I think you were locked in the Saas. You really wanted the subscription revenue and you’re already year two into building this web app, this web version of AuditShark and that didn’t necessarily apply as well to third party auditors.

[08:11] Mike: It did but I missed it. And the reason I missed it and the reason I missed it was I was kind of focused on the idea that the banks would be using the software. So I was like oh, well the banks are only going to use it once a year. They really don’t need this so maybe I should go out and find another market. Completely overlooking the fact that if I went instead to those third party auditors and said hey, would you be willing to use this on each of your customers? And although the products benefits their customer, I would charge them instead I just totally missed that.

[08:38] Mike: Yeah. That makes sense. This actually might be a good transition point into point number 2 which is about target market and we can come back to the 12 ways if we have time. But there are multiple comments in terms of target market. These are all quotes from the comments. One person said maybe if I understood AuditShark’s target market a little more and how Mike is going to attack it, I would have more confidence in his advice. Honestly, I think he’s still searching for a market, one that I’m not sure truly exists other than one of customizations for each prospect or client. That was one comment.

[09:06] The next one was what is AuditShark’s target market? Has that changed since 2011? And then the third one was more of a compliment and it says I disagree with the naysayers. Mike has moved on. He’s bringing his product to different markets. He’s now moving on to security companies and auditors. So talk a little bit about that specifically obviously you said banks didn’t work out, third party auditors didn’t work out at the time but it sounds like that might be a good market. But where do you stand today and why do you stand there? You know? Like what evidence do you have that the market you’re talking about is probably viable?

[09:37] Mike: In terms of the people who are using it, as I said before, I completely missed the fact that I could charge those third companies money instead of the banks because my thought was well banks need this particular function done. They’re the ones who should be paying for it. And that’s not actually the case. The case is that these third party auditors are the ones who use the software on behalf of the bank and then they use it and they mark it up to the banks so they charge the bank however many thousand dollars to do an audit and then they pay me some small specific fees associated with the number of machines that they audit in that environment. And like I said, I missed that upfront. It makes a lot of sense and then people that I’ve talked to, that’s exactly how they operate and they’ve said yeah, so I will pay X dollars a month for this particular piece of software that does XYZ.

[10:24] Rob: So the question on the table then is what is your target market today?

[10:28] Mike: The target market is essentially auditors who have to do that as part of their job. It’s essentially looking at the target market as if when you build a product, who has this particular problem? Who is bleeding from the neck and needs this problem solved? And it’s really the auditors who come in and say okay I’ve got a job to do. I have to go out to 50 machines or I have to go out to 100 machines and I have to gather all of these settings.

[10:49] Well each one of those settings takes you a minute to gather which a lot of times they will because and you might have a list of 150 things that you need to look at. And if each of those takes you one minute to get then that’s 150 minutes which is about 2.5 hours per machine. If you have 100 machines that’s a huge chunk of time, talking 250 hours to pull back that information. You have a piece of software that can pull it back very, very quickly for you, you don’t have to spend 250 hours on it. And what’s that worth? Well if you’re times $50 an hour, times 250 hours, if you’re paying less than $12,500 for that, that’s a no brainer.

[11:23] Rob: Right. So you know that there’s a problem out there that people need to be auditing AuditShark can do that, now how do you know this aside from saying there’s an X billion dollar market and I have to grab 1% of it. I’ll be successful like you’ve told me offline that you’ve been in specific talks with dollar amounts mentioned like there’s stuff going on. So why don’t you talk a little bit about that?

[11:45] Mike: Sure. To give a little bit of background from 2003-2005 I worked for a company called Pedestal Software. And they sold compliance software. From 2005 to about 2008 or 2009 I worked doing consulting on that piece of software because in 2005 the company was sold and then I just kind of struck off on my own and I was brought in to do consulting on that product. And I implemented it, extremely large companies like Johnson and Johnson, Pfizer, NASDAQ, the Department of Defense, united health group, DuPont, all these different companies that are not small companies. And I saw exactly how they did it. I saw exactly how the process that they used and what sorts of things were important to them and what sorts of things weren’t?

[12:25] So when I took that knowledge and went offline and started building AuditShark, I knew what these auditors were looking for. It wasn’t s as if I just plucked this thing out of the sky and said hey I’m going to do some research, maybe do some keyword stuff. The way I looked at it was I had this domain expertise that probably nobody else in the planet really has like 1) I’m a software developer and 2) I’ve done consulting in this very, very specific niche industry for four years. So I know what’s important to them. I know what will work and I know what will not. So to bring them back to specific numbers, since January, I’ve been discussing with a specific customer and it’s an enterprise deal. And enterprise deals take notoriously long to come through.

[13:05] The second thing is that it is an enterprise deal. You’re basically swinging for the fences. It’s not like you can sell them some software and go little ways and then have them buy more later on. When they buy software, they buy lots and lots of licenses all at once. So for them, it’s not going to be a small purchase. They don’t buy 5 or 10 licenses, see how it goes and then by 30 million licenses, that’s just not how it works. Basically they look at all their available options. They evaluate them kind of widdle it down maybe do some demos and trials and then they pick one and then they buy it and they move forward with it.

[13:37] So you’re going to get either lots of revenue or zero. And I didn’t really want to come to the podcast and say oh I’m really working on this enterprise deal and then 3 or 4, 5 months down the road have it come up to zero because that’s really what was going to happen or could happen.

[13:50] Rob: Right. And by working on the enterprise deal, you mean you had multiple calls, you’ve done a demo. You’ve submitted pricing. Right? I mean you’re way well into this discussion.

[13:59] Mike: Exactly. And at this point, as far as I know, my product is the only one being recommended at this point. They’ve looked at other products and the other products simply don’t do what they need. I don’t think that’s any small coincidence based on what I said before about me being an expert in this particular field and as a side note I really hate saying that I’m an expertise in this but the fact is I’m a software developer and have done consulting in this particular space. I know exactly what they want, I know exactly what they need. Combining those two things, it kind of does make me an expert in this very, very specific thing that they need.

[14:30] Rob: Right. We all know that deals fall through all the time. Right? So there’s not a huge amount of certainty but you do know that there’s interest and you do know that the people that you’ve demoed to and talked to the guys that are actually going to be implementing it really, really liked it like it’s a neck bleed situation for them so that implies – right? It could simply that there are other people who also have the neck bleed situation and you’re saying that based on that four years of consulting you did, you know that it’s a neck bleed situation.

[14:55] And then the other thing is the deal, even if it goes through, it could take another – who knows? Six months. It could take another 8 months right? You just don’t know they could budget it for the later half or whatever I mean this stuff takes a long time so it’s not something that’s going to come through next week. it’s not 100 trial users that convert in 21 day trials but if this one hits or one like it, it’s a little bit of a game changer for you.

[15:19] Mike: Yeah, definitely. Starting pricing for that is six figures and that’s starting and they would buy quite literally thousands of licenses and if it goes well, they could roll it out enterprise wide which is a multiple of roughly 25 times that. Obviously I can’t charge them gobs and gobs of money because there’s kind of an upper limit to software when you get into the enterprise space because of volume discounts. You look at any software that’s out there, some vendors who sell MacAfee policy auditor which is a somewhat similar product but if you look at theirs and the pricing for it, their pricing drops down to I think 5 or $6 per machine at some point and that’s after you get passed like 50,000 machines. But their pricing on it I think is 30 or 35 and that’s just to buy one license for it and if you buy one license, it costs you $35. If you buy 50,000 it costs you $5 for each of them instead.

[16:07] Rob: Right. But let’s focus on this target market thing. So that, it’s a sold lead in this niche. It’s a Fortune 500 company that you’re talking to [Cross-talk] I don’t think you’ve said it yet. And I think the thing that you’ve gained out of this is even if the deal doesn’t go through, you have a decent level of confidence that there are other companies like this and if you can get in there and do the high touch sales, and this is enterprise sales. Right? I mean you’ve been spending time talking to these guys that this is a possibility for you and I think another thing that you told me offline that perhaps opens this up to be more possible for you is consulting. How much consulting are you going to be doing moving forward.

[16:42] Mike: Virtually none. I basically put in to have my time cut to pretty much zero starting in mid September and depending on how paperwork and PO’s go it may actually be quite a bit earlier on that. And then my consulting would go to zero and I’m not worried about the money because like I said I’ve got income sources. What I really need is I need those 60 hours a week back so that I can focus on getting AuditShark in front of customers and talking to them. I mean that’s really the big thing is being able to have the time to talk to people because if I’m on the road, it’s hard to step out in the middle of a workweek with a customer and then say oh, I need to take an hour off because I need to go do this software demo or make some phone calls and do some cold calls or follow-up on emails with these other people. You just can’t really do that.

[17:26] Rob: Yeah. And your progress is slow as a result. Right. I think the other thing in terms of the target market, you also mentioned another potential client it seems like in the same market but they’re not in enterprise. They’re more that external auditor. The Fortune 500 you’re talking to the internal auditors. These are people who work for that company who want to do auditing and they buy do a large one time purchase like you said being the six figures probably whereas there’s that external auditor market that you referred to earlier who would perhaps be auditing banks or just be auditing anyone who needs auditing. A there’s a small company that has said that they are very interested in AuditShark. Is that right?

[18:04] Mike: Yup. The major difference there is more or less there’s two things. One is the size of the company and the second one is what machines they’re going to be using the software on. So when you’re talking about the enterprise customers, the internal auditors, they’re auditing their own machines. And they’re auditing tens of thousands of them in some cases. When you’re talking about the external auditors or the third party auditors as I’m calling them, they are much more smaller this particular company has less than 10 employees and all of them go out to customers on a regular basis an audit their machines and their books and everything else.

[18:36] And it kind of ties into financial services but it allows them to act as an up sell because if they’re coming in to audit their books they can say well we can also do a risk assessment or risk audit on your computers to see how much of your financial information is vulnerable to external threats. So they can essentially use that to up sell their own services and this particular company does that on a very regular basis. And some of their customers are Fortune 100 and 500 companies. They do have in roads into some of these larger companies who maybe want a second set of eyes on their machines or kind of look over what their internal auditors have done because there are known and documented cases where they’ve gone out and they said okay we’re going to have the IT director go out and do these audits and everything’s managed internally and then they have third party auditors come in and say what a second, these results don’t match up. Come to find out their IT director falsified results.

[19:30] So as the CIO or CEO of the company you are criminally liable for some of those things in a public company. You do not want to be signing off on stuff that could put you in jail. So that’s the reason why they have these third party auditors come in sometime even though they have their own set of internal auditors. They want this third party checked because it helps keep them out of jail. And they’re spending the company to do it so it’s really no sweater off their back.

[19:54] Rob: Right. So as I said you’ve spoken with one firm who is interested. I imagine you have a list of additional terms or other ways to get in contact and try to explore that market which is heavily overlapping with it’s just internal versus external. Right? And they would use the same piece of software at your desktop edition you spent several years building the web version and it seems like the desktop edition which is kind of been off shoot to that has really gained a lot more steam, a lot faster than that web version did.

[20:22] Mike: Right. And I think there’s a couple different reasons for that. I think the primary reason for that is that it’s so quick and so easy to demo. I mean you literally you open it up, you click file, load and you open up a policy. You can do it against local hosts or another machine but literally you just type in a machine name, you hit audit and boom. It just starts pulling back results from that machine. You don’t need to install software on it. You don’t need a lot of configuration. If you need to put in your credentials you can but if you’re already logged into widows with the credentials that have access to that machine, you’re just going to start pulling back results. And that’s an extremely powerful demo to be able to show to an auditor.

[20:58] Versus the web version where it’s like oh well you have to sign up for an account. Now you have to download this piece of software. And then you have to install it and you need to type in your credentials when you install it and now we have to wait a few minutes for it to sync up and now we can schedule something and then you wait for 3 or 4 minutes and then you can look at results in the web interface. It’s a totally different demo scenario. The desktop edition was essentially built in order to overcome that. At the same time, that desktop edition also serves other purposes.

[21:25] Rob: Right. And it sounds like it’s had faster uptake. And you know the desktop version was a little controversial. I mean I brought it up I think on the podcast and then again off line and several folks in the comments brought it up and this is kind of point three which is you talking more about features and development versus marketing. So here’s a couple quotes. 1) It says Mike you do seem to talk about this feature or code or making it do this and that instead of how many customers you’ve acquired this week. It definitely seems more like the internal side project which clearly you get enjoyment out of and then someone else said 1) stop writing code. 2) Get customers now.

[21:59] And I had kind of said a variation of this to you offline. Right? Of like you talk a lot about the development you’re doing especially when the desktop version came up, I asked you specifically like who requested that? Why are you building another app or another off shoot or another interface? No one has offered you money for this. I guess the first question I have for you is why did you go build this desktop version when you’ve already spent all this time building a web version?

[22:24] Mike: Well I mean the primary reason was because I needed something that I could demo easily. What I wanted to do ultimately was have a video on my website that would kind of walk you through it but I also realized that just looking at the video, reading some stuff on it wasn’t necessarily going to be what would drive traffic or drive people to kind of come in and actually take a look at it. What I was hoping to do was basically take that and use it as sort of a marketing thing where I could put it on the website and say hey you can download this and this is what the web based version of the tool would do.

[22:54] So my initial intention was to take in and say okay well you can use this against just local hosts or you can type in one machine or two machines or something like that but when I started building it and actually saw what was really kind of possible with it, it kind of brought me back to between 2003 and 2005 working on security expressions and how quickly and how powerful that was to show to people. And I think that I’ve kind of forgotten that. When you put that in front of somebody, it’s actually quite amazing. I’ve heard from people who have looked at and said wow this is really awesome. I can’t believe that you’re able to do this.

[23:26] So that kind of turned the conversation a little bit and was probably not until I had really started going down the road of development of the desktop edition and say hey maybe I should take this and make this off shoot of the product that hooks into the web’s system as opposed to just kind of an independent marketing thing. The other thing I wanted to was I want to be able to use it to draw publicity to do AuditShark for some very specific circumstances. So recently for example the heart bleed problem has kind of surfaced on the internet. Well how do you know if your servers are susceptible to heart bleed? Well you kind of probably have to go do quite a bit of research and figure out what heart bleed is and how you know whether you’re susceptible to it or not.

[24:02] If I can take a version of AuditShark and essentially package it with a pre-built policy file that only does one thing which looks to see whether or not you’re vulnerable to heart bleed and package it and allow you to download it from my website, then that would be something that would be probably inherently valuable to a lot of people because they’re not going to want to come to my website type in their credentials to their Linux servers and say hey, go check my servers. That’s just not going to happen. And if it did happen, I’d love to have your credentials but that’s not what I was looking for. What I was looking for was something I could put on my website that would address some very, very specific scenarios. So any specific vulnerabilities or worms or things like that come out and be able to put that out there and use this sort of marketing play.

[24:46] And in the past what I’ve seen other companies do is if there’s major exploit of credentials from different companies, if there’s an exploit where they pull a bunch of passwords, they will setup websites where you can go in and you can type in your username and it will tell you whether or not the password was leaked. And I found that to be extremely useful because it’s interesting to find out whether or not your password was leaked to different sources and that’s really just a marketing driver. And that’s how I view that.

[25:12] Rob: So what do you say to the sentiment of someone saying stop writing code and get customers now? Like have you stopped writing code or have you slowed it down because for a while I mean it was several years. You just talked about new features you were building without customer request. It wasn’t someone saying I’m willing just talked about new features you were building without customer request. It wasn’t someone saying I’m willing to pay you money if you built this next feature like what’s your status?

[25:31] Mike: So right now there code has slowed to a crawl. There’s a few minor things that are going in. I call them minor but they’re actually pretty important. So for example licensing. Licensing was not in there. When I started handing out demons of the AuditShark desktop edition, we hard coded the date. It was like here’s the date and it just simply will not work after this. We could build the licensing mechanism but that’s going to take time. Let’s just get this out the door. So there were shortcuts that we took very, very intentionally because we wanted to get it out the door and get it in people’s hands and they’ve taken a look at it. They said wow this is really awesome. I love what it does.

[26:04] And I’ve gotten a few requests but we really haven’t gone down the road of implementing any of them. really what we’ve been focusing on is some clean up, making sure that the code isn’t going to crash or handles edge cases a little bit better because there are certainly places where it doesn’t handle everything as well as it could. And then the reporting is going to be a focus moving forward but we really haven’t put any effort into that either. So there’s a lot of things that could be done but I’m really not working on them. I do have some contractors who are working on some stuff but I’m just not – that’s not my focus right now my focus is kind of revamping some of the marketing on the website, talking to customers directly and doing whatever I can to kind of extricate myself from the consulting so I have more time to spend on that stuff.

[26:48] Rob: Right. Okay. Now in looking back over the past year where you perhaps haven’t had as much focus on that as maybe you should have, why did you decide to continue building and not getting – making phone calls to customers and that kind of stuff.

[27:04] Mike: Well it’s hard to make phone calls when you’re pegged at 60 hours a week during the work week. So this is a B to B product and it’s hard to get in touch with those people. The demo alone for the enterprise customer took me probably close to 8 weeks to schedule a time to have that demo. It’s just not easy to do partly because of my schedule, partly because of their schedule.

[27:21] Rob: Right. And this is one of the reasons we talked about – maybe it was probably two years ago about the enterprise marketing you had said I don’t really want to go into it because I don’t have time to do all the sales calls and to do stuff during the day and that kind of stuff and so it surely makes sense that at this point if you’re kind of your life situation or your work situation’s changed then perhaps that market’s more open.

[27:43] Mike: Yeah I think it’s a lot more viable now than it was even 4 or 5 months ago. Part of that is because of the desktop edition and the directions that it’s turned.

[27:51] Rob: Well let’s jump to the fourth and kind of final point that I pulled out of the comments and it was about not following your own advice. So here’s one quote from the comments. The commenter said in one episode, Mike even said not to take his own advice with respect to his work with AuditShark. And the next quote is what do you say to people who say you are not following your own advice with regards to timeline, remember, we always say 4-6 months and you’re now 4 years in, having a market before you build which thought you did but maybe you didn’t do as thorough of a job as you should have in identifying that market and talking to them. And then currently although today isn’t applicable but maybe six months ago when this comment was posted, not having a target and continuing to build an app and not putting the brakes on development.

[28:37] Mike: I think a lot of the reason we give people general advice about a timeline is there’s a few different things that factor in. One is the motivation to actually continue and two is how long is it going to take you to figure out whether or not somebody’s actually going to pay you for something. And again this is general advice versus specific situation advice. So the advice I think that we tend to give and the advice I tend to give is general advice. But when you start talking to somebody about a very specific situation, there’s always exceptions and I’ve been accused in the past of treating AuditShark like a special snowflake and in some ways I would say that it is and the specific way that I would say that it is do I know what people really want? Are there specific features that I’m aware of that they need? And there really are.

[29:21] I mean I know what the used cases are. Do I know that people will pay for it? Yes I do know that they’ll pay for it. Do I have everything set in stone as to exactly how I’m going to get in front of five more enterprises, no I don’t. That’s what I would say a shortfall but I don’t think that’s the end of the world either especially if I’m able to kind of cut back on my consulting and right now I’m in the process of talking to enterprises and able to successfully do that and move the process forward while I am still consulting as much as I am. I get the sentiment. I do understand it but I think that in parts of this, some that advice just simply doesn’t apply. I think our general advice is also not to go after enterprise markets.

[29:57] Rob: That’s right. And that’s the difference. When I bought HitTail and you were working no AuditShark, we kind of started averaging from that first step of the stair step where I say get something that’s making 1-1,000 grand a month, WordPress plug-in, a Photoshop add on, an eBook, whatever, some small niche app. But at certain point when you’re going after a mid 6 or a 7 figure business stuff does start to diverge. You have to take different steps to do it. So I’m not necessarily agreeing with you in saying that you should go beyond 4 to 6 months because I know that the fact that you’ve spent as much time as you have, it’s taken its toll right? I mean it’s taken its toll on your motivation. I imagine you’ve questioned whether you should keep going but frankly have been impressed with your willingness to continue because most people I know if they get a couple years into something there, just not ever going to make it to launch and frankly you did. You have a completed product at this point.

[30:53] Mike: That could also be called stubbornness or stupidity. You can always look at those things in retrospect and things are either genius or just stupid and it really depends on what the outcome is you know?

[31:02] Rob: Yeah so it seems like the summary I mean the three points here were you know, not following your own advice on timeline, having a market before building and then having a target market. Timeline yeah, it seems like you’ve kind of agree with that. The shorter the better, should’ve been 4-6 months, probably should’ve chewed off a smaller problem but you’re here now, what can you do looking back? Having a market before building you thought you did, I think that’s a mistake you’ve admitted to in the past on these episodes right? That you wish you’ve done more due diligence with the market you wish you’d nail it down better before you started building.

[31:13] Mike: Yeah I think with that though, there’s two different pieces of that because our general advice is make sure that you have a market for the product before you start building it and I think it’s more to make sure that there’s a problem that is worth solving to people. So I built a piece of compliant software that will go out to machines and pull back information and allow you to validate settings. And that is a problem that definitely needs to be solved. But there’s lot of different ways to solve that problem and a lot of different people to solve that problem for. And I solve the problem but I didn’t necessarily nail the initial market that I was going to go after. Problem definitely needs to be solved. Did I get the right people the first shot? No, I don’t think that I did.

[32:07] Rob: You had problem solution fit. You didn’t product market fit because you didn’t know what market you should go after. And I think to be honest, myself and the listeners doubted that you had problem solution fit and some may sill doubt that you have problem solution fit. I think you had confidence the whole time but maybe haven’t quite been able to convince us that it has and I think the fact that an enterprise has now essentially submitted you in for budget or whatever step you’re at at this point that they’re seriously considering moving forward and you gave them a quote and stuff, I think that led some creating to the fact that you’ve at least solved their problem and with another consulting firm looking at it I mean there’s becoming more evidence of that.

[32:46] Mike: The underlying issue there is that there’s a big difference between developer and cis admins so like I’m very much across the line there. I do a lot of systems administration with my consulting, managing large networks of machines with enterprise software packages so I get how that stuff works. I get how active directory works and how you would use a lot of the different enterprise tools just to manage the machines in an enterprise. So I don’t think that’s common knowledge. I think that most people who do know that who are developers are very much minority. There’s not a lot of people who are developers who also kind of cross over into that systems admin area.

[33:25] So I think that’s probably where a lot of this confusion comes from because as developer you’d have to ask why do I need to know what a registry key is set to and it’s like well you know, because that could indicate whether your firewall is on or off and if you have 10,000 machines, you need to check, how are you going to do that? Oh let me just write some code for it. And my response is exactly. That’s how you do that. But what if you need to check a different registry key or what if you need to check services or what if you need to check file auditing settings, or all these other things? So my code base is essentially an engine that will allow you to do all of those things in a much more simplified mechanism that will remotely go out to all those machines and pull back that information.

[34:07] Rob: You known one other thing we haven’t brought up at all Mike is your health issue that you had for like 2 or 3 years that again you don’t want to blame for lack of progress or lack of motivation on a health issue but certainly played a part in the fact that things have taken you a while to get here.

[34:23] Mike: Yeah. I would say that the health issue has probably been going on for more than two years. There’s probably close to four which I indirectly in some ways blame on the level of consulting that I’ve done over the past several years because it has ramped up a lot and it has gone into travel. So as I started working on AuditShark, I could almost probably guess to say yeah my health issue is kind of arose partially as a result of me doing consulting and AuditShark at the same time. I’m sure that it factors into it, by how much? I don’t know. But yeah I mean the health issue is definitely a big thing. I brought it up at MicroConf and I actually had probably 2-3 dozen people come up to me after my talk and explicitly thank me for talking about the issues and bringing them to people and just kind of bringing them to light.

[35:10] So that it’s not as if everyone’s kind of going through those things alone and I showed graphs and I think that was probably one of the more powerful parts of my talk was showing when I got a diagnosis exactly aligned with when some of my website traffic and Twitter following, all of those things, they started kind of taking off all at the same time. And then a few months later I think it was December that I kind of officially launched AuditShark, that’s not too far after August. Going back to that, I think that I could probably blame some of the lack of progress on AuditShark on some of those health issues but I don’t really want to use it as escape either. And I definitely didn’t want to bring it up last August-September timeframe because I didn’t really know what it meant at that time either. In retrospect I can see there are some pretty clear uptakes in a lot of different things since that time. So I think a lot of things have changed over their past 6-9 months.

[36:05] Rob: I would agree I mean especially in the last six months I think that’s where in seeing your graphs for your Twitter followers and your visitors to the website and just the level – it was right after that you’re like hey I have these landing pages. Hey I have some ads running. Hey I have retargeting. Hey I have – you know what I mean? You were just getting yourself in gear on the marketing side in a way that I had not seen in the previous 3.5 years on AuditShark and that’s when you started making this progress. Right? I don’t think it’s by mistake that suddenly you’re talking to a Fortune 500 company in January. I think that all plays into it. Right? You get your mojo back and then you really start hitting things hard and something comes out of that.

[36:40] I think overall in summary we’ve talked about slow progress. We’ve talked about whether or not you had or have a target market talk about focusing too much no features right? Versus development. And on following or not following your own advice but I think the bottom-line is that you’ve made mistakes going through this. We’ve talked about that before. And you’re going to get more mistakes. We’re all going to make more mistakes moving forward before you get your product to where you want it to be for sure. But it seems that at this point you have a much better grip on these issues that I think you’ve had in the past 3-4 years. There’s more confidence. You certainly have more confidence in what you’re doing. I can just tell when we’ve had conversations about it.

[37:20] You haven’t taken the shortest path. I think that’s the one thing that I would say is like it’s taken you four years to get here. I think you could’ve done it in a year. I mean it is a bigger project. All these things compiled, there were mistakes. There’s health issues, there’s 60 hour workweeks. There’s all that stuff and that kind of all adds up to just leading to a very long path which is often hard to travel.

[37:44] Mike: I think everybody wishes that whatever they’ve done that was difficult took them a lot less time to do it but at the end of the day I can’t say I’m disappointed with where things are at right now because I think that things are in a really good spot right now. It’s not to say that I don’t have a lot of work cut out for me going forward. At the same time I think I’m well positioned to be able to take the work and effort that we’ve put in so far and kind of take that to the next level.

[38:06] But one thing I did talk to a couple people about was how I talk about things on the podcast because I guess it’s not very clear to most people that when I say I’ve done this or I’ve done that, I generally mean we. It’s something that I need to work on. It was the team behind me that basically hired out of the consulting revenue. There’s a lot of things that they’ve done and pulled together at my direction that I probably just didn’t have time to do on my own. So that’s something that I kind of need to correct moving forward I think.

[38:35] Rob: Because it’s implying that you are still writing code?

[38:37] Mike: Yes.

[38:38] Rob: You’ve actually been less focused on the technical stuff over the past 6-12 months than it might appear if you were listening to the podcast because a lot of times you said I did this whereas it was your developer.

[38:48] Mike: Right. A lot of times I’ll scope something out and I’ll say okay here are the screens. This is what it’s got to look like. This is how it’s going to function. And then they’ll go do it. There will be some back and forth between them and it’s not like I’m not involved at all, it’s just that I’m usually double checking work doing testing things like that. I’m still technically working on it but I’m not necessarily writing the code for it. I do still feel like I’m involved in it.

[39:08] Rob: So if you have a question or a thought or a comment on what we’ve talked about in this episode, you can call our voicemail number at 1-888-801-9690 or we’re always available via email at questions@startupsfortherestofus.com. You can subscribe to us in iTunes by searching for startups or via RSS at startupsfortherestofus.com where you’ll also find a full transcript of each episode. Our theme music is an excerpt from “We’re Outta Control” by MoOt used under Creative Commons. Thanks for listening. We’ll see you next time.