Chris Dixon

Some startups become huge sensations without requiring any active marketing – YouTube, Skype, and Twitter come to mind. However, the vast majority of successful startups gained adoption through marketing:  PR, SEO, partnerships, paid marketing, and so on. My strong suggestion would be to hope for the former but plan for the latter.

Marketing is a huge topic.  Here I just want to make the point that, for starters, you need to figure out two things:   1) how information and influence flows in your market, and 2) when and where people use and/or purchase your product.

I’ll use my last startup, SiteAdvisor, as an example.  SiteAdvisor (now called McAfee SiteAdvisor) is a consumer security product.  Most consumers don’t learn about security products on their own.  Instead, they rely on their “family/friend sysadmin” (smartest computer person they know).  These family sysadmins read technical websites and magazines.  In order to reach this audience, we performed studies on data we had collected, which led to lots of coverage, which raised our profile and bolstered our credibility.

Now to when and where people buy security products.  Most people only think about security when 1) they buy a new computer, 2) they first get internet access, or 3) they get a virus or other security problem.  The last case is actually pretty rare, so most companies focus on 1 and 2.  How do you reach people at those moments?  Through “channels” – in particular PC makers (“OEMs”) and internet providers (“ISPs”).  (For public market people:  focusing on these two channels was McAfee’s big insight in the 2000′s and how they made a comeback versus Symantec who dominates retail).

Most people don’t talk to their friends about security products so it’s very hard to do mass word-of-mouth marketing.  (Exceptions would be the beginning of the spyware epidemic around 2001-2 when AdAware got super popular via word of mouth).  So you have to understand and pitch to these channels.

These observations are specific to consumer security, but every startup should have a similar theory of how to market their product.

There are two broad philosophical approaches to explaining the forces that drive world events. The first one is sometimes called the Great man theory, neatly summarized by the quote ”the history of the world is but the biography of great men.”  This view was famously espoused by the philosopher Hegel and later Nietzche, who called such great people Ubermenchen (“supermen”).

The alternative view argues that history is largely determined by a complex series of societal, political, institutional, technological and other forces.  This view argues that great people are more a product of their time than the times are a product of them.

You can apply these theories to companies, in particular to the founders of technology companies who keep their companies great long after their “natural” life cycle.  Most successful companies start with one great product and ride its growth but fail to pull off a second act.

The companies that defy this natural cycle are invariable run by “supermen” (or women).  Akio Morita founded Sony in 1946 and was a very active CEO until 1994.   At the time he left, Sony had a $40B market cap.  Today it is valued at $28B.  Akio had an incredible run of hit products: the first transistor radio, the first transistor television, the Walkman, the first video cassette recorder, and the compact disc. Akio ran Sony based on his intuitions.  For example, he ignored focus groups that hated the Walkman, saying:

“We don’t ask consumers what they want. They don’t know. Instead we apply our brain power to what they need, and will want, and make sure we’re there, ready”

Steve Jobs co-founded Apple in 1976.  He was pushed out in in May 1985 when the company was valued at about $2.2B.  He returned in 1996 when Apple was worth $3B.  Today it is worth $169B.  Jobs famously micromanages every product detail and like Akio makes decisions based on intuitions.

Bill Gates was the co-founder and CEO of Microsoft, building it to an astounding $470B market cap.  Under him, Microsoft had multiple acts, among them:  DOS, Windows, Office, and enterprise server software.  Since Steve Ballmer became CEO, the company’s value has declined to $223B. I’m sure Steve Ballmer is a smart and passionate guy, but he’s no superman.

Some observers like the author Jim Collins think great companies are all about culture, not a singularly great leader.  Collin’s “built to last” case study companies included Circuit City and Fannie Mae, both of which have been catastrophic failures.  His “portfolio” has underperformed to S&P.

It is convenient to think you can take greatness and bottle it up and sell it in a book.   In fact, life is unfair:  there are geniuses and then there are the rest of us.  When great leaders go away, so does the greatness of their companies.

Andy Weissman’s blog has the tagline “Maximizing the serendipity around you.”  It’s a good philosophy.  I think one of the simplest ways to do this is to ask people lots of questions when you meet them.  I’m surprised how often people fail to do this.  Besides being good manners, it’s also an efficient way to learn about the world and sometimes make important discoveries and connections.

About 6 years ago, when I was working at Bessemer as junior investor, I was at a dinner with a group of friends and acquaintances.  The guy sitting next to me was a business school student who spent most of the dinner talking about how he was trying to get a job in venture capital.  He never bothered to ask me what I did for a living and I never mentioned it.

Now, I wasn’t a particularly important venture capitalist, but getting a job in the industry is all about meeting as many people who work in it as you can.  The fact that he happened to be sitting next to one was potentially serendipitous – had he only bothered to ask questions.

This post is about computer security.  Before your eyes glaze over, let me say that – without using any security jargon - I’m going to try to convince you there is a significant security issue on the horizon that will affect every almost every business that stores valuable data on computers.

Willie Sutton was a bank robber who, when asked “Why do you rob banks?” replied “because that’s where the money is.”  This quote is famous enough that some people call it Sutton’s law.  On the internet, Sutton’s law means the bad guys will try to hack where the valuable data is stored.

One of the major trends in the technology world is “cloud computing” or a related concept “Software-as-a-Service (Saas)”.  The idea is instead of installing software within your company’s own network it is hosted by a service provider and you access it via a web browser.   SaaS applications are popular because they are much easier to use, install, maintain, and access.  The most prominent examples are probably Salesforce and Google Apps.  But the SaaS revolution is happening to almost every corporate application – HR, accounting, project management, bug tracking, and so on.

As a result, there is a giant migration of data going on.  We are moving from a world where everyone kept valuable data within their network to a world where all of their data is in SaaS providers’ databases.

Sutton’s 2nd law is that where there is lots of money, bad guys find a way to get to it (ok I made up the name for this law – but it should have a name).  When kings had piles of gold in their castles, people found a way across the moats and through the gates.   The same is true of people robbing banks, and the same will be true of SaaS providers’ databases.  It could be an inside job, someone leaving a “door” open, or just clever hacking – but you can rest assured if with a giant pile of gold sitting there, the bad guys will get it (in fact it’s already started).

We have gone from a world where everyone hid money under their mattress and protected it with an alarm system and shotgun to a world where all the money is in just a few places, run by people who have no particular expertise providing security, who for the most part deny there is any risk.   SaaS providers like Salesforce just dismiss the security risk, saying, in essence, that they have alarms and shotguns too.

It’s a powder keg waiting to explode.

Disclosure:  I invested in a stealth mode security company that addresses this problem.  Perhaps that makes me biased.  I prefer to think of it as evidence that I believe what I’m writing here.

One of the most popular areas for startups today is “local.”  I probably see a couple of business plans a week that involve local search, local news, local online advertising, etc.

Here’s the biggest challenge with local.  Let’s say you create a great service that users love and it gets popular.  Yelp has done this. Maybe Foursquare, Loopt etc. will do this.  Now you want to make money. It’s very hard to charge users so you want to charge local businesses instead.

The problem is that, for the most part, these local business either don’t think of the web as an important medium or don’t understand how to use it.  Ask you nearest restaurant owner or dry cleaner about online advertising.  They don’t see it as critical and/or are confused about it.  Even Google has barely monetized local.

People who have been successful monetizing local have done it with outbound call centers.   The problem with that approach is it’s expensive.  Even if you succeed in getting local businesses to pay you, it often costs you more to acquire them than you earn over the lifetime of the relationship.

To add insult to injury, local businesses often have very high churn rates.  I have heard that the average is as high as 40%.  Anyone who has done “lifetime customer value analysis” can tell you how that ruins the economics of recurring revenue businesses.

Hopefully this will change in time as local businesses come to see the web as a critical advertising medium and understand how to make it work for them.  But for now, monetizing local is a really tough slog.

* This is what I hear from industry sources.  If readers have better numbers or sources I’d love to hear them.

The other day I claimed that Twitter is supplanting RSS, and that long term that’s a bad thing.  Andrew Weissman had a very reasonable response:

Twitter is the most open application people are currently using. It’s open on the way in and the way out. The variety of applications using the Twitter api are astounding in that they cover many use cases.

Given that, why will Ashton and Oprah someday care?

The problem is Twitter isn’t really open.  For Twitter to be truly open, it would have to be possible to use “Twitter” without an any way involving Twitter the institution. Instead, all data goes through Twitter’s centralized service.   Today’s dominant core internet services – the web (HTTP), email (SMTP), and subscription messaging (RSS) - are open protocols that are distributed across millions of institutions.  If Twitter supplants RSS, it will be the first core internet service that has a single, for-profit gatekeeper.

Why would this matter to Ashton or Oprah?  Imagine if Microsoft Exchange server wasn’t just an instantiation of SMTP but was a centralized service that all email had to pass through.  A single institution is never as reliable as a system distributed across millions of institutions.   Nor is it as secure – for example, a distributed denial-of-service attack can much more easily bring down one service than the entire internet.

But most importantly, having one company control a core internet service hinders competition and therefore innovation.  To continue the Microsoft Exchange analogy – do you think in that world we would have such a diverse email ecosystem if everyone had to go through Microsoft to build stuff?

And this is all true while we are still living in the fantasy land where everything involving Twitter is free.  At some point Twitter will need to make lots of money to justify their valuation.  Then we can really assess the impact of having a single company control a core internet service.