I’ve been involved in the development of a number startups over the years, including three I co-founded. I have also observed the idea development process from the outside many times. In the 10 years or so I’ve been involved with startups, I have never seen a “Eureka” moment where someone suddenly comes up with a great idea. Instead, I have always found idea development to be a wrenching and often meandering process that is guided mostly by instinct.
I think the first step to developing an idea is picking a general “space” that you think has interesting things going on (picking the right space and the right co-founders are in my view the only really important things you do at the beginning of a startup). Maybe you have experience in the space or maybe you just sense something interesting is going on there.
Here’s my experience developing the idea for SiteAdvisor. At the time, I had never worked in computer security but had always found it interesting. When I worked at Bessemer, I spent as much time as I could talking to David Cowan and other security experts. One thing that was apparent was that, on average, every few years a new type of security threat would come along and usually with each wave of threats some interesting startups were built (e.g. viruses->mcafee & symantec, spam->brightmail & postini, spyware->webroot). So in 2003 when phishing began to emerge, a friend and I created an anti-phishing toolbar. It wasn’t a particularly special piece of software – there were a couple of other anti-phishing toolbars around at the time that had similar functionality. We just figured something interesting was going on so let’s throw our hat in the ring and maybe something good will emerge.
Think back to 2003, before Firefox. It was a pretty bad time on the web. Venturing off the major websites, you’d get bombarded with popups and spyware and ActiveX warnings. It occurred to us: if we are warning users about phishing sites, why don’t we warn them about sites that do other bad things? In other words, we realized that phishing was just a special case of a more general problem – the web needed a reputation system for websites. Two years later, by the time we actually released SiteAdvisor, phishing was just an afterthought (in fact the first version of SiteAdvisor didn’t even include anti-phishing since we were focused on “Safe Search” and phishing sites don’t show up in search results for various technical reasons).
Today every major security company has a “safe search product.” It seems kind of obvious now. But in retrospect, I don’t see how we would ever have developed the idea without having already “thrown our hat in the ring.” Even if we had thought of the idea, we probably would have dismissed it as too obvious. When you aren’t actively engaged in an space you can’t see the gaps.
I think a lot of people who are interested in starting companies think they shouldn’t do it until they have a Eureka moment. I’d say that instead they should focus on finding an area that “feels interesting” and then get ready to bob and weave.