Heh, a couple of years ago, I had an idea for an "Uber for Experts." It would provide a similar experience to Uber, but instead of a ride, you'd get 30 minutes with a domain expert of your choosing. I never got around to working on it, but there might still be an opportunity for something like this.
That is more indicative of Google’s culture and lack of focus than the viability of the idea. With the death of Google Reader, plenty of RSS aggregators popped up and are still kicking.
There's a few companies out there that provide these "expert networks." GLG or AlphaSights
Not necessarily tutors, but I run into the same issue in Product Management. I need to do customer research, but the process of finding people to speak with is time consuming and very much like sales. To have 10 conversations, I'll probably have reached out to at least 40-50 people. I have to build a "funnel" of people in order to maintain having a few conversations per week.
Note: I experience this problem at startups that don't have existing customer bases. With companies that have existing customer bases, finding people to validate ideas and get feedback is not arduous .
I was an AlphaSights "expert" on cloud for a while, they paid me super well and the people asked good questions, I stopped doing it because It was mostly hedge fund managers I was talking with, but given how much they paid me, I can't imagine what their clients must have been paying.
I did a few calls with an expert network firm once upon a time when I was an analyst. My limited experience was that they were really looking for inside information rather than broader insights and a lot of product companies actually forbid engaging with them.
Super-well paid is a matter of perspective. As I recall it was about $500 for an hour call but it's not like I personally got all that and was pretty normal as a consulting rate.
Mine as after DigitalOcean went public, I was long gone from it, they mostly wanted to talk about where cloud is going (would managed hosting/ftp hosts go away, what do you think will happen to the front end, blah bah blah) - They paid me hourly well over an order of magnitude more than what you were paid, heh. :)
People could put up basic profiles with their skills listed and you could purchase a time slot with them. It’d be relatively low commitment for both the experts and also the advice seekers.
Some technical problems might be verifying expertise but this could be handled with a sort of social proof like how LinkedIn allows users to vouch for certain skills. In fact you could probably facilitate account creation by pulling from the LinkedIn api.
I agree. I’d like to be able to share my knowledge from time to time for a small fee and little hassle on my part.
I made some money on Codementor for a time and enjoyed it while I was between jobs, but wasn’t easy to balance that with FTE so I dropped it after a while.
Every now and then when I was working full-time, I had some piece work things that made me some reasonable pocket change. They were sometimes interesting (e.g. being a judge for a best-of award at a conference) and/or a way to fill a few dead hours and have an interesting chat. But if you have a good job, they're mostly a distraction for not that much money in the scheme of things.
There's no evidence of that at all. The screenshot shows a few Snowflake professional services demo accounts only. These are accounts used by the sales engineer to demo features to customers.
It's possible the attacker was able to deduce some information about certain customers, but they would not then be able to connect to those accounts to extract data as those accounts should not be accessible from the public Internet at all, and should require corporate authentication.
In my day-to-day work, we analyze millions of files every day, and it's well-known and well-utilized detection evasion techniques to host and serve malware from "trusted" websites. It's so widespread that I did extensive research on that issue. There are well-known apps with $Ms in funding and revenue with a plethora of malware hosted on their servers. Some are even used as C2 servers for data exfiltration. I see an increasing number of companies proactively blocking all traffic to those notorious sites to increase overall network security.
The outcome of my research was the following:
- Disjointed content moderation and cybersecurity departments: Not many companies have content moderation teams equipped to perform malware analysis or make cybersecurity-related decisions (the only company that does an exceptional job in this regard is Meta).
- If hosting malware doesn't impact the company's revenue and reputation, the content moderation team has other priorities.
- Section 230: Companies will refer to Section 230 when asked about hosting malicious content or scanning the content for potential malware.
I use Github's Trends (https://github.com/trending) for discovery, and for all other searches, I use their search and tags. It never failed me to find what I was looking for. The star system already provides you with ratings for open-source projects, and Github's search has powerful filtering. I don't anticipate a general need for such a project.
If you are junior developer interested in learning development or a specific technology, it would be great project to build and open source though.
These are exciting times in the cybersecurity industry with the recent growth of open-source security tools (osquery, Fleet, Wazuh, etc.). Anyway, I'm skeptical about the detection efficacies, usefulness, and scalability of those products. I do not see them widely adopted either. These are my observations from your pitch:
Your pitch mentions large costs for traditional SOAR products and that you want your solution to be focused on smaller companies that don't have money to pay for expensive SOC tools. Nevertheless, the market reality is that if a company has a SOC team (who is the traditional end-user of SOAR tool), they don't care about $100k for a SOAR because they will spend hundreds of thousands a month for log storage, security tools, and HR. It's much more common for your target audience to use ITSM as a security incidents management tool. Just look at what ServiceNow is doing in this space for example: https://docs.servicenow.com/bundle/washingtondc-security-man.... Based on this one fact, I think that you didn't spend enough time understanding your target customer who are in this case not SOC/Security teams, but IT teams.
Incident management is a critical process for every SOC team and its effectiveness is tracked by measuring the mean-time-to-resolve metric. How do you want to convince SOC teams to use open-source tools for their mission-critical process rather than buying one of the established SOAR tools that are integrated with their security stack? (& there are many options in the SOAR space) How can your product help companies lower the operational costs of case management? (improving the mean-time-to-resolve KPI)
Please, don't get discouraged by my comments. SOAR is an essential part of every security stack and the current offerings have flaws. But the narrative in your pitch is flawed and indicates a lack of understanding of current security buyers and personas.
The fact that YC overlooks the dire need for next-generation cybersecurity solutions is quite shocking. In the coming years, cybersecurity, trust, and safety will be essential needs of every customer and enterprise application. For example, the whole fiasco with the spread of fake Taylor Swift's nude images is just the beginning of the exploitation of internet data on an industrial scale. We can already see attempts to commercialize services similar to ransomware-as-a-service that, for a small amount of money, generate atrocious content about every possible person and spread it online automatically. We are on the edge of a new revolution that will bring malicious tools and services even closer to regular consumers and make them more affordable. I think that our cybersecurity tool chain is far from ready for what is coming.
I apologize, but I don't understand your point. Could you please explain to me what you mean by that or how the fact that you "can't buy cybersecurity" contradicts what I wrote?
The cyber security market was valued at USD 153.65 billion in 2022 and is projected to grow from USD 172.32 billion in 2023 to USD 424.97 billion in 2030, so apparently people are buying cybersecurity solutions.
I understand and agree with your point that you can't just "buy" cybersecurity by throwing money at the problem. It's more like building a well-defended castle, where multiple elements work together to create true security. Cybersecurity is a company-wide process that needs to be powered by specialized tools.
The fact that one of the fastest-growing markets is omitted by YC is shocking to me. The opportunity to build $1B companies, which seems to be one of YC's acceptance criteria, is enormous.
I don't know how far or close you are to the security field, but I do share your sentiment that many tools and so-called security solutions are useless and don't solve the problem. So it's now even more necessary to go and build new solutions. The problem persists and grows.
I can agree with the opportunity analysis, but my argument is that it's understandable for people to feel uncomfortable to operate on that market at all. That said, I'm not sure there's any consideration for "comfort" on that list, so I may indeed be completely wrong here.
Anyway, I do agree there's plenty to work on the solutions. But those will probably come from areas like "correctness", "user empowerment", and etc. The closest I see to it is "policy enforcement".
There's actually at least a few cybersecurity related companies in the current batch. Not to mention Reality Defender (https://realitydefender.com/) from a couple years ago who have been doing well. YC is absolutely interested in the space. If anything, they may not have included cybersecurity in the RFS because they're already seeing and funding founders tackling it!
I love Twillio's products. As a developer turned product manager, I always find it striking that many teams try to reinvent the wheel while Twilio provides a suitable solution with a relatively favorable ROI.
Anyway, I wish the best of luck to Jeff. I consider his book Ask Your Developer: How to Harness the Power of Software Developers and Win in the 21st Century to be one of the must-read books for founders.
> I always find it striking that many teams try to reinvent the wheel while Twilio provides a suitable solution with a relatively favorable ROI.
This was not my experience. The gulf in pricing between Twilio's raw STUN/TURN solution (which they had clearly gone to great lengths to keep hidden amongst their product offerings) and their batteries-included WebRTC API solution was so vast it was almost comical. At a certain scale, a company could save maybe millions of dollars a year at the cost of a day or two of extra engineering effort. They were far from averse to the strategy of looting their customers.
