What Programming Language Should I Use to Build a Startup?

Often entrepreneurs ask me 'What technology should I build my startup on?' There is no right or wrong answer to this question. It's a decision every company makes for itself, depending on what it's trying to build and the skills of its cofounders. Nonetheless, there are a few rules that one should adhere to. We discuss them in this blog post.

Incident Response Policy

What happens in your company when a production incident occurs? Usually in a typical startup, you will see engineers running around frantically trying to resolve the problem. However, as soon as the incident is resolved, they forget about it and go back to their usual business. A good incident response policy can help bring order into chaos. We provide a sample template in this blog post.

Why Software Deadlines Never Make Sense

We discuss why software deadlines usually don't make sense.

Analyzing Front-End Performance With Just a Browser

We discuss a number of freely available online tools which can be used to analyze bottlenecks in your website.

Why Smaller Businesses Can't Ignore Security and How They Can Achieve It On a Budget

In this article, we show that security is both important and achievable for smaller companies without breaking a bank.

Tuesday, March 20, 2012

Stop finding excuses

A good quote by Eric Ripert, executive chef of Le Bernardin. It applies to any discipline including IT.

"In my 1st year cooking, my arms had burns & scars; my hands had many cuts but year later I would achieve the same tasks in the kitchen without a scratch. My lesson? Master the craft; be organized & proactive. Stop finding excuses and reasons. Small or big kitchens are the same. Real pros work with their head first... "

Sunday, March 11, 2012

Y-Score: An easy way to measure security of your company.

In 1952, Dr. Virginia Apgar invented the Apgar score, a simple method to quickly assess the health of the newborns. A newborn baby is evaluated on five simple criteria on a scale from zero to two, resulting in a score of 0-10. The test consists of assessing the baby's respiratory rate, skin color, irritability, pulse rate. What's interesting about the test is that it was not based on long, scientific studies yet it was virally adopted in hospitals throughout the world.

People always appreciate simple things. I decided to come up with a similar score to assess security of companies based on my experience. The following is my proposal:

The company's security posture is assessed on five criteria:
1. Executive buy-in: It will be impossible to truly secure the company if the board and CEO do not support this. Hyundai Capital CEO Ted Chung said: "IT security needs a philosophy and only a CEO can make that kind of a decision."

2. No weak or default passwords
A large portion of hack attacks succeeded from weak credentials being used.

3. Security awareness
The weakest link in any organization is always people. By training your employees not to download malicious attachments, not to become victims of phishing attacks or social engineering plots, you will significantly increase the security of your organization.

4. Secure coding training
Almost 95% of web applications have security flaws. The easiest way to solve this problem is not to plunk thousands into a web application firewall, but instead to train your developers on secure coding.

5. Harden your systems
Make sure you use a uniform hardened OS image, and have few open ports.
The less doors there are open in your system (aka ports), the less chance of it being hacked.

I believe that if you do well on 1-5, the likelihood of your organization being compromised will be close to nil.