Episode 149 | AuditShark and Drip Updates

Show Notes


[00:00] Rob: In this episode of Startups for the Rest of Us, Mike and I are going to be talking about launch dates for Drip and Audit Shark. This is Startups for the Rest of Us: Episode 149.

[00:09] Music

[00:17] Welcome to Startups for the Rest of Us, the podcast that helps developers, designers and entrepreneurs be awesome at launching software products, whether you’ve built your first product or you’re just thinking about it. I’m Rob.

[00:25] Mike: And I’m Mike.

[00:26] Rob: We’re here to share our experiences to help you avoid the same mistakes we’ve made. What’s the word this week, Mike?

[00:29] Mike: Well I kind of wanted to address some comments that were on the podcast blog from episode 147. There was a lot of discussion there. Some of it was based on Audit Shark and what’s been going on with it. It said basically Mike and Rob as co-host is just ignoring what’s going on, pretending everything is fine when Audit Shark hasn’t even been launched after several years. 50 so I kind of wanted to take a couple minutes and address that issue. I think it’s only fair to address it for the listeners.

[00:56] Rob: Yeah. Fire away.

[00:57] Mike: I don’t want to go too far into the details just because they’re not entirely relevant but at the same time one of the things that I haven’t really been forthcoming about on the podcast is that there’s a medical issue that I’ve been dealing with for the past several years which has severely impacted my ability to work on the product. There are some things around motivation as well that are associated with this medical issue.

[01:10] It was probably about I’d say three weeks ago that I was actually diagnosed with it. I’ve been going to a doctor for a couple years trying to figure out what’s going on, finally switched doctors and it was probably only two or three visits and a couple of tests and they were able to pinpoint it. Right now I’m on treatment for it that is a radical change if nothing else.

[01:38] Rob: Right. It was all kinds of symptoms that have impacted your ability probably not only to work on AuditShark but on your consulting contracts I’d imagine to get a lot of stuff accomplished.

[01:49] Mike: Yeah. I mean it’s totally been severely affecting my life in general. You’re encountering the same symptoms over and over and the doctor you’re seeing says oh, I think you should do this, this and this and you do those things and it doesn’t help. And he’s like well you’re not doing them enough. You’re its like there’s something else going on.

[02:04] So, eventually I just decided okay I need to go see somebody else and I did and like I said, I figured out what the problem is and I’m on treatment for it already and things are going extremely well. I mean literally the very first day of treatment, absolutely radical change. I don’t think this is the sole contributing factor. I think it’s a major contributing factor but not the only…

[02:21] Rob: Right. I think that’s important. I mean specifically you emailed me and one of the things you said is I’m not sure I want to talk about it because I don’t want this to turn in some kind of pity party and I don’t want people to think I’m scapegoating this health issue. I would’ve launched Audit Shark years ago if I didn’t have this health issue going so I think we should be clear that’s not what you’re trying to do here.

[02:42] Mike: Like I said, I feel it has been a major contributing factor but it’s certainly not the only one. One of the big things is obviously with AuditShark it’s clearly a much bigger product or project that I would not necessarily advice people going after for their first or second time out but it’s a huge, huge product. There’s a lot of moving parts. It’s very complicated and it’s just hard to put certain things in to focus for everybody in general and make it understandable.

[03:08] Rob: Let’s throw out a couple of mistakes that you’ve admitted to me and I’m sure I will have no problem talking about on the podcast. Bit off, probably a more complex product than you originally thought it would be like I’d bet in your head when you first started you said I’m going to run some auditing stuff and this can take me a few months to cobble together and then if you spent 1,000 hours working on it, it’s probably larger than you originally envisioned.

[03:30]Mike: Definitely. One of the things I did was I built a command line version of it first and that did not take me all that long to do. I was like this is going to be easy. This isn’t going to be very difficult to put something together that I’m going to be able to push out and its going to be a short timeline to get it out to market. And that turned out to be completely not the case and I made several mistakes. I started delving into a bunch of different technologies that I just wasn’t familiar with, I’ve never worked with them before. Windows Azure was one of them, SQL Azure, WCF services.

[04:00] Right now we’re kind of steeped in the middle of MVC and all these other things that are associated with it. They’re all things that I’ve never worked with before and it’s hard to estimate how long something is going to take when you’ve never done it before, anything you’ve been remotely close to it. I’ll be honest, those were just huge mistakes I would say in terms of the implementation, are they the wrong decision ultimately? I don’t think so but they certainly contribute to the amount of time that it’s taken.

[04:25] Rob: Yeah. I think they contribute. You can look at that as maybe mistake number 2 is like you’re going to build a new product and then you’re also biting off the learning curve of multiple technologies at once. They’re probably the right technologies for the job. I think in the end like you said it’s the right decision but it just meant that you spent 2, 3, 4 X what you would’ve spend if you were using the tools that you already had experience with.

[04:46] Mike: Definitely. That’s probably an underestimate.

[04:49] Rob: Yeah. I think another misstep was kind of your early focus on banks and financial institutions. You had some leads there. You talked to a few banks but when it came down to it and you finally had an app that really worked, the sale cycle was going to be really long. There was just a lot of complexity and you needed a high price point to sell into them and so you needed a much, much – I’ll say a much more valuable app. You need an app that provides a lot of value if you’re going to sell it for $10,000 or $20,000 a year than if you do if you’re going to sell it for $500 a year.

[05:16] Mike: Right. Some of it was my own fault for not asking the right questions once I was in there but even in discussing with them they’re like oh well that sounds like a great idea and I’d be interested to see how it goes. But they were more interested I found out later, they were more interested in finding out about how my business worked and how I did it because I was a local entrepreneur. It wasn’t that they were actually interested in solving their own problems. It was they wanted to know how it went because I was a local entrepreneur in their area and it had nothing to do with solving problems.

[05:46] Rob: Right. So if someone’s out there listening now and they probably have heard a lot of the steps over the past few years that you’ve talked about AuditShark, I still get questions. People come up to me at MicroConf and other conferences and say what is Audit Shark and what does it do? Can you explain it in one sentence in a way that I would understand and someone who’s not steeped in security really understands what it does like the simple value proposition. Not the engine behind it, but the value prop.

[06:17] Mike: Sure. So AuditShark allows you to get a second set of eyes on your server that essentially looks at all of the important things that you should be looking at from a security perspective but you probably aren’t for two reasons. One is you don’t know what you should be looking at and two, there’s just so much stuff that you should be looking at that it’s just not worth becoming a security expert to go look at it.

[06:38] Rob: Right. So you sent me this document. The reason I’m asking these questions is you and I have a conversation offline hashing through all this stuff and you sent me a document from cisecurity.org which is like a self funded or a nonprofit that sets up all these agreed upon security checkpoints. So if you have a windows 2008 server, maybe there are 250 different things, knobs that should be checked and they should be set to a certain thing in order for that server to be secure.

[07:02] What AuditShark does is you install it on your server, you install a little client piece on your server and then AuditShark has a web admin that I can log in and I can look to see if everything’s setup correctly. And if it’s not, you’re going to show me, at least give me a little bit of information. This where the remediation part comes in that you’ve talked about. You’re going to give me at least a little bit of information about how I should proceed to go on and fix that.

[07:27] And you’re going to have an up sell where I should be able to subscribe at a higher level or pay you a one off thing to have you or someone like another security expert on your team come in and fix that. Is that correct?

[07:39] Mike: Yeah. That’s pretty accurate.

[07:40] Rob: Okay so that’s your value prop today. So this is the thing that I haven’t understood because you’ve talked about like building your rules engine – this is like 18 months ago. Talk about how you had to get your roles engine built. And that didn’t make sense in the context of just this kind of vague auditing thing. But now that we’re really talking about nuts and bolts of what AuditShark does it’s like oh I get it, the rules engine really just looks at your control points. That goes out and looks at is this bit flipped in the registry or is this port closed or whatever. Is this security setting appropriate?

[09:09] So not only did you build the rules engine, then you went to the cisecurity.org document and you took the things they recommend and you implemented those in Audit Shark. So that the value to Audit Shark to someone like me like the Numa group or another small Saas app is not that I can install an auditing tool. The value is that you’ve pre-programmed all of the specific checkpoints in so that I don’t need to know about security. I can run it, get a report and then either fix the stuff myself if I know how or hire someone to do it.

[08:39] Mike: Exactly and it will give you a score essentially. Let’s say that it runs 250 different control points and you pass 200 out of 250. Well there’s some percentage compliance score that you’re going to have based on that. And you may go trough those extra 50 and say well, this applies or this doesn’t and you can mark them as exceptions or something like that. But basically you can boil that down to a score that says I am 85% compliant according to this policy and over time, your goal is to raise that from 85% to 90% to hopefully close to 100%. I mean there’s certain things you’re not going to do for business reasons and I’ll give you a very specific example.

[09:18] One of the recommendations that they generally have is don’t install a web server on the servers on your environment. It’s like well if you’re running a web server you kind of have to install a web server on the machine. So there are certain things you’re going to just blatantly ignore and you’re going to say I don’t need to listen to this because it’s not important and I have business reasons for doing what I’m about to do.

[09:37] Rob: Okay. So you said you’ve figured out this health issue hopefully and you’re hoping kind of the treatment that you’re on is going to sustain you and your motivation is going to stay up. You’ve been cranking on it for three weeks. What have you gotten done on the past few weeks and where does AuditShark stand today like a realistic assessment of what needs to get done to get it launch?

[09:58] Mike: Sure. I’ll give you a rundown of the things that I’ve done over the past couple weeks. I started getting familiar with Facebook ads and is it just me or the more ads you run, the more they bump up the suggested…

[10:10] Rob: I haven’t seen that. I’m wondering if you run them with different times with the same demographic, sometimes you’ll have other competitors that will bump up or are you using the demographic or have you changed that at all?

[10:20] Mike: I’ve changed the demographic a little bit but on one of them I was running every time I went to save it and this was throughout the course of an hour or two. Every time I went to save it, they would bump it up.

[10:31] Rob: Yeah. I’m not sure to be honest. I’d have to look. Now if your click through rate is going down, every time you click through rate goes down as it decreases, the minimum bid will bump up.

[10:43] Mike: I haven’t paid attention to how much it went up or down. I think it’s actually gone up so I don’t know. I’ve started exploring the Facebook ads. I created a Facebook page so I could actually do paid advertising on Facebook and get it into the news feed area.

[10:58] Rob: The news feed ads are doing a lot better than the right hand side stuff.

[11:02] Mike: yeah. I got very, very little traction on the right hand side. It did show some of them but the click through rates were abysmal. So I didn’t even bother.

[11:11] Rob: So you’re running Facebook ads to do what? Are they going to like an Audit Shark landing page to collect an email address to build a launch list?

[11:16] Mike: Yeah. I actually have two different landing pages that I setup specifically for this and basically I’m funneling people in to those two. I’m testing a couple different marketing pitches kind of for the tag line to see what resonates with people. I tried targeting just computer programmers and that did not work out. That thing just tags hardcore. People click through but they wouldn’t actually convert. I literally got zero people converting to the point I was like well is there something technically wrong that’s preventing them and I couldn’t find anything so I think it’s just the wrong demographic. They’re not interested.

[11:48] So I targeted pretty much every single security related interest that you could find through their specific interest area. I’ve got about a 30% conversion rate when people hit that page so it’s doing I think reasonably well. I did an HTTPS redirect on the page which messed up all of my referral conversions for kiss metrics so I had to undo that. I was thinking well it’s a security product. I should probably make it HTTPS and then anyone who hits it, if it gets flipped over to HTTPS then it messes up the referral. So kind of small mistake there.

[12:25] I also got AuditShark featured on beta list a couple days ago. That drove in a bunch of subscribers on the launch list. I’d say in the past 30 days or so I’ve roughly doubled my launch list. I want to triple it again before the end of September but I haven’t quite figured out how I’m going to go about doing that.

[12:41] Rob: I think paid acquisition if you want to do it that quickly and I have some other ideas for you not Facebook that I think could work well with AuditShark.

[12:49] Mike: But I am committed to actually putting forth a good effort to try and make that happen. Right now I’m working with the new UI design with my lead developer and I’m cautiously optimistic that we’ll be able to actually have it not only in place but on the build server and being pushed out directly through the web by the end of this month.

[13:07] Rob: Right. And just to clarify them, you wrote a new UI because you’re using 3 or 4 year old technology that was clunky and the legacy code was making it very hard for you and your team to build new features so you basically re factored your UI and that’s done and you’re launching that.

[13:24]Mike: Right. The other thing is that over the past four weeks, traffic has consecutively every single week been higher than it was the previous week. Now it looks like it will be higher this coming week. I don’t know for sure but it depends on what other things that I do.

[13:37] Rob: Right. okay so that’s what you’ve done in about the span of three weeks which is probably more than you had done in maybe the few moths prior to that.

[13:42] Mike: Right. That’s an understatement I think.

[13:45] Rob: Okay you’re rolling again and you’re ready to get this thing going. Where does AuditShark stand? How soon can you launch it and what’s left to get people using and paying for AuditShark?

[13:57] Mike: So I have a signup page that’s in place where I’ve sent the URL to a couple people to sign in, install it on their servers. As I said before I got some people using it for early access. The biggest complaint that I’ve seen so far is that there’s no instructions on how to remediate things. So if you look at the reports and it says X is wrong then how do I fix that? The UI doesn’t give any indication of how to do that. You basically have to go back to the policy builder or you have to go back to the reports from the source of where these control points are from.

[14:28] It’s not going to work for the customers. Essentially what I did was I went back to the policy developer and I said hey I need you to start putting these in. He put a bunch of them in. It started working out and then something busted on the policy builder and it took a few days to get that fixed. Right now it’s fixed and I’ve told the policy developer he should be able to go back in and start adding those in. Right now he’s only got 5 out of about 500 done but I’m hoping he’ll be able to go back through the rest of them and put those in place such that when the policies execute against the machines that the customers are running then they’ll be able to see in their reports exactly how to fix these things.

[15:01] Rob: Got it. So that’s where you stand today. You need to get this new version out and do you think you’re going to have it done in the next week and then is that it? Are you all integrated with stripe like you have a sign in page where its going to put a credit card token and all that stuff. All that code’s written?

[15:18] Mike: All that code is written. We ran into a slight problem where somebody couldn’t sign up for early access because Stripe was denying it but it turns out that…

[15:27] Rob: I’ve seen that too. That’s not your problem. I’m seeing that not all over the place but especially with international cards, really get problems with Stripe.

[15:35] Mike: That’s exactly what it was. What happened was the card was entered and then the bank denied it. They just blocked it and the person in the early access didn’t really know what was going on. They said well I tried it and gave him another fake card to use and they were able to get in and actually install it and start working with it and it was probably a week or two later they said hey by the way just to let you know this is what happened and it turns out that their bank has locked the account and locked all other things that they were using it for.

[16:03] Rob: Yeah. We haven’t seen it that bad but I definitely seen one or two people trying to get in. It was our post early access. It was the actual mini launch and we’re still dealing with their bank trying to get them to approve the charge. So you setup on the payment side then. So is there much else to do? Could you flip the switch? Let’s say you get this version two UI live next week. Are you going to launch next week or what’s holding you back?

[16:29] Mike: I’m trying to get the marketing message right. I really want to try and figure out exactly the type of people who I guess would be the initial core market. What tag lines resonate the most with them is really what it comes down to. Because in between the two that I’ve done so far, one of them clearly resonated but I think that the other one was on the wrong demographic. Right now I got them both targeted at the same demographic and I want to test to figure out which one would resonate more so I can do more paid advertising and paid acquisition. But beyond that, there’s not a lot that’s stopping me from just kind of flipping the switch other than the marketing side.

[17:02] Rob: Right. You want to make sure that if you send people to the site that at least a few of them are going to convert into trials. Right? That you’re communicating it well. Now in terms of your early access list, I know you have a launch list and you have some people who you have let in and are using the app. Is it at the point where you think that people will be willing to pay for it as of next week when the new UI comes out? Or do you think that there still more has to be done with remediation in order for it to be worth X dollars a month to folks who are using it?

[17:34] Mike: The remediation  information has to be there. I don’t think that it’s a viable product without that remediation information there and that’s reliant upon my policy builder putting that stuff in there. I can certainly talk to them. I probably will and say hey, can you really make an effort to get as many of these possible as you can in this week and next week? Then I’m sure he’ll be able to do that that’s not going to be too big a deal.

[17:55] But its going to take him time. I mean there’s 500 of these things and he’s got to go into every single one of them individually, look it up on the PDF and say okay well what is it that needs to be added in?

[18:06] Rob: Right. 500 control points. Right? 500 settings that you’re checking across two different OS’s like Windows server 2008, Windows server 2012 and you’re checking all these points so you have to basically have some simple instructions on how to fix that or at least resources.

[18:18] Mike: Exactly.

[18:20] Rob: Got it. So sounds like from what you’re telling me is you are honing in on a launch like a true point where people can sign up, use AuditShark and that you think you’re going to be providing enough value that some people will start paying for it very soon.

[18:34] Mike: Yes.

[18:35] Rob: Got it. So MicroConf Europe is coming up in just under a month. You think you’ll launch before then?

[18:41] Mike: I would like to. The question is kind of time…

[18:43] Rob: What are you big risk that are going to keep you from launching here in the next – it sounds like 2 to 3 weeks is the window you’re talking about. What’s going to keep you from doing that?

[18:55] Mike: Right. I think the biggest risk that I face right now is how long its going to take to get the build server to push the new version of the code because it’s a completely different repository. So I’m going to have to reconfigure a lot of different things. And I’ll probably have to basically build a new build script for that to push that out. It leverages all the same data underneath so I don’t have to worry about inconsistencies there because we didn’t make any structural change. It’s basically just a new GUI over the top of it.

[19:21] But obviously I’m going to have to touch base with the early access people and say hey, just letting you know all these stuff has changed a little bit. It’s just going to take time to verify that just because there’s so many moving parts. There’s a bunch of different libraries. There’s the policy builder to which is self updating. There’s the agent which is self updating. I need to make sure that all of the interactions back and forth between work as well as all the self updating capabilities because that’s one of the key pieces that makes AuditShark easier to use so that you don’t have to go in and constantly  update the agents every time there been a new build.

[19:51] Beyond that, there’s also a risk with adding all the remediation information. It’s not really a risk so much as it’s how long is that going to take and I don’t know what the answer to that is because of m contractor. He’s not full time. It’s not like he’s doing this every single day for 40 hours a week. So he’s only been able to put in probably 10 to 12 maybe 15 hours a week on any given week and I don’t know how long its going to take him to do all of those.

[20:14] Rob: Kind of thinking out loud here because we haven’t talked about this part but there’s this interesting question of is it more important to get to launch to where people can publically sign up or is it more important to get to where people are paying you for something in private? You know what I’m saying? Because if you think about how I did Drip, I did the ladder. Though we still haven’t launched. And yet I have 100 people in there trying it out. I have a handful of people paying for it and so I would almost…

[20:41] It’s funny that in the comments that we’ve seen there’s always this push towards launch like when are you going to launch it? I would actually say not when you’re going to launch it but when are you going to get that first paying customer? When are you going to get that 10th paying customer? Those are more important than having a public web page that someone can come and sign in and download Audit Shark in my opinion.

[20:58] Mike: I totally agree. It’s definitely important for me to get to the point where people are paying for it because that means they’re seeing value out of it and if they’re seeing value out of it then I can essentially backtrack and say okay well why are you seeing value out of it? And then take the words and phrases of why they’re seeing that value and use those to get more people who would also see that value.

[21:18] Rob: Right. It sounds like you could feasibly – in theory, if you were to go crazy, you could send out an email tomorrow, dear launch list, you could start running ads tomorrow and you could just send people in. They could sign up. They could give their credit card and you’re all set up to do that. They could download it. They could install it and it would do something. It actually audits their server and it tells them hey these things are wrong. And you could say look at me, I launched. But what does that do? Right.

[21:43] It doesn’t do anything because you probably know those people are going to pay because you’ve launched without the value that you need to provide in order to charge someone. And so it sounds like getting the remediation piece in there, that information in there so that people actually hopefully at that point are willing to pay, and I think that’s maybe a bigger risk than anything else you named I think. You named getting V2 UI out and I think you’re going to do that. I have no doubt you get technical issues, I know you can handle. Less than a week that will be done.

[22:14] I bet that remediation stuff will take a couple weeks like you said. The biggest question mark in my mind is once you get remediation in and will then that be enough value for people to pay because if it still isn’t then you have to think about it more. That’s where you have a big question mark of what can I do? What can AuditShark do to make it worth the monthly fee?

[22:37] Mike: Right. And actually that kind of leads back to what I mentioned a couple weeks ago in an episode where I said I’m really thinking about going with a hybrid solution where I’m essentially offering security as a service or to people such that when AuditShark finds something I can go in and then essentially analyze to figure is this applicable to your environment? Is it going to be right for you to do? How do we actually go about remediating this?

[23:02] Because right now, AuditShark is really just an information tool. It tells you the information. It doesn’t actually do it for you but there’s this concern. Obviously these are production servers that people are using. Do you go in and you just automatically fix something? If you find something that’s busted, do you undo it do you bring into compliance and it’s a very hard question to answer because it depends a lot on what you’re looking at.

[23:27] Rob: Yeah.

[23:26] Mike: Even if it’s a new user, oh, well somebody created this new user so they could run a service account for this new software that they installed. And then if I delete it then it just breaks that software. And if it was something they were legitimately using, then of course that’s not going to be a good thing. I could disable the account but I’m still going to break that piece of software that they installed.

[23:43] Rob: Yeah. I don’t see any way that you can just automatically do things like that on a production server. I wouldn’t install something on a production server that did that, that actually made changes without me understanding what it was doing.

[23:56] Mike:And the question that I’ve actually talked to other people about it is would you feel comfortable with a system where it allows you to do that? So like for example there’s this thing that’s wrong and maybe it just gives you a big red button that says this is wrong would you like to fix it? Do you click that button?

[24:12] Rob: I think there’s got to be more info though because fix it, what does fix it mean? That means revert it to what this security doc says it should be but what if I have it that way so that my connection to XYZ, API works or so that a certain piece of software works. I just think there are too many exceptions.

[24:29] Now I get it and I hope if you listen to this, I hope you get the complexity of this and that your tool audits and it actually does something valuable and it shows you information but it’s probably not valuable enough as of today for someone to pay for. So you’re moving trying to push that bar forward and saying in a week or two then I’ll at least have remediation instructions into the app. Hopefully that will be enough for people to pay for.

[24:56] I think your biggest risk is definitely not the technical issues but the question about what point does AuditShark provide enough value that people will pay your monthly fee for it. And it sounds like your hypotheses is that it is having the remediation steps in there will at least convince some people to do it and then offering that value add of you to came in and fix it for an additional cost is maybe even another step up in the value chain.

[25:22] Mike: Right. There’s definitely other things that it have thought of that I think would add value to it and would help push people into the direction of saying yes this is valuable enough for me to pay for but some of them are complicated to the point that there are entire products built around just that functionality. So it’s not like I could say oh, well let me just throw this in there and I’ll wait for that to be done before I launch and so that I know its valuable enough because some people may not care about some of those things. I really need to just get it to a point where its I’ll say valuable enough and then kind of take things from there.

[25:56] Rob: Right. And to clarify, you’re marketing towards small software and Saas businesses is that right?

[26:03] Mike: I wouldn’t necessarily say that it’s just small Saas businesses. It’s more of the businesses who are advanced enough to actually be interested in looking to protect their servers because they have something to protect. One of the things that strikes me is the people who are really interested in AuditShark have been hacked before. The people who have gone through that experience and have gone through the pain to say oh well, what happened on my server? Why did this thing get hacked? Those are the people who have this burning pain to say oh well, I need to actually do something about my servers because my entire business rests upon having these things up and running and if I lose those servers, I lose my business.

[26:41] Rob: Right. People are going to have a dedicated server because they need to be able to install an actual EXE so it’s not shared web hosting or something but it’s a dedicated typically a web server I would imagine. Sure it doesn’t have to be but my guess is the people you’re going to find using the content marketing SEO kind of the online marketing techniques you’re going to go after are more likely going to be small businesses on the web at least to start with. And then it’s like you said, its people who are aware enough that they need to be secure that you can have the notion that they need to lock some stuff down and the willingness to spend the time to do it.

[27:13] Mike: Right. I’ve seen a couple show up on my launch list over the past couple weeks who are healthcare related or financial related whether they’re banks or loaners and some things like that which is interesting to see they’re the people who actually take it seriously. If you’re just looking for a scan of your servers because you want to do it once, probably not a good fit. But if you’re the type of company that’s a little bit paranoid but you don’t necessarily have a security expert on staff and that’s really what it comes down to is if you don’t have a security expert on staff or you don’t have tools that you’re already using to help lock down your machines, then AuditShark is probably a good fit because it can at least point you in the right direction.

[27:53] Rob: Right. Because its runs a scan everyday right? That’s the thing. You install it once and then it gives updated information because you can download – I’m sure I could go online and find like a $99 scanner or a free scanner or something that will scan my server for security holes but yours is as a service.

[28:08] Mike: Right.

[28:09] Rob: And what’s the pricing?

[28:10] Mike: On the low end for two servers, its $79 a month and it basically goes up from there if you get to eight servers a month that’s $199 a month and then for 20 servers its $399 a month. Those are kind of initial prices right now. There’s other functionality that I want to add in but I don’t think that bumping up the price point would be justified until I start adding those other things.

[28:32] Rob: Right. You got to get the first customers in there first paying you for it.

[28:35] Mike: To be fair, I’m not necessarily as interested in saying oh well I have all these people paying me $199 a month. What I’m really interested in is making sure that they are getting the value out of it to say hey $199 a month is a no brainer. So like okay, well what about $299? What about $399? And then trying to find the ideal price point, no that there really is one.

[28:55] Rob: You’re not saying you’re going to raise prices. I mean I would imagine you’d grandfather people in but it’s kind of as you find it’s a no brainer for people to do it then you want to potentially raise prices on future folks.

[29:06] Mike: Right.

[29:07] Rob: So we’ve kind called out a few steps that need to fall into place for you to get to launch. We talked about the V2 UI you’re trying to get out, that’s a technical issue. There’s getting remediation in and that’s a technical issue. Then there’s kind of the risk issue of with remediation, are people willing to pay for it, does it provide enough value and then you want to hone your marketing message right? You want to get like a headliner, a tag liner or a way to describe Audit Shark in just a couple sentences basically or a couple of words frankly because that’s all you have in a website headline or an ad headline.

[29:36] You want to find a pretty good one that converts well for you. Do you feel like if you get those four things dialed in that you’re ready to basically get people paying for it and asking early access customers for money and seeing what happens and then maybe releasing it to the world assuming that they say yes?

[29:54] Mike: Yeah. I think so. The remediation piece is big. I would like to kind of pursue figuring out how to work in services is kind of that hybrid model that I talked about but I haven’t really put any mental time or effort into figuring out how that might look.

[30:09] Rob: Anything else you want to add because I think we’ve kind of done a decent run down of basically the last three years as well as what we hope to see here in the next month or two.

[30:19] Mike: I don’t think there’s too much. I understand the sentiment from people that it’s been a very, very long time and I haven’t launched AuditShark and I’m not exactly a shining example here of how to launch a Micropreneur business but at the same time I do want to point out this is not a Micropreneur endeavor. I’ve said that upfront. I don’t want to scapegoat everything on to the medical issues that I kind of eluded to earlier. But it’s been about three weeks since I started the treatments and everything.

[30:46] So I think that things are going reasonably well and I don’t see any reason why they shouldn’t continue to go well. I can keep people posted as what the progress is. I don’t think it’s going to be very much longer though. So now what we’ve talked a lot about AuditShark do you have any updates of Drip?

[31:02] Rob: Yeah I have 90 seconds of updates. I’ll keep it short. Basically nothing has changed with Drip since we last talked because I’m in the middle of 1) waiting to see how many of our trial users convert because until I see that, I don’t want to send an email to the other thousands on the launch list. In the mean time we’re just building out stuff like cancelation logic and on boarding assistance and FAQ, email support snippets and it’s just trying to get Drip to scale up just a little bit.

[31:32] We’ve had our hands full for the past couple weeks and I just couldn’t imagine emailing ten times what we emailed a couple weeks ago. We couldn’t handle it. So we’re trying to get things like support and on boarding and cancelations automated enough that we can essentially move forward. I don’t have an exact date in mind when we’re going to email that. I’ve been kind of brainstorming of do we maybe just email another 300 in a couple weeks and see how that goes? It’s a super slow way to take it but I just don’t feel like we’re there yet.

[32:02] Development is – I’ll say it’s a bottleneck the most things that need to get done are in the development queue. Marketing is now moving forward. My growth hacker intern started this week and he’s in the ground running so marketing stuff is great. A lot of stuff in place for the launch. We’re stoked about it but we just have to get – there’s more features that have to have to get done that aren’t even features like parts of the app but it’s things that just have to be done in order to bring in several hundred trials all at once. So that’s really it.

[32:31] Next week will probably be boring too because we’re just going to be cranking away at this queue of things that people have asked about. There are also things, we are building a couple things that people have canceled for and I’m concerned that 10% or 20% of the new trials will also need that feature so I’m not building them just to build it. I probably have hundred features that we could build just to build but there are a handful that basically are deal breakers for folks so we want to get those done before I also let the masses in.

[32:55] Mike: Yeah. I know what you’re saying. There’s hundreds of features that I have are in FogBugz that I just have not decided to pursue at the moment. There’s just a huge list and it’s just not worth it right now. Nice to have.

[33:06] Rob: Yeah. They’re nice to have. I’m in a milestone that just says future. It says like V 2.0 future and they’re just all assigned to that.

[33:13] Music

[33:17] Mike: If you have a question or comment you can call it in to our voice mail number at 1-888-801-9690 or you can email it to us at questions@startupsfortherestofus.com. Our theme music is an excerpt from “We’re Outta Control” by MoOt used under Creative Commons. You can subscribe to us in iTunes by searching for startups or via RSS at startupsfortherestofus.com where you’ll also find a full transcript of each episode. Thanks for listening. We’ll see you next time.


Twitter Digg Delicious Stumbleupon Technorati Facebook Email

10 Responses to “Episode 149 | AuditShark and Drip Updates”

  1. Kudos to Mike for hanging in there and fighting it out to make AuditShark a success inspite of his health challenges. Here is one more guy rooting for you. Go Mike!

  2. I listen via iTunes, so I haven’t seen the remarks alluded to in this episode. My take is that Rob & Mike don’t owe us anything, and I greatly appreciate the open & honest discussions. Mike’s experience is valuable regardless of where he is now with AuditShark or even the final outcome – that’s just life in the big city, and sometimes stuff happens. We can’t all live the “Social Network” dream… 🙂

    I’m really glad to hear your health is on the upswing, Mike!

    – Jack

  3. I love listening to each new episode of the podcast. I think Mike and Rob do a nice job of balancing each other out.

    This episode was interesting. I am one of those who have questioned the ongoing delays with AuditShark. The health issue makes sense. I also have to admit in several episodes over the past month, I sensed a negative/tired tone from Mike. I’m not sure if others feel this way, perhaps he did feel tired relating to the health issues.

    My concern for Mike and AuditShark, after listening to this episode, is that it may be a typical example of a technical guy who lacks the true sales and marketing experience it takes to properly position a product (or service).

    My take is that while Mike has some understanding of the potential market for AuditShark, he still doesn’t know who exactly to target, AND if there really is a need. For example, I run an e-commerce company that does about $10MM in sales per year, with our own servers in a co-located datacenter with an IT group with a tight SLA. We (my company) have zero need for his product, and from what he mentioned on this episode, it sounds like we would be his ideal customer. Perhaps he needs to focus on IT companies, web-hosting companies and colocation facilities that could either license, use or resell (white label) the software as part of a package. Then the many managed services platforms/services that are there come to mind. Perhaps I’m the one who is confused with who the potential market is.

    Either way, I wish Mike the best with his health and the success of AuditShark.

    Thank you guys for a consistently great podcast!


  4. Mike, I wish all the best on your endeavors in the business and outside…thank you for finding time to do podcasts and all other things for comunity

  5. I am the definition of an avid listener. I’ve listened to the last 120 episodes or so.

    Mike, I totally understand that being sick and dealing with whatever health issue sucks and has bogged you down. I hope you get better and that is WAY more important than whatever happens to Audit Shark.

    However, for the last 100 episodes or so, I’ve felt like Mike always treated Audit Shark like a special case that doesn’t fit all the rules and approach that Rob and Mike have espoused for every other person who asks for advice on the show.

    Every time there is a problem Mike moves the goal posts back to the point that he never actually launches. Even in this episode after three years of building Audit Shark, he still doesn’t know his target market. He still isn’t willing to charge for it. After three years of development, he hasn’t answered the basic questions about his product or even finished the basic use case in terms of auditing and giving remediation advice.

    I really, really appreciate the advice that Mike and Rob give on this show, but I feel like if Mike called in to his own show with advice on Audit Shark, Rob and Mike would tell him that he needs to niche down, simplify down the product, and start charging customers for the most basic use case. How many times have Rob and Mike said that you need to get to some kind of launch within 6 months and I feel like Audit Shark is still 6 months away from charging customers.

    I guess I just don’t see how Audit Shark is some kind of special snowflake that doesn’t have to play by any of the rules that this show is really built around. If it really is that different, than it shouldn’t be talked about or treated the same as projects like HitTail or Drip that are at least more in the micropreneur mindset.

    Mike, I want to see you succeed with Audit Shark and so maybe applying the micropreneur approach and constraints would help.

    I obviously haven’t had the same level of success as Rob or Mike, but if you’re going to talk the talk, shoudln’t you walk the walk?

  6. Awesome episode.
    It really emphasizes the struggles and difficulties of developing and releasing software.
    It’s just not easy!
    As Rob said – I really think after the software is producing value you’ll have another challenge with your target market and marketing message. I think you will work through it and find your niche.
    Good luck and I can’t wait to hear your progress over the coming months / years.
    I wish you the best of luck.

  7. Great episode.

    Mike, you’re lucky to have Rob for an accountability partner. He asked you some great questions.

    You guys often talk about a “bottoms up” view of the market – i.e., finding a few customers who will pay for the product as validation of the market. In this case I think you should take a few hours to look at the market for AuditShark from a “tops down” perspective – i.e., how many people are in your target market and what trends support the adoption of your service? IIRC, you see the market as “small businesses,” “paranoid about security”, “been hacked before,” and running dedicated Windows servers. I’m no expert, but these criteria would seem to narrow your addressable market down to a pretty small group of customers. The other potential problem here is that the trends are working against you in terms of the move away from dedicated infrastructure to shared infrastructure in the cloud, particularly for small businesses (everything from Heroku to Shopify). Take some time to think about this before you sink more time and money into AuditShark.

    Greg’s comment above on finding some channel or distribution partners is also spot-on. You could learn a lot quickly with these conversations.

    Thanks for all your contributions to this podcast and community and I wish you the best.

  8. Thanks for the honesty in this episode guys. I think Audit Shark’s progress did need addressing and the show is all the more richer for being able to discuss delays, setbacks and problems rather than present the vision of perfection that some ‘gurus’ on other shows do.

    Thanks for all you do guys and being one of the most real shows around.

  9. Ultimately what will be evaluated is the results.

    Thanks for the willingness to share guys, it’s much appreciated. Keep up the good work!

  10. All the best for you Mike. Glad you are feeling better and long may that continue.

    I’m quite a new listener to your podcast (10 episodes?), and I’ve listened to the last 4 episodes in the last couple of days! I’ve really enjoyed them and it’s great to have such a rich back catalogue. I commute 3 hours a day, so perfect catching up time 🙂

    It was a little frustrating listening about auditshark, and it’s not something you should feel bad about. If it makes people think, then it’s effective. In feeling frustrated, I realised I was being somewhat hypocritical and allowed me to assess my own product and development cycle.

    I think you are holding back on the things that matter in building up the business. It’s highly likely that lots of people do exactly the same and they don’t realise, or if they were starting something from scratch they would do the same, but can easily judge others. It’s easy to assess others when you aren’t attached, and you get blinded when you’re working on your own product.

    Here are my thoughts for what they are worth:

    My worry with the product/market fit is that this is a Microsoft installable package. My assumption is that people running Microsoft servers, are more likely to already have ops guys to an extent. They are already paying for MS licenses. They are probably happy to pay some money to check out their servers. However I don’t think they need the advice on how to fix.

    Therefore I would try selling the product you have today. Make sure your software itself has the right credentials to make it easy to install, start finding people to buy it, and stop product development for a bit until you get a bit more feedback.

    I would also put a free option on that pricing page for 1 server. If it’s in their hands, and they have 1 server, great. You can interview them. If it’s in their hands and they love it and want it on the rest of their servers, it’s the perfect lead opportunity. If they only have 1 server, then who cares if they have it for free. You aren’t after them necessarily.