Review: Zero to One by Peter Thiel with Blake Masters

Steve Blank and Eric Ries have done great work in providing engineers with a way to test their product ideas in the real world with real people. They have provided processes and systems with built in, all-important, feedback loops.

They made widespread the concept of the minimum viable product (MVP.) They formulated a process where a product in its most basic workable is shown to the world at large and note is made of the response. These notes can either or endorse or refute the product creator’s work and vision and suitable action is taken. The the product loops back to the MVP state again and the process. It is a methodical and useful way to ensure that a business creates a product that people want.

While the Lean Startup movement has provided a core set of practical tools to the startup there still remains a plethora of questions that also need answering. The most important being, what constitutes a good idea for a product or service that is worth pursuing for profit?

A good place to start looking, if not for a direct answer but an intelligent way to think about the subject, is in Peter Thiel’s newly published book written in conjunction with Blake Masters, “Zero to One.” It refers to the idea that, “Doing what we already know how to do takes the world from 1 to n, adding more of something familiar. But every time we create something new, we go from 0 to 1. The act of creation is singular, as is the moment of creation, and the result is something fresh and strange.”

He goes on to say a page or so later, “…by creating new technologies, we rewrite the plan of the world.” And then declares in the next paragraph, “Zero to One is about how to build companies to create new things.”

While a lot of Steve Blank’s work is formulaic, and usefully so, Peter Thiel prefers to think about business from the aspect of first principles. The future that we create is grounded in the work of today. To make that future a peaceful and prosperous one we need new technology which in turn requires new approaches. Peter Thiel’s aim is to provide an, “..exercise in thinking. Because that is what a startup has to do: question received ideas and rethink business from scratch.”

That is an ambitious goal in itself. Thinking is hard and thinking originally is very hard. In fact we only have to look around us to see that thinking is so hard that most people avoid it at all costs.

To set the scene he describes the factors that led to the Dot-Com bubble of the late nineties. As CEO of PayPal during that period he had a ringside seat as the drama unfolded. He says that there were four major lessons that entrepreneurs seem to have derived from the experiences of those dramatic times.

1.) Make incremental advances
2.) Stay lean and flexible
3.) Improve on competition
4.) Focus on product, not sales

All of these ideas seem highly sensible and lie at the heart of many a startup’s strategy for going to market. However, Peter Thiel overturns these assumptions. He replaces these four general points of business strategy with some of his own somewhat contrarian ones:

1.) It is better to risk boldness than triviality
2.) A bad plan is better than no plan
3.) Competitive markets destroy profits
4.) Sales matters just as much as product.

In rejecting the lessons learned from history, the same lessons that have built in Silicon Valley one of the most powerful centres of wealth creation the world has ever known, he puts forward a very coherent, consistent and challenging alternative idea. He is adamant that, “To build the next generation of companies, we must abandon the dogmas created after the crash.”

So what is wrong with most of the companies being started or built today? Lack of differentiation caused by lack of original thought is his answer.

Commodity businesses have always had it hard. You set a price and a competitor with the same or similar product can undercut you. If your product is not differentiated enough then you have no choice but to undercut them in turn. It soon becomes a race to the bottom where profits are foregone for the sake of market share. The deciding factors in such a scenario are deeper pockets and greater business efficiency. The result is invariably a mediocre, at best, product.

Traditionally, economists regard the ideal market place is at its most efficient when governed by the forces of perfect competition. Peter Thiel points out that this is a fallacy and that a company that operates in a market that is in perfect competition is a market where no one makes any money at all.

The solution, therefore, is not to copy anyone else but to think for yourself and have faith in the originality of your own ideas. Use your uniqueness to your advantage. Create your own market and become a monopoly.

Peter Thiel’s assertion that the only way to make real money is to have a monopoly of a given market is a challenging idea. We have laws against monopolies and no customer likes to have only one choice of a service provider. However, if you want to make money being in effect the dominant provider of a given service or product is the only tenable and financially worthwhile way of operating.

If you take his point that real change and real growth comes from original thinking made manifest in new technologies then that original thinking constitutes the creation of a natural monopoly. At least for a certain amount of time. Which brings us to the idea of durability.

In what may be an interesting explanation as to why companies like Amazon are barely profitable The authors write that, “For a company to be valuable it must grow and endure.” And that while growth is easy to measure, durability isn’t. They are not fans of, “measurement mania,” and they believe that management time and energy should be focused on building a monopoly by wise use of brand, scale, network effect and technology.

To do this a company must start small and “dominate a large share of its market.” A company then grows by sequencing its growth to grabbing bigger shares of larger markets. Contrast this line of thinking to the current belief in startup circles that a that the ability to scale quickly is somehow a precursor for success.

They go on to be quite specific in that, “The perfect market for a startup is a small group of particular people concentrated together and served by few or no competitors.” The huge advantage is that once you have found the business whose customers meets that criteria then you have the opportunity to create your own future, right or wrong. You can avoid being taken down by competitors undercutting you or being dictated to by the bigger players stomping around in the sandpit you share with them.

A little after halfway through the book we come to, “‘Thiel’s Law’; a startup messed up at its foundation cannot be fixed.” As a founder of
Founder’s Fund
, Peter Thiel has had the opportunity to review many startups from an investment perspective. When he studies the teams, (he is not an advocate of sole proprietorship because it limits what kind of company you can build,) he looks for how well the founders know each other and how well they work together. He places great value on how easily complementary skills and personalities mesh.

He then goes on to discuss the legal and financial aspects of a startup to which an entrepreneur should pay special attention. For example, “Recruiting is a core competency for any company, It should never be outsourced.” A particularly valuable rule that he had at PayPal was that he made every employee responsible for just one thing. It had two benefits. It made it easy for him to evaluate an employees performance and that, “…defining roles reduced conflict.”

The authors then go on to argue that humans and computers are separate categories and are not interchangeable. They ask us to change the question surrounding this problem, how can we use computers to replace people with the much more practical question, “How can computers help humans solve hard problems?”

This is a book that is all about questions. But the answers are only something that you, as an individual, can provide. The questions are a tool to give you access to thinking more clearly about a problem as opposed to providing the certitude of a right or wrong answer.

Peter and Blake have posed seven questions that every business must answer. I suggest that the opportunity to understand the thinking behind the formulation of these questions and the opportunity to answer them yourself is reason enough for you purchase the book.

1.) The Engineering Question
2.) The Timing Question
3.) The Monopoly Question
4.) The People Question
5.) The Distribution Question
6.) The Durability Question
7.) The Secret Question

There is much more to read and learn in this book. It is fairly short but unlike most business books it is dense with useful ways to think about business and startups in particular. Staying true to his promise at the beginning, he uses questions to help us access his ideas and in doing so having us think for ourselves.

I would recommend this book to anyone thinking of going out on their own. The questions that the authors pose are challenging but they are designed to elicit answers that are uniquely yours. They help provide a path that leads to the building of uniquely differentiated products and understandings of what constitutes a successful enterprise.

Hacking Hotel Automation Systems and Targeting Country Infrastructures at Black Hat 2014

In the second of a two-part report on the Black Hat security conference in Las Vegas, Alan Byrne gives us an overview of some more of the interesting talks he attended during the event.

Safeguarding Against Cyberattacks by Dan Geer

Dan Geer’s keynote was both highly praised and critiqued over the two days of the conference.

In this talk, Geer introduced some proposals to safeguard the future of the Internet as a safe place. For example, he suggested a system for mandatory reporting of security breaches, similar to the mandatory reporting of accidents by airlines and aircraft manufacturers. This could lead to greater sharing of information on cyberattacks and a joined-up effort to increase resilience to these attacks.

Geer made a total of nine proposals to the cybersecurity industry and I highly recommend watching the video recording of his keynote speech or reading the transcript.

How to Control Every Room at a Luxury Hotel

A Black Hat researcher recently stayed at the St. Regis Shenzhen, a gorgeous luxury hotel occupying the top 28 floors of a 100-story skyscraper. This hotel offers guests a unique feature: a room remote control in the form of an iPad 2. The iPad 2 controls the lighting, temperature, music, do not disturb light, TV, even the blinds and other miscellaneous room actions.

However, the deployment of the home automation protocol contained several fatal flaws that allow an arbitrary attacker to control virtually every appliance in the hotel remotely. This Black Hat researcher discovered these flaws and as a result, was able to create the ultimate remote control: controlling every room in this hotel! The attacker does not even need to be at the hotel – he or she could be in another country.

This talk provided a detailed discussion of the anatomy of the attack: an explanation of reverse engineering of the KNX/IP home automation protocol; a description of the deployment flaws; blueprints on how to create an iPad trojan to send commands outside the hotel; and, of course, solutions to avoid all these pitfalls in future deployments.

The attack has important implications for large-scale home automation applications, as several hotels around the world are beginning to offer this room amenity. The severity of these types of security flaws cannot be understated – from creating a chaotic atmosphere to raising room temperatures at night with fatal consequences – hoteliers need to understand the risks and liabilities they are exposed to by faulty security deployments.

Governments as Malware Authors

Mikko Hypponen’s talk titled “Governments as Malware Authors” revealed the extent to which governments across the globe are investing in malware for espionage, law enforcement and military uses. In the earliest days of the World Wide Web, governments initially saw no use in it. But since people have started to use the Internet extensively to share data, seek opinions, etc., and as people started to rely on the Internet, governments took notice and now they actively try to control it.

The resources these governments have are vast, and we know that their malware authors are highly skilled. Hypponen pointed to current job advertisements on US webpages seeking engineers for “exploit detection in mobile devices”. It appears that governments are using malware in a similar way to the nuclear arms race during the Cold War era. According to Hypponen, governments such as the USA and Russia are stockpiling software vulnerabilities and writing malware that can target specific physical infrastructures in certain countries.

There are companies that are quite openly selling malware and spying tools to unstable governments such as those in Egypt and Syria. The difficulty in fighting this malware is part of the reason that people need to start implementing security into all tech products from the earliest stage in their design and development, not as an afterthought.

The presentation slides are available here.

My Conclusions

Attending the Black Hat conference was a real eye-opener for me – the take home lesson was that software security needs to be at the core of the software design process, and must be an integral part of the software development lifecycle.

Since the Edward Snowden revelations and numerous large security breaches at companies such as Target in the USA, board members, policy makers and educators are finally starting to realise the importance of cybersecurity. It is no longer “an IT issue” that is left to a small, under-resourced team in a large organisation: it has become one of the most talked-about issues in the boardroom and is finally under the spotlight.

Companies cannot afford the bad publicity and loss of trust that a security breach brings, and because attacks are becoming more and more sophisticated and more common, there has been a huge surge in demand for cybersecurity professionals and proper policies to ensure security is “baked in” to tech products and services from the very beginning.

However, as it stands in Ireland, there is no undergraduate course in any of the universities offering a degree in computer science or engineering with cybersecurity. In this respect, we are behind the times. The recruiters I spoke to at Black Hat were crying out for skilled professionals with cybersecurity knowledge or experience. They ranged from traditional tech companies such as IBM and Intel, to consultancy firms such as Accuvant, to apparel manufacturers such as Nike – all eager to hire. In Ireland, some of the relevant companies are TrendMicro, Trustev and McAfee in Cork, and FireEye in Dublin.

With every device we use now having Internet access and full autonomy, we need to have security at the core of the development lifecycle. At one talk which I was unable to attend, a Black Hat researcher showed how smart cars are simply rolling PCs waiting to be hacked. With London approving the use of driverless cars from January 2015, this is a huge cause for concern.

The importance of security for SMEs/SMBs and not just the big multinationals was also obvious at Black Hat with a number of exploits demonstrated on Point of Sale terminals, and attacks which leveraged unsecured networks as part of a larger botnet to target other victims. SMEs should be taking basic measures such as encrypting disks, managing user accounts and using strong passwords. It is important for SMEs to make regular backups and keep software up to date (upgrade from your Windows XP!).

In Ireland, there is insufficient emphasis placed on security in the small business sector. Every business must realise that eventually they may have a security breach, if they aren’t already compromised. The important thing is knowing if they are compromised… For how long have they been compromised? By whom? And what can they do about it next?

The first part of this story was published last week.

Touchstore – App to help Pharmacists from Limerick Company

In his latest book “To Sell is Human” Daniel Pink claims that, jointly in the United States, the educational and medical sectors (he refers to them as ed-med) have created more “new jobs in the last decade than all the other sectors combined.” Reflecting this trend in Ireland is Limerick based Touchstore.

It started off in 2000 by giving retail chemists reports on what their best selling items were as well as other valuable items of information. By 2006 the service was in over 200 pharmacies in Ireland. In 2010, through the purchase of another company which then became known as Touchstore Rx, they expanded into the dispensary management area.

According to Marketing Manager, John Cassidy, Touchstore is one of the fastest growing companies in its product area in Ireland and they are hoping to enhance and expand their activities with the launch of their new iPad app which is currently in development.

However a working prototype of the app, which has been designed and built by Touchstore’s own team of software engineers, will be launched at the IPU National Pharmacy Conference which takes place this weekend, commencing on 26 April.

The app is designed for the pharmacy owner to keep track of the activities of their store and its day to day operations — e.g., prescriptions going out, plus sales and analysis of other key factors.

“You should have an app if there is the possibility of having an app.” John says, “Every tech company needs an app to complement their offering. It’s something investors look for and it is an age where we are all using smartphones and we need to take advantage of that.

“We want to have more communication with our customers, make it more engaging. Listen to our customers and to give potential customers a good insight into what we are doing and what we are about.”

John is keenly aware of the value that the judicious use of technology can bring to a business. For almost two years he worked as a marketing communications manager in Silicon Valley — the current centre of the universe for technological innovation.

His position required that John had to get both his company and its message known to a wider audience. One activity he found that was of key importance was networking.

John points out that,“Networking is a journey.” And there are a number of stages when thinking of engaging with new people at an event. “There is pre-networking where you find out who is going to be there and you target who is going to be beneficial to your company. When you get there, you make a point of meeting them.”

“What I learned was that the most important part of networking was post-networking — getting in contact, meeting up with them again. At an event people want to mingle. They don’t necessarily want to focus in on one person. Post-event networking was the most important part.”

John also found that, in almost all aspects, Irish people are welcomed in the United States. On his first St. Patrick’s Day in San Jose, he remembers looking out the window seeing Hispanic guys seemingly having taken the day off work and wearing all green. “Everyone is Irish for that day.” 

John argues that beyond the widespread celebration of the day, St. Patrick’s Day is a massive marketing vehicle for Ireland. It has to the potential to be Ireland’s “biggest profit-making machine”, not only in terms of the event itself and but as a billboard for attracting more investment to Ireland.

He believes that most companies in Ireland should have international ambition and he hopes and expects that Touchstore will expand beyond the shores of the Island and become a competitor on the global stage. Obviously, progress has to be made one step at a time but as he says, “You have to dream big.”