3 Most Important Lessons in Internet Security

In the world of a dot-com startup, security is an easy thing to push to tomorrow.

Don’t get me wrong – we all know it’s important. But it’s rarely important AND urgent.

Until, of course, you’re reminded by the hackers.

Lesson 1: Schedule Security, or the hackers will schedule it for you.

Recently, due to *human* failure, one of our exterior-only (not core systems) was hacked, for simple commercial malware intent. Fortunately, losses were minimal, and he/she was not able to create a “back door”, and we know this was a reasonably inexperienced hacker, because he/she left a lot of “tracks” – the good ones immediately hide most of the evidence of their intrusion. He or she simply wanted to embed virus-installing malware links, which was removed within minutes. Nothing serious (no client data, no credit cards, etc.) was compromised – but it was a good reminder.

Lesson 2:  All hacks are either (1.) Opportunistic or (2.) Targeted

The opportunistic ones are fairly easy to deal with: Simply be a harder target than the next guy. As your e-business grows, and you have greater traffic, Google Pagerank (an unofficial semi-used indicator of SEO value) then the opportunistic attackers have greater reason to go after you. The opportunistic ones usually just want eyeballs to spam-ads, clicks to virus or malware, or hard drive space for as cheap and fast as possible.

The vast majority of hackers (99%) on the web are after simple things  – space in which to host malicious code, SMTP servers to spam from, zombie machines to swarm into a DDOS (Distributed Denial of Service attack), etc.

Much more scary are the targeted attacks.

Truly locking out 100% of targeted attacks is very, very difficult. Easier is making the cost and difficulty to hack you exceed the perceived or actual value of intrusion. Even major banks, the NSA and CIA, and internet security companies like Norton or Kapersky get hacked, often because a human dropped the ball more than code failure, but both happen. As SwiftCloud (company I founded) grows in scale / scope / perceived data value, I know it becomes a bigger target, and eventually, a hole will get found.

So for that, you’re left with the final major lesson:

3. Layer your castle walls

Internet security also includes human practices – the White House website was (maybe still is) written to a DVD-rom, then every 5 minutes uploaded to the live web server, so if anyone hacked it, their hack would live for a maximum of 5 minutes. This is fine for simple read-only sites, but impractical for today’s dynamic database-driven interactive sites, though it’s a useful lesson regardless. Keep backups and assume one day you will get hacked and everything wiped out. Recently we had a datacenter go down, and then the backup generator failed, and then the load balancer failed, causing a client’s mission-critical site to go down [note: this has since been revised, fixed, tested]. Assume the worst will happen, and restrict access to those who need it only, even if you trust them implicitly.

In our hack above, one of our employees was hacked, and the hacker then used that info to simply “walk in the front door”. Fortunately, we had restricted access enough it was just a lesson, instead of major cleanup or a reputation-killing public disclosure. In this case, the exterior site was isolated from the more crucial interior site, and the access was to a single domain, single database on a single server – I’m definitely not saying this to brag, I’m pointing out that security can and should be engineered in from day one. Tripwire and other security code is awesome – but it’s just one defensive tool of many.

Offensive plays make headlines, but require a solid defense to win.

Imaginary Advisory Board

This is my version of fantasy football – an imaginary advisory board.

It all started with from carefully studying the work of Ash Maurya, of whom I’m a big fan but don’t actually know in person (yet). I’ve read his book (some of it 2x – re-reading parts to dwell on it, make notes, think about application…). A problem would come up, and I’d ask myself “What would Ash Maurya tell me to do?”

Then it happened again with Nir Eyal’s awesome book “Hooked“.

So these guys – and others below – go hiking with me all the time, or hang out and cook dinner with me, thanks to Audible.com & Podcasts. Yeah, I’m sure Peter Thiel would be thrilled to know he’s on moonlit 2am walks with me after working with indian coders for hours. Lame? Sure, go ahead and judge, but that’s the influence I want, you can have your Jason Derulo. This is my fantasy football team, but more useful – I follow ’em, implement ideas, and ask myself what they’d advise me to do.

So, here’s a standing list of people welcome to my home in Los Angeles anytime for coffee / beer / dinner.

  • Jason Lemkin // via YouTube mostly and Mark Suster re: the big picture / $$ growth
  • Neil Patel & Noah Kagen re: growing eyeballs, with a tip o’ the hat to GrowthHacker.TV – but per Sean Ellis, until 40% of your clients would substantially miss your app, don’t bother too much with this – focus on the product. So, for that, focus on…
  • Ash Maurya & Eric Ries, who I found via Sean Ellis – this is the Bible (Quran? Torah?) for the first phase – where I’m at now.
  • Samuel Hulick, the onboarding master. This is the next big focus for us.
  • Nir Eyal at making a product sticky
  • Once you have a kickass product that truly delivers value, and it’s not leaking, it’s time to turn on the firehose: Start with http://tractionbook.com/
  • Tim Ferriss on active lifestyle design


Naturally, there are a lot of things one does not learn in school that any responsible parent wants to teach their child or children.

This started as a conversation with friend Steve Aranda, and has evolved over time. In addition to the major topics below, responsible parenting includes 1,000 tiny battles, in which one cannot “give up” on the kid i.e. continuing to put the child ahead of one’s own humanity, set aside any anger or frustration, and help him or her to make the right decision.

In the end, we parents end up with 0% control.

Get used to it. Maybe at best we keep the relationship healthy and maintain some influence. Currently my son is 11 – I have about 5 years to train him to make good decisions.

Therefore, my own parenting approach (comments welcome) is along the lines of training the kid to make great decisions in the few years before a dictatorial approach becomes ineffective via teenage rebellion.

So, here’s my on-going list of major things to teach a child outside of school:

This is a continuously evolving blog post – comments welcome.

  • Survival
    • Self Defense
      • How to fight if needed
      • Ways to avoid a fight
      • When to avoid a fight, which is 99.99% of the time. If commenting, please spare me any “war is not the answer”, or claims that violence never solves anything – he’s definitely taught to never throw the first punch. That said, anyone thinking this is a simple clear cut issue I invite commentary.
      • Appropriate level of response. If truly life and death (i.e. stranger kidnapping), it’s no holds barred – vs. a playground scuffle.
  • Success
    • Money
    • Unconditional Love
  • Critical Thinking
    • Trusting authority vs. breaking rules or intentional noncompliance
    • Ethics
  • Legacy
    • The meaning of life, which is whatever he creates it to be.
    • Making a difference to others or a cause.

In greater detail – specific resources and topics as I find them below…

  • Survival
    • Self Defense
      • Psychology of Fights & Deflating Fights & Avoidance
      • Martial arts classes, specifically starting with disciplined traditional approaches (Tae Kwon Do), later ground styles (Judo, Jujitsu), finally military style after maturity is demonstrated (i.e. Krav Maga, Spetz Nez). Teaching a kid to break kneecaps before mature is irresponsible.
    • Swimming
    • Wilderness Survival
  • Success
    • Social Skills. Note: He’s currently in middle school, and the political battlefield of kids determining social hierarchy is well underway.
    • Critical Thinking
      • Circle of Concern vs. Circle of Influence
      • Integrity vs. Perceived Integrity
      • Win the Battle but Lose the War
    • Money
      • Principles of wealth – i.e. Arbitrage, Leverage, Transformation, Scaling
      • Being a Producer vs. Consumer

I hate internet marketers. Here’s why:

First, this is the basic rule of internet marketing:

How to make $1,000,000 OR MORE with Internet Marketing in 2 Easy Steps:

  1. Always hold something back

There you have it. Ok, send me just 3 payments of $97.

Everyone wants to sell information. It’s easy. It’s instantly transferable, carries whatever value your marketing can put on it, is infinitely scalable, and often costs almost nothing to produce.

To be precise: most internet marketers are out to make you unhappy. That is the role of advertising – make you unhappy so you buy something. Pour lemon juice on any open wounds, then sell you aspirin.

This isn’t to say some tips aren’t valuable, but at the end of the day, marketing is conceptually very very simple: it’s (1.) Irresistible or compelling offer + (2.) Eyeballs of potential buyers – attention. That’s it. Everything else is smoke and mirrors.

Are there awesome new whizbang ways to get eyeballs? Sure, sometimes, and that’s worth money… but usually, it’s this recipe:

  1. All your problems in life are because you don’t know secret X.
  2. I have learned secret X, and will sell it to you.
  3. Once you know secret X, your wildest dreams will come true.

Call me crazy, but I want to make the world a better place, not just sell you some junk. It would frankly be better to to copy some internet marketing “guru”, but does the world need another person taking money from idiots?

If you keep buying internet marketing products and not implementing them, then yes – I said it – you’re an idiot and will soon be parted with your money.

It’s all traffic and conversion. Everything else is BS – so tune out the noise and focus on the basics of your business, whatever that is for you. Hone your offers, and get potential buyers to see it.

Your Choice: Start a Business, or Fail at Personal Freedom

Let’s assume you like money, and living well, and also having time to do what you want to do.

Fair? I think I’ve cast a wide net.

Pretty much everyone wants this. We all want to live the 4 hour workweek, but the mechanics of what he describes in the book are heavily dependent on getting paid for results, not your time.

Which doesn’t fit most “jobs” i.e. typical employer relationships.

For that reason, you have only a few choices as I see it:

  1. Be born wealthy. Statistically speaking, there’s a 99% chance this is not your lot in life.
  2. Work in “Service Asymmetry”, i.e. pro athlete, movie star, very popular musician, in which millions or billions consume your product and thus you get paid very handsomely, can have a very short career and amass wealth quickly. Statistically, most people won’t succeed (or even try) at this. Most pro athletes end up broke anyway due to spending habits.
  3. Rapid asset accumulation, combined with high ROI, relative to your standard of living. If you live super cheap, make $130k/yr, save $70k/yr after taxes, then you could retire after just a few years… this doesn’t work if you make $60k, save $10k/yr – it simply follows the conventional gold watch plan (retire after 35 – 40 yrs of work). Statistically, most people won’t earn this kind of income AND keep their expenses low enough to make this work- $130k/yr is good income, but most people’s lifestyle pretty quickly rises to match as they follow the house / mortgage / kid / car pattern. Your goal here is your passive residual income exceeding your lifestyle expenses (burn rate liftoff – i.e. making $10k/mo/net rental income or investment yield with expenses < $10k/mo)
  4. Build a business and be successful at it. That 2nd one is a kicker, but if you have a day job wherein you get paid for time, this seems to be your only logical choice as I see it. Am I wrong? Comment below. Fortunately, the internet has created as many opportunities as hazards, and turbulent times favor upstarts not incumbents. Easier said than done, I know, but fortunately, new ways of thinking about this can drastically lower your risk and cost to get moving – i.e. the lean startup or pivoting from service to product.
  5. Redefine your employer relationship to get paid for metrics and results, not your time. For some, this will work – sales professionals for example, but for the majority, their job descriptions are probably too complex for their employer to actually accept this. Besides, automation favors the business owner, not you, so over time, they get more results for less of your time, and can then load you up with more tasks – so like it or hate it, the business owner has a financial incentive for you to stay hourly in most cases, then systematically optimize your workflows (while they reap the benefits, not you).

When just a child I loved robots.

I was born in ’75, so the early 80’s was a time of industrial automation, and fears over automaking robotics, bold claims for the future, and Tang. The inevitable future to my 8 year old logic was that some employer would own a fully robotic factory, and get all the money, while paying fewer and fewer employees. The first plant to go fully robotic would enjoy wider profit margins, affording more robots, outspending on R&D + advertising, and ultimately make the best company and dominate the market.

I was an odd kid. But am I wrong?

The market domination would then lead to an arms race, in which most of the humans would get displaced by the most cost-efficient production method, and while price competition would thin margins over time, the damage would already be done to the workforce.

So this is our world, like it or not. The real question becomes then, what side do you want to be on?

If you can’t beat ’em, join ’em. So I became a robot.

Ok, so that’s a joke for my wife – but I did side with employers and had similar concerns over the classic labor vs. capital power struggle (summed up nicely by friend Max: “What struggle? Capital won.”), which is why I’ve always bootstrapped. The good news: there’s never been a better time to bootstrap and start a business part time on the side, then grow the income to replace your day job – so you truly can live the 4 hour workweek if you choose.

The 1 Hour CEO

I’m CEO, but only for 1 hour per week.

This all started a few weeks ago, when I was feeling pretty overwhelmed. I’ll spare you the humblebragging claims to busy-ness, but  that day in particular had significant demands on my time, each with serious repercussions if not filled.

So, I stepped back for a few minutes and blocked out my time, for the week, and it provided a sense of relief.

It freed me up to NOT do 99% of my
workload at that moment.

As a small  business owner, I wear a lot of hats. All small business owners do, and the process of growing your company means progressively giving those hats away. If you do your job correctly, you’ll be left at the end of the day with no hats, but still having a profitable company.

This is also the easiest type of company to sell – one that doesn’t really depend on it’s owner / founder. Until one gets to this point, I maintain one hasn’t truly built a company, but has simply built a “practice” or a job.

Anyway, by blocking out my week into chunks, including top-level sales, marketing, customer service, HR, and even specifically scheduling personal time to work out and get some sunshine, Dad time with my son, “float time” for catch-up and interruptions, it provided me clarity, because I then had license on what I should _not_ be doing at any moment.

As Paul Graham pointed out what many knew instinctively but hadn’t fully carved out, “maker time” requires deeper thinking, and without license to block out the world, I wouldn’t get anything meaningful done.

To implement this yourself, try a David Allen style Brain Dump, categorize it into the hats required of you, figure out about how much time per week you need on average, include some “slip time” each day (like office hours for college profs), and block it out.


  • List of hats common in small business / tech startups is below
  • Include time to be a human, and some fun time regardless of how motivated you are. For you tech startup Type A people: Engineer for your own limits. I have about 70 hours a week blocked, but some of that is for being a father, husband, exercise, sunshine, personal admin (i.e. home improvements, taxes, etc.) – so actual worked hours is really only about 45-50… crazy work weeks aren’t sustainable long term without cost – my record is 104/hrs week (7x 14 hr days actual work), but it was frankly sort of stupid: I ended up not working at my highest and best use, so working hard was actually inferior to working smart even on a pure results basis, not just life-enjoyment basis, not to mention “wife? what wife?” basis. Tim Ferriss’ awesome 4 hour workweek is a reminder of doing just what matters and delegating the rest.
  • Polyphasic sleep is awesome if you can swing it socially. I average “everyman” or siesta during the week, then monophasic or segmented or siesta on weekends, depending mostly on parties and my social planner’s schedule (wife Lidia Ryan)

Roles – just a sketch here to get you started.. your week consists of…

  1. HR // team-building, retention, management
  2. being CEO // the big picture decisions, implementation in overview, raising funds if not bootstrapping, monthly reports, etc.
  3. Operations // aka “the product” for tech startups. This is a big one for me, as we’re mostly into product-market fit still. As we hone this, things like growth hacking get more important – til then, it’s water in a leaky sieve.
  4. Marketing // I break this out into outbound, inbound, traffic, and The Offer i.e. CRO
  5. Sales // getting the $, blend of this varies by your business…
  6. Accounting // even if you delegate, you need to know these numbers as CEO.
  7. Customer Support. // I talk to real-world clients every day and think it’s essential to startups, but that’s opinion.
  8. Food: I cook a lot, and find it meditative. I solve big code problems while cooking, and it’s fun to work on something physical.
  9. Exercise. Skip this, and you’ll regret it sooner or later.
  10. “office hours” – free time to deal with slipping deadlines, interruptions, calls that weren’t planned, etc.
  11. Personal admin – laundry, etc.
  12. “Sharpening the saw” – even if just a few minutes per week (tip: overlap with exercise via Audible.com audiobooks), this is worth it.