I wrote earlier this week about how life is, generally, hard. There's no question about that. One of my favorite things about the Internet, and probably the most exciting thing about working in venture capital, is being around people who are working to re-architect the world to make hard things easier. And by easier, I mean: by designing clever social / technical / collaborative hacks that redesign the problem and the solution. Yesterday, I was out in SF for USV's semiannual Trust, Safety and Security summit -- Brittany runs USV portfolio summits twice a month and one of the ones I don't miss is this one. It brings together folks working on Trust and Safety issues (everything from fraud, to bullying, to child safety, to privacy) and Security issues (securing offices & servers; defending against hacker attacks, etc.). Everyone learns from everyone else about how to get better at all of these important activities. Trust, Safety and Security teams are the unsung heroes of every web platform. What they do is largely invisible to end users, and you usually only hear about them when something goes wrong. They are the ones building the internal systems that make it possible to buy from a stranger online, to get into someone's car, to let your kid use the internet. If web platforms were governments, they would be the legislature, law enforcement, national security, and social services. Often times at these summits, we bring in outside guests who have particular expertise in some area. At yesterday's summit, our guest was Alex Rice, formerly head of Product Security at Facebook, and now founder of HackerOne. Side note: it was fascinating to hear about how Facebook bakes security into every product and engineering team -- subject for a later post. For today: HackerOne is a fascinating platform that takes something really hard -- security testing -- and architects it to be (relatively) easy, by incentivizing the identification and closing out of security holes in web applications and open source projects. The magic of HackerOne is solving for incentives and awkwardness, on both sides (tech cos and security researchers). Security researchers are infamous for finding flaws in web platforms, and then, if the platforms don't respond and fix it, going public. This is only a semi-effective system, and it's very adversarial. HackerOne solves for this by letting web platforms sign up (either in public or private) and attract hackers/researchers, and mediating the process of identifying, fixing, and publicizing bugs, and paying out "bug bounties" to the hackers. Platforms get stronger, hackers get paid. In the year that it's been operating, HackerOne has solved over 5,000 bugs and paid out over $1.6mm in bug bounties. Thinking about this, it strikes me that there are a few common traits of platforms that successfully re-architect something from hard --> easy: Structure and incentives: The secret sauce here mediating the tasks in a new way, and cleverly building incentives for everyone to participate. Companies don't like to admit they might have security holes. They don't like to engage with abrasive outside researchers. Email isn't a very accountable mode of communication for this. But HackerOne is figuring out how to solve for that -- if every company has a HackerOne page, there's nothing to fear about having one. Building a workflow around bug finding / solving / publicizing solves a lot of practical problems (like making payments and getting multi-party sign off on going public). Money that's small for a big company is big for an individual researcher -- one hacker earned $20k in bug bounties in a single month, for a single company, recently Essentially, HackerOne is doing to security bugs what StackOverflow has done for technical Q&A: take a messy, hard, unattractive problem with a not-very-effective solution and re-architect it to be easy, attractive and magical. Vastly broadening the pool of participants: After the summit, I asked Alex how old the youngest successful bug finder on the platform is. Any guesses? 11. Right: an 11 year old found a security hole in a website and got paid for it. Every successful hard --> easy solution on the internet does this. Another of my favorite examples is CrowdMed, where a community of solvers makes hard medical diagnoses that other specialists could not -- 70% of the solvers are not doctors. (They typically solve it with an "oh, my friend has those symptoms; maybe it's ____" approach, which you can only do at web scale). Deep personal experience: It takes a lot of subject matter expertise to get these nuances right. It makes sense that Alex was a security specialist, that Joel at stack overflow has been building developer tools for nearly two decades, and that Jared at CrowdMed was inspired by his own sister's experience with a rare, difficult-to-diagnose disease. I would like to think that it's also possible to do this without that deep expertise, but it seems clear that it helps a lot. The fact that it's not only possibly to make hard things easy, but that smart people everywhere are building things that do it right now, is what gets gets me going every day.
That's a pretty depressing and fatalistic post title, but I actually mean it in a positive and encouraging way. Let me explain. It's easy to go about your life, every day, feeling like everyone else has their shit together and that the things you struggle with are unique to you. But then, when you get down to it, it turns out that everyone -- every single person I know -- is dealing with profoundly difficult and stressful things. Sometimes that's money, sometimes it's health, sometimes it's work or family or relationships. It's worth remembering this so that we cultivate some empathy when dealing with people -- in general and in particular in difficult situations. For example, with all of the controversy and strife over police brutality and race relations in the US, it's easy for both sides to look at the other and not understand. My personal default stance on all of that is: of course police treat black males unfairly, and black people in the US are so structurally fucked over that it's hard to really comprehend it. I also have a police detective as a future brother-in-law, who sees it from a different perspective. From his, and my sister-in-law's point of view, he does something incredibly dangerous and scary, for the safety of all of us; and further, he's a good person and so are his colleagues. He also sent me this video (graphic) which grounds those sentiments in reality. And of course, he's right. Or take congress. It's poisonous there. I went down to DC last week, and met with two Republican senate staffers, two Democrats, and an independent. Reasonable people, all of them, and I'm sure each with their own struggles. Now, I'm not in the thick of the DC mess, but it seems to me that it's easy to lose sight of that and just fucking hate everyone in the heat of the fight. Or the torture report. Jesus. Or look at celebrities, or the ultra rich. I have an old friend who is very wealthy and just went through a really painful divorce that broke up his family. The number of privileged kids with broken lives due to substance abuse is staggering. The number of upper middle class, middle class, and poor people with broken lives due to substance abuse is staggering. A fabulous couple I know, with one of the best relationships I've ever seen, is on the brink of losing it because of stress and alcohol. We've got two close friends dealing with life-threatening cancer right now. Someone in their thirties and someone in their sixties. Everyone has these things, either directly or adjacently. And they all go to work every day (or don't), and get on twitter, and blog, and talk on TV, and run companies, and etc. I am not exactly sure what my point is here, except to say that thinking about it this way really makes me want to redouble my support for my friends and family, and to give everyone (including myself) a break now and then, because there are things in their life that are broken, and life is hard for everyone.
"Workflow" apps hold so much promise. Whether it's a CRM, project management tool, to-do list, or some other tool, the promise in each case is to clean up our messy lives and help us be more organized and effective. The problem, though, is that getting people to adopt a workflow is really really hard. That's why there are so many to-do apps out there, each one with a slightly different user experience, and none of them "just quite right" for everyone. Workflow apps are like Goldilocks' porridge. Everyone is a little different, and it's hard to get people to change. A solution, then, is to take the "anti-workflow" approach. Make me more productive without shoehorning me into a new workflow. For example, Zander has been building a side project called Ansatz, which is the "anti-CRM". All you do is auth it into your email, and it builds intelligence your whole team can use, about who you know and how well. It's a CRM with out the CRM. And yesterday, I found out about Taco, which is the "anti-ToDo" app -- gives you a handle on all of the things you need to do (as defined by starred emails, github tasks, zendesk tickets, etc), and puts it right where you want it: on the Chrome new tab screen (side note: Taco should merge with Momentum, which I love). So now, I can track and prioritize what I need to work on, without having to adopt a to-do routine that I'm guaranteed not to stick to. Already, using this has helped me manage my inbox, as I know that I can archive starred emails knowing they'll show up in my todo list, where I can prioritize them and work on them later when I have time. Both of these examples build on perhaps the biggest productivity treasure trove: the inbox. For a long time, I've wondered why we don't see more and better email analytics tools (Rapportive was one of my favorites). My inbox knows pretty much everything about me, and it's really poorly organized. Maybe it's because entrepreneurs are afraid of Google Inbox (I suppose I would be). Regardless, it seems to me that there are countless ways to help me make my inbox more meaningful to me, and nearly all of them can accomplish that with an anti-workflow approach, which is a winning one IMHO.
