Congratulations to Firecracker!

The Koa Labs crew is thrilled that Firecracker is moving out of our space today.

We’re thrilled not because they were bad tenants- but rather the opposite. Over the last year, since moving to Koa Labs, founder Ben Williams has grown his team from 1 to 6 with more hires on the way. After Tony came on board in the early summer, it was clear they were going to be unstoppable. Firecracker emulated a model Koa tenant- one to two founders who build a company and scale, using Koa’s spartan space to ignore distractions and focus on building a strong, independent company. Together with Frank, Joan, Åsa, Louise, Chris, Jason, and Jason II, Ben’s been able to do just that. They brought a lot of life to Koa, from calming banzai trees to neon New Balance kicks; we’ll be sad they’re not around but psyched for the next group of founders to join us.

Firecracker is a tremendous company with a simple premise: they help make medical students become the best doctors they can be. We proud to support that mission and of the fact Firecracker is a studying staple for nearly 1 in 5 medical students in the US- and we’re sure it will only continue to grow in importance. We’re psyched helped them on their path and can’t wait to share in their future successes.

At some point, companies outgrow us, and we view that as a cause for celebration, not for sadness. Congrats to Ben and his team.

Posted in Uncategorized | Tagged , , | Leave a comment

Information Management: Strategies for Gaining a Competitive Advantage with Data

The following is adapted from a foreword I wrote for my colleague William McKnight‘s book, Information Management: Strategies for Gaining a Competitive Advantage with Data.

In 2014, it’s no longer a question of whether to become an analytics-driven organization, but how. William McKnight tells us how beautifully, in this definitive book. It’s an easily understood, action-oriented guide for Information Managers who want to help their organizations compete on data analytics in an era of Big Data and rapid technological innovation.

Successful analytics-driven organizations will build information architectures that match analytics workloads in the context of key questions that people in their organizations need to answer in order to create value on the front lines of their business.  The best architectures will be loosely coupled so that they can absorb rapidly changing new technologies to meet competitive challenges and opportunities. Just like the one-size-fits-all database is dead, the one-size-fits-all information architecture is dead.

I faced this reality personally while building out analytical informatics infrastructure as SVP and CIO at Infinity Pharmaceuticals and later head of Global Head of Software and Data Engineering for Novartis Institutes for Biomedical Research (NIBR). It was also starkly clear when bringing new database and analytics products to market as a founder, advisor and investor in startups like Vertica, Data-Tamer, VoltDB and Cloudant.

This book provides an invaluable framework for making sane decisions about which technologies and approaches are right for you in building your information architecture. You’ll learn how to focus your resources on solving the problems that will have the biggest impact for your business this month, quarter, and year. Competing on analytics is not about big multi-year projects: it’s about having an impact on decision-making every day, week and month. And ensuring that when you do have a significant strategic decision to make, that you do so within the context of all the data/information available to your organization.

Everyone involved in Information Management can benefit from this book: from information architecture experts and business-process owners to IT pros to the C-Suite. It covers the changing role of traditional analytics architecture — e.g., the data warehouse and DBMSs — and the incorporation of new analytics architecture, from column-oriented approaches and NoSQL/Hadoop to rapidly evolving IT infrastructure like cloud, open source and mobile.

Ultimately, however, this book isn’t about technology or even about analytics. It’s about people and empowering them.

Analytics starts with questions, from real people at all levels of an organization.  What are the 100 (or 200 or 500) questions that would create significant value — if the people in your organization could answer them with the support of all the data available in your organization at any given time?

The questions that need to be answered aren’t just the broad strategic questions that C-level execs talk about, but also the very tactical questions. In the past, most enterprises have focused on the former, because it cost too much and was a huge pain to extend analytics to anyone but business analysts or senior management.  The technologies discussed in this book are making analytics practical for people throughout an enterprise. Democratizing analytics is a key trend that I see every day.

Great analytics provides the CONTEXT for all business people to create value throughout their day so they can make more-strategic decisions on tactical matters.  Think about product support. Pretty prosaic stuff, right? Not really.  When someone calls in for product support, what’s the value of knowing that caller represents a top 5% customer – or whether she’s even a customer?  How do the support people know how to prioritize requests without analytic context?

The Information Manager’s job over the next 20 years is to provide analytical context for every employee in the company.  So that he or she can make the best decisions about how to allocate his or her time and the company’s resources.

To the great information, experience and clear-thinking advice that William shares here, I’d like to add some personal observations.

  • Always start with the questions.  What are the questions that the people in your organization find most interesting and want to answer?  Avoid data engineering projects that take quarters or years.  Instead, embrace projects that are focused on collecting and answering very specific questions with high-quality data, using repeatable and shareable queries of data that interconnect sources across the company and leverage both external (publicly available) and internal data.

  • Segment your workloads! William makes a big point about this, and I totally agree. The simplest approach is by “read-oriented” and “write-oriented.” Then, implement your infrastructure to ensure that there is minimal latency between your read and write systems, and you’ll have something close to real time analytics.   Within “read-oriented” workloads, separate read access that requires longitudinal access (a small number of records and many or all columns/fields of data) from “data mining” access (a small number of columns across many or all records).  This will ensure that you can implement queries against a system designed to match the requirements of those queries – under the covers. These two types of queries are orthogonal, and the most effective way to address them is to separate these query workloads to run against systems that are designed to match the workloads.

  • Remember the three key types of analytics: descriptive, predictive and prescriptive.


Reporting on historical data and trends


Reporting and exploratory on the future (which can range from very short-term and tactical to very forward-looking and exploratory)


Recommendations of actions based on descriptive and predictive analysis

Statistics matter for all analytics. But for predictive and prescriptive analytics, you can’t operate without significant statistical expertise and infrastructure. R and SAS are no longer good enough. You need next-generation tools and infrastructure, most of which are not yet available in commercial third-party products. So, start with descriptive and work your way up. For an interesting reference framework for an infrastructure spanning (or ready for) all three kinds of analytics, check out Mu Sigma.

  • Don’t trust product vendors to optimize for you.  To minimize the number of lines of code in their systems and the cost of maintenance, product vendors usually force you into the design pattern of their product instead of setting you up with a competitive product that is better aligned with a given workload.  Further, for obvious reasons, vendors don’t make it easy to integrate between products. This is one of the reasons for building a best-of-breed infrastructure (as William recommends) versus one based on a single vendor.  No vendor has it all, and they are almost all radically biased towards one data engineering design pattern (row-oriented, column-oriented, document-oriented, viz-oriented, graph-oriented), Remember: one size doesn’t fit all!

  • Plan for the quantity of data sources to be vast, and set up your analytics infrastructure accordingly. Data quality matters! The best way is to control data quality at the point of data creation and by leveraging all your data sources to assess and augment any one source.  Yes, the ambiguity of your data sources is significant and broad – so much so that we’re going to need new ways of curating to improve and maintain data quality for any analytical use case. All data is valuable, but not all data is analytically relevant given the context of a specific question. This is why the collection and curation of a set of key analytical questions is so important: it helps you determine what data is analytically relevant to your organization, so you know where to invest your curation time and budget.

  • Accept that you’re never done optimizing for performance. Achieving performance requires significant effort.  You’ll need to integrate products from multiple vendors thoughtfully and iteratively over a long time period.

  • Push for simplicity.  Database appliances have given IT shops a taste. But I’m betting that more enterprises will realize that true simplicity comes via cloud-based solution-oriented services such as DBaaS (database-as-a-service) over the cost and complexity of maintaining dedicated physical appliances.

  • The cloud matters.  Hosted, multi-tenant databases such as such as Cloudant and Dynamo are going to be the default choice for building new systems Eventually enterprises will realize that leveraging hosted, multi-tenant and highly optimized infrastructure is radically more cost-efficient and effective than trying to replicate the expertise required to run high-performance database systems as a service internally.

  • The future of master data management is automated data integration at scale. This means bottom-up development of integrated models of data and meta-data using machine learning techniques – similar to the logical evolution of data virtualization. Top-down models for information management such as “master data management” do not work.  Modern analytics needs more bottom-up data management and stewardship of data.

  • Focus on the real issues, not the red herrings. Things like the NoSQL/SQL debate are just semantics, and trivialize the real struggle: who needs access to data and how are you going to get them that data?  Most of your users don’t care if you’re using declarative languages such as SQL or not.  Therefore, don’t allow your organization to get caught up in the nonsensical narratives fueled by industry press.

Competing on analytics requires a combination of great systems and empowered, motivated people who believe in their right to information and analytics for optimal, value-creating decisions. As William emphasizes in this book, it’s not either-or. It’s the seamless integration of systems and people that creates non-incremental value.

We need to empower business people at the point of decision-making with analytics that will help them create significant value for their companies – every single day.  Information Management: Strategies for Gaining a Competitive Advantage with Data is your roadmap. Good luck!

Posted in Analytics, Big Data, Enterprise Software, Information Technology, Innovation | Tagged , | 1 Comment

An Attribution Network for Creators, Makers and Individual Contributors

One of my favorite activities is recognizing people who create great works.  I truly believe that our economy and society have become far too distracted with “intermediaries” of all types: bankers, lawyers, consultants, etc.  As Brad Feld emphasizes, these intermediaries are merely supporting roles – he calls them  “Feeders” – and Brad rightfully encourages people to focus on empowerment of the entrepreneurs, engineers, designers and creative talent that are at the core of our innovation economy: people who build things.

One of my favorite movie clips is from Pretty Woman. After realizing the error of his private equity slash-and-burn ways,  Edward Lewis (Richard Gere) emerges from a locked conference room where he’s committed to supporting his partner James Morse (Ralph Bellamy) despite the pleading of his lawyer Philip Stuckey (Jason Alexander), who clearly doesn’t care about anything other than the fees associated with getting the deal done. James Morse brilliantly says “Mr. Lewis and I are going to build ships, big ships!”  It’s not about collecting fees – it’s about creating and building something of real value: build ships.

We Created It Logo

Celebrating people who build things is essential. This was my primary motivation in backing a great start-up in San Francisco: We Created It.  Founded by two incredibly talented entrepreneurs and designers – Hari Srinivasan and Jim Fell – We Created It has a mission “to help people get credit for what they create – alongside their teammates.” If you’ve ever been part of a team that made something special, I think you should know about this.  It’s unnatural for me to back companies that are not in Cambridge, but I make exceptions for exceptional people and companies. We Created It is one of those exceptions.

At its core, We Created It is a beautifully designed and simple way to collect the products you’ve worked on. But it goes way beyond just showcasing your products: it galvanizes teams around the products they make together. Check out our KOA Labs project on We Created It. We love it.

I believe the time is right for We Created It, for several reasons:

  • Traditional signals (company, title, school) on resume networks are losing trust, and it’s an expensive problem. We Created It solves this problem with an innovative “attribution platform” approach. We Created It cares more about what people make than where they work. The site is creating a powerful new data set of valuable signals (what you made, how, with who) that matter most to product people and hiring managers.
  • Traditional long-tenure jobs have long been on the decline, giving way to shorter company stints and more project-based work. Studies are suggesting that upwards of 35% of millennials have started their own businesses on the side and will have 15 to 20 jobs over the course of their working lives. Imagine trying to make sense of that resume! It’s getting more difficult for an increasingly large segment of the workforce to keep and present a cohesive, linear story.
  • Past solutions for attribution have always been time-consuming, cumbersome and unsearchable. We Created It makes it dead simple to get credit for your product, often by just pasting a link. I don’t think the traditional solutions will be able to scale.
  • There’s something uniquely special about the culture on the site. It’s honest and collaborative. The tone of makers helping makers is unlike any other network I’ve seen – and amazingly, most of the thousands of users have come through people inviting teammates to take credit with them.
  • I believe in the We Created It team. They’re passionate product people (Jim is a former teammate at Goby) and know how to capture the attribution problem. Like so many of us, they’re proud of what they make and they deeply value the teams they work with.

If you’ve made something great and want a beautiful way to get credit for it, check out the site, create a project and give credit to your teammates. They’ll probably thank you for it.

Posted in Companies, Entrepreneurship, Founders, Innovation, Start-Ups | Tagged , | Leave a comment

Women Start-Up Leaders in Boston/Cambridge

My friend Julia Austin recently forwarded me a link on a study conducted by the National Center for Women & Information Technology – link to the study is here.  It’s a great study that caused me to think about my own sponsorship of women in tech and rightfully calls for men in tech to consider more proactive sponsorship of women leaders.

There are great role models for women in tech here in Boston – three of my favorites are Paula Long, Helen Greiner and Maria Cirino.  Consistent with the findings of the study, my strong support of women in the start-up workplace has been influenced indirectly by great role models such as Paula, Helen and Maria – but also by working directly with and for women throughout my my career, specifically:

In addition to thinking about women who have had an impact on me directly – I’ve gotta admit that the report caused me to look at my own sponsorship of women in business and specifically women entrepreneurs in Cambridge/Boston.  It was pretty cool to see that – when I looked through my projects @ Koa  - there are more than a dozen great women leaders/Founders in my modest portfolio of companies.  Perhaps the coolest thing is that (until I looked at the report from NCWIT) I hadn’t really thought about investing in women  - I’ve just been investing in great people with fantastic ideas and – turns out – gender really doesn’t matter – at least at Koa.

Some of the amazing new women leaders in tech who I’ve had the privilege to work with and back with investments of money and/or time over the past few years include:

Additionally, there are many outstanding young female leaders at many of my portfolio companies, just a few of which include :

If there is an area that I think I can particularly improve wrt sponsorship of women – it’s influencing the number of women on start-up boards of directors.  We need more women in the boardrooms of the best start-ups and I’m committed to doing whatever I can to influence a positive change in this direction.  I also think that we need more women in venture capital – although I’m reluctant to advocate for any more venture capitalists of any gender ;)

Posted in Companies, Entrepreneurship, Founders, Start-Ups | 3 Comments

Culture Matters: Facebook CIO talks about how well Vertica, Facebook people mesh

Every once in a while, as a entrepreneur, there are these moments of overwhelming pride and satisfaction that make all the sacrifice, risk and anxiety worthwhile.  I had one of these moments listening to Tim Campos – the CIO @ Facebook talk about their experience working with HP Vertica.

I was proud to listen as Tim described how Facebook has used  Vertica to build a big data environment that balances scale and speed – specifically:

  • stores 12 months of revenue data instead of their previous limit of 1 month
  • dramatically increased cycle time of data refresh from prior limit of 24 hours to 1 hour
  • enables interactive views of data that were previously not possible because queries took too long to complete or ran in minutes and now the same queries run in seconds

This is a fantastic accomplishment in one of the most challenging technical environments in the world – however – my proudest moment was when – at about 11:05 in the video – Tim describes what it’s like to work with the people at Vertica and how the culture of Vertica meshes with the culture of Facebook :

“The people side of things I think are just as important as the technology side of things.  And in fact this is one of the reasons we’ve been really excited to work with the Vertica team.  The people that we have worked with at Vertica – they have meshed incredibly well with our culture – we’re very demanding, we’re very results oriented, we’re very innovative, we like to break things and try new ways of thinking about things and it’s just been tremendous to have a partner with Vertica that thinks the same way that we do.”

Honestly, I can’t imagine a better compliment.  Thanks to everyone at Vertica for doing such a fantastic job building and sustaining a powerful culture of innovation, technical leadership and commitment to excellence and thanks to our partners at HP for maintaining that culture over the years.

Posted in Analytics, Big Data, Enterprise Software, Entrepreneurship, Founders, Information Technology, Innovation, Start-Ups, Uncategorized | Tagged , , , , | Leave a comment

System Password Management: JUST DO IT.

One minute to midnight

It’s December 2013. Do you know where your system access credentials are?

The cloud and Internet services have developed quickly. Many providers and services are antiquated in how they handle password repositories – and they’re even further behind in implementing modern Identity and Access Management Services.

Meanwhile, more corporate data and proprietary business processes are operating on the cloud and Internet services.

For most organizations, access to the “crown jewels” has evolved from a few simple tokens that you shared with a small team, to a password quagmire of emails, wiki pages, sticky notes, and text files. Passwords are still the most important protection that you have on your valuable data and systems.  Poor management of these “keys to the kingdom” can cripple small and large organizations alike – and is not something that you want to deal with reactively. It’s time to fix this problem – proactively.

What’s a system password?

A “system password” includes the keys, credentials and other secrets that protect your services, data and infrastructure – anything you have that you wouldn’t share with someone you don’t trust. For example:

  • The public and private keys (and passwords) that you use to log in to servers
  • SSL certificates that protect your web servers
  • Cloud identities that you use to make cloud API calls
  • API keys and tokens that your apps use to call third-party services
  • Encryption keys used for files and storage volumes

What’s wrong with ad hoc management? (As if I really had to explain ;) )

Of course, mismanaged access keys and credentials can lead to operational failures and data loss. But if I think about all the different ways this could possibly happen, the list would look something like this:

  • You can lose passwords, and lock yourself out of things.
  • Team members can accidentally apply damaging updates to the wrong environments, because of confusion over which credentials to use and excessive access privileges.
  • You can leave your system vulnerable to attacks in which an intruder gains an initially low privilege level, and gradually escalates by finding loose passwords and using them.
  • Your ex-employees still have shared passwords that you gave them – and may be using them
  • You can’t on-board people like temporary contractors easily because you don’t have a way to “sandbox” them appropriately. This costs you time and opportunity.
  • You’re unprepared when a big customer is interested in your technology and asks for a compliance audit. (Wouldn’t it be great to be ready when that day comes?)
  • You can’t easily rotate credentials since you have no way to track down all the places where the old credential is in use.
  • You can expire credentials that you think you aren’t using any more, but find out that you actually are still using them – when your important systems stop working.
  • You can’t decommission a user account, because that user is sharing a password that everyone else still needs to use.

Clearly, trying to protect yourself from each of these different scenarios – traditional ad hoc password management – is impractical.  Where do you start?  Where’s the source? And how do you know?

So what’s the alternative?

Let’s look at this by analogy. Not so long ago, it was common to find small software teams working without source control. They ran into nasty problems like:

  • Out-of-sync code between developers
  • Potentially valuable history being overwritten by new code and lost forever
  • Loss of entire bodies of work due to hard drive crashes, computer damage, theft, etc.
  • Difficulty in bug fixing because the team couldn’t figure out which code the customer was running

Medium and large enterprises learned these lessons the hard way, and invested to solve them with enterprise source control solutions like Subversion, Git, ClearCase, Perforce and PVCS. Specifically, the community learned that, because code is so important, it must be managed with a system that’s:

  • Centralized – and therefore authoritative
  • Durable – so that it’s always available and never lost
  • Multi-user – so that teams can collaborate effectively
  • Versioned – to preserve history
  • Role-based – for separation between code authors (developers) and code consumers (build + test infrastructure)
  • API-accessible – to facilitate automation
  • Searchable – so that things can be found

Today, there’s a universal understanding of the importance of source control in software development. And, thanks in part to today’s excellent, inexpensive source control systems (GitHub), even the smallest projects use source control from the start.

We need the same kind of approach for the management of access and key credentials.

What are good password management practices?

Password management in the software industry is all over the place, with few good strategies and technologies. In most organizations, leaky password management is still the norm. It’s easy to think of good password management as simply locking away a single copy of a password. However, this strategy is laughably insufficient because passwords need to be recoverable and frequently used. What happens if you lose the only copy of a key, or the team member who has all the keys becomes unreliable?

To protect yourself adequately, your password management system should have the following characteristics:

  • Centralized location – so you can protect and secure your password “vault.”
  • Highly available and durable – so they are always there when you need them.
  • Encrypted – to avoid accidental exposure.
  • Group-accessible – passwords should NOT be owned by one single user; they should be owned by a group. You don’t want critical system access to depend on one individual.
  • Versioned – so that critical keys won’t accidentally be over-written.
  • Searchable – to prevent loss, duplication, and general inefficiency.
  • No credential sharing to enable identity tracking, revocation, and rotation.
  • API-accessible – so they can be distributed into the infrastructure via scripts and programs.
  • Separation of duties – so that one group can update the passwords and another group can use them.

What to do about it?

You can build out your own modern password management system. Or you can outsource it to an expert — just like you’ve outsourced other important supporting functions of your business to the cloud or Internet services.

My suggestion: Go to and either sign up for the hosted service (my personal preference) or get ahold of the AMI and run it on your own AWS instance.

There’s NO excuse for not plugging this hole right now.  Just do it.

Posted in Enterprise Software, Information Technology, Start-Ups | 1 Comment

Finding a Great Lawyer for Your Start-Up

Given the optimism in start-up circles these days, you don’t need much to start a new company – usually just a strong mission, an AWS account and some Diet Coke.  However, one of the few essentials is a great lawyer – a great start-up lawyer.  

Caring for the needs of big companies vs. caring for the needs of start-ups is a bit like caring for a teenager vs. caring for an infant. Founders (especially first-time founders) need someone who understands the common pitfalls and can prevent you from falling into them. You also want someone who respects the challenges of starting a new company. Finally, pick the lawyer (not the law firm) as your partner, and look for someone whom you can trust deeply.

A great start-up lawyer understands that the real benefit of this partnership comes as your business grows, and thus is willing to do a bit more for a bit less in compensation during the early stages. Just like angels or VCs who invest money, start-up lawyers have to choose their projects carefully: they’re making a bet on you and your business. This is why it can sometimes be difficult to get the attention of the best start-up lawyers. The best lawyers want to work with entrepreneurs who educate themselves to work efficiently with lawyers.

The biggest mistake you can make is picking a lawyer you know instead of a lawyer who specializes in start-ups. Think about it this way: if you were diagnosed with a serious illness, would your first visit be to a general practitioner or a specialist in the disease?

Keep in mind the following rules when picking a lawyer:

  • Pick a lawyer who has successfully represented companies you respect. It’s the easiest and most effective filter.
  • Show that you have done your homework and are serious about your business. Educate yourself on the basics of cap tables, governance and BOD work for start-ups. If you don’t know what pro rata means, you probably haven’t worked hard enough.
  • Give the lawyer the opportunity to be an advisor. This means more than superficially asking for his or her advice. Make sure your lawyer is inspired by your mission and expected to tell you when you’re doing something wrong. And ALWAYS be up front about how you expect to engage with your lawyer. Good lawyers will want to know how and when they are going to be compensated before they will invest a bunch of time in you.

The good news: these lawyers (and many other professionals and organizations who help start-ups) are helping educate and empower entrepreneurs by providing templates for common deliverables – for example, freely available term sheetscompany registration forms and cap tables (from Orrick and Fred Wilson). Firms like Clocktower Law disclose their rates online and make it exceptionally easy to get specialized work done.

My Short List of Great Start-up Lawyers

Here are my favorite start-up lawyers.

Mitch Zuklie Orrick
Marc Dupre Gunderson
John Chory Latham
Bill Schnoor Goodwin

There are likely many other great start-up lawyers; however, these are the ones with whom I’ve worked with most closely and know to be solid.  Good luck with your search.

Posted in Companies, Entrepreneurship, Founders, Start-Ups | 6 Comments