What Heartbleed Can Teach The OSS Community About Marketing

If you’re a technologist and you’re not living under a rock, you’ve heard about Heartbleed, which is a Severity: Apocalyptic bug in the extraordinarily widely deployed OpenSSL software.  Heartbleed lets anyone capable of finding a command line read encryption keys, passwords, and other private data out of affected systems.  If you don’t remember addressing this in the last 48 hours close this window immediately and get to work.

Now that we’re past the immediate panic phase, though, I want to share some lessons learned.  Security experts can tell you more than I can about what it means for good C coding practices in high-criticality security libraries.  I want to take a moment to point at the marketing aspects of it: how the knowledge about Heartbleed managed to spread within a day and move, literally, hundreds of thousands of people to remediate the problem.

Heartbleed is much better marketed than typical for the OSS community, principally because it has a name, a logo, and a dedicated web presence.

What’s In A Name

Remember CVE-2013-0156?  Man, those were dark days, right?

Of course you don’t remember CVE-2013-0156.

The security community refers to vulnerabilities by numbers, not names.  This does have some advantages, like precision and the ability to Google them and get meaningful results all of the time, but it makes it very difficult for actual humans to communicate about the issues.

CVE-2013-0156 was the Rails YAML deserialization vulnerability.  ”Oh!  I remember that one!”, said the technologists in the room.  Your bosses don’t.  Your bosses / stakeholders / customers / family / etc also cannot immediately understand, on hearing the words “Rails YAML deserialization vulnerability”, that large portions of the Internet nearly died in fire.  After I wrote a post about that vulnerability I was told for weeks by frustrated technologists about e.g. VPs nixing remediation efforts due to not understanding how critical it was.  That’s a failure of marketing.

Compare “Heartbleed” to CVE-2014-0160, which is apparently the official classification for the bug.  (I say “apparently” because I cannot bring myself to care enough to spend a minute verifying that.)  Crikey, what a great name that is.

  • It references the factual underlying technical reality of the vulnerability, which is data leakage during a heartbeat protocol.
  • It is very emotionally evocative.  Think of your associations — “my heart bleeds for you”, the Sacred Heart and associated iconography, etc.
  • It sounds serious and/or fatal.

Geeks sometimes do not like when technical facts are described in emotionally evocative fashion.  I would agree if it were for the purpose of distortion, but “If you use OpenSSL 1.0.1a-f you could be leaking server memory” actually is serious and/or fatal, so describing it as such has the benefit of making people seek immediate resolution, which should be our goal as technologists.

Unique names (and “Heartbleed” is unique, given that you’d be hard pressed to find any mention of it which predates the vulnerability) are useful for communicating shared concepts between people.  My Twitter stream for the last few days is people sensibly discussing e.g. “Don’t forget, you can be heartbled in a client context”, “How do you fix Heartbleed on Ubuntu?”  ”Depends — older versions aren’t vulnerable, newer versions can just apt-get update & upgrade”  ”Thanks!”

This is a substantial improvement on conversations I’ve had about previous vulnerabilities, where you often end up discussing, e.g., “the Rails bug.”  Which one?  You know, THE bug.  Wait THE bug or the other bug?  The YAML bug.  Wait wait the YAML bug in the XML handling or the class of bugs caused by YAML deserialization?  Man, would that have been an easier month if we had all been talking about DeserialKiller.

Names which don’t involve arcane trivia like “OpenSSL 1.0.1g” are also easy to communicate with non-technical stakeholders.  If you had a launch yesterday, and you were forced to choose between making the launch date and fixing Heartbleed, you absolutely should have scrubbed the launch.  We were all racing against for loops and the prize for 2nd place was “Our customers’ security gets horribly abused.”  To actually scrub the launch, you might need to convince e.g. a manager that despite the company having dropped $100k on a splashy ad campaign, Heartbleed was priority #1.  The image of your lifeblood dripping out was more likely to successfully accomplish that than a CVE number.

Clear Communication

The Heartbleed announcement should be taught in Technical Writing courses.  It is masterful communication.  Let me quickly excerpt the first three paragraphs:

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.

What leaks in practice?

We have tested some of our own services from attacker’s perspective. We attacked ourselves from outside, without leaving a trace. Without using any privileged information or credentials we were able steal from ourselves the secret keys used for our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication.

That is tight, precise, hard-hitting writing, of the sort which we normally associate with journalists rather than cryptographers or software engineers.  It is both technically accurate and yet comprehensible if you are not a technologist.  It doesn’t bury the lede about severity: “popular $MUMBOJUMBO software library” “allows stealing the information protected” on your “web, email, IM, and virtual private networks” “without leaving a trace” including “user names and passwords, instant messages, emails, and business critical documents and communication.”

The website goes on to provide technical details and remediation advice, but you can already tell your boss “I can’t do that today, boss.  We have to respond to heartbleed.com.”  If he spends even 30 seconds glancing at that executive summary he’ll say “Crikey.  Yep, you do.”  I particularly liked the recognition that most remediation of Heartbleed would be done by businesses, which is probably why the writer focused on “business critical documents” rather than the more anodyne “data.”  Data gets weighed by the gigabyte but business critical documents spur immediate action when threatened.

The Benefits Of A Dedicated Web Presence

I often tell OSS practitioners to use dedicated web presences for projects they consider important, as opposed to dangling them off of (without loss of generality) Github.  Why?

People will generally try to link to something to describe a project / vulnerability / etc, and having an easy and obviously linkable canonical description is both best for clarity and best for your own personal interests as the project/etc creator.  Heartbleed.com is the canonical explanation of Heartbleed, both because people trust $8.95 domain names and because it was first published, came with a design/logo and comprehensive information, and is suitably authoritative in character.

Compare it to the best canonical reference you can find about CVE-2013-0156.  That would be an archived copy of a plain-text email, hosted on Google Groups.  It isn’t particularly attention grabbing, doesn’t really scream “citable” to either a technical or non-technical audience, and is optimized for a fairly narrow strand of practitioners rather than the much larger audience of people who should have cared about CVE-2013-0156.

Visual Identity Is Important

The Heartbleed logo is probably one of the highest ROI uses of ~$200 in the history of software security.  (I don’t actually know whether they got it done for $200, but that is about what I paid the last time I had a logo done for an OSS project.)

Heartbleed Logo

I saw some kvetching on Twitter to the effect that the logo designer heard about Heartbleed before the distribution maintainers at e.g. Ubuntu and RedHat did.  This kvetching is wrongheaded, because the logo designer only needed the instruction “We have a project named Heartbleed.  Come up with a logo which says serious danger.”  rather than “Apropos of nothing, mostly non-technical logo designer, the heartbeat protocol in OpenSSL 1.0.1a through 1.0.1f has been fubared for 2 years now.  Don’t tell the Ubuntu guys though, we’re trying to keep it a secret!”

(I am, for what it is worth, absolutely agnostic on who should have preferential access to information of upcoming vulnerabilities with regards to a particular project.  This strikes me as something which should be bought from maintainers/security researchers if you care about it, but I’m only weakly committed to that.)

Why spend the extra money for a logo?  Because it suggests professionalism and dedicated effort, because it will be used exhaustively in media coverage of the vulnerability, because it further deepens the branding association of the vulnerability, the name, the logo, and the canonical web presence, and because it also suggests danger.  Is it the best logo in the history?  No.  This one won’t win design awards.  But it certainly does the job with aplomb.

OSS projects often don’t have logos or, ahem, do not devote to them the level of technical excellence that they devote to their products.  I will refrain from pulling in examples here to make my point.

Marketing Helps Accomplish Legitimate Goals

There exists a huge cultural undercurrent in the OSS community which suggests that marketing is something that vaguely disreputable Other People do which is opposed to all that is Good And Right With The World, like say open source software.  Marketing is just a tool, and it can be used in the cause of truth and justice, too.

As technologists, the Heartbleed vulnerability posed an instant coordination problem.  We literally had to convince hundreds of thousands of people to take action immediately.  The consequences for not taking action immediately were going to be disastrous.  They were not limited to “mere” violations of computer security, but would have had dire economic and social consequences in the real world.  Livelihoods (and, likely, lives) were at stake.

Given the importance of this, we owe the world as responsible professionals to not just produce the engineering artifacts which will correct the problem, but to advocate for their immediate adoption successfully.  If we get an A for Good Effort but do not actually achieve adoption because we stick to our usual “Put up an obtuse notice on a server in the middle of nowhere” game plan, the adversaries win.  The engineering reality of their compromises cannot be thwarted by effort or the feeling of self-righteousness we get by not getting our hands dirty with marketing, it can only be thwarted by successfully patched systems.

This makes marketing an engineering discipline.  We have to get good at it, or we will fail ourselves, our stakeholders, our community, and the wider world.

More OSS marketing like Heartbleed, please.

44 Comments

What I Would Do If I Ran Tarsnap

Tarsnap is the world’s best secure online backup service.  It’s run by Colin Percival, Security Officer Emeritus at FreeBSD, a truly gifted cryptographer and programmer.  I use it extensively in my company, recommend it to clients doing Serious Business (TM) all the time, and love seeing it successful.

It’s because I am such a fan of Tarsnap and Colin that it frustrates me to death.  Colin is not a great engineer who is bad at business and thus compromising the financial rewards he could get from running his software company.  No, Colin is in fact a great engineer who is so bad at business that it actively is compromising his engineering objectives.  (About which, more later.)  He’s got a gleeful masochistic streak about it, too, so much so that Thomas Ptacek and I have been promising for years to do an intervention.  That sentiment boiled over for me recently (why?), so I took a day off of working on my business and spent it on Colin’s instead.

After getting Colin’s permission and blessing for giving him no-longer-unsolicited advice, I did a workup of my Fantasy Tarsnap.  It uses no non-public information about Tarsnap.  (Ordinarily if I were consulting I wouldn’t be black boxing the business, but Tarsnap has unique privacy concerns and, honestly, one doesn’t need to see Colin’s P&L to identify some of the problems.)  This post is going to step through what I’d do with Tarsnap’s positioning, product, pricing, messaging, and marketing site.  It’s modestly deferential to my mental model of Colin — like any good consultant, I recommend improvements that I think the client will accept rather than potential improvements the client will immediately circular file because they compromise core principles.

Let me restate again, before we get started, that I am going to criticize Tarsnap repeatedly, in the good-faith effort to improve it, at Colin’s explicit behest.  I normally wouldn’t be nearly as vocally critical about anything created by a fellow small entrepreneur, but I know Colin, I want Tarsnap to win, and he wanted my honest opinions.

What’s Wrong With Tarsnap Currently?

Tarsnap (the software) is a very serious backup product which is designed to be used by serious people who are seriously concerned about the security and availability of their data.  It has OSS peer-reviewed software written by a world-renowned expert in the problem domain.  You think your backup software is written by a genius?  Did they win a Putnam?  Colin won the Putnam.  Tarsnap is used at places like Stripe to store wildly sensitive financial information.

Tarsnap (the business) is run with less seriousness than a 6 year old’s first lemonade stand.

That’s a pretty robust accusation.  I could point to numerous pieces of evidence — the fact that it is priced in picodollars (“What?”  Oh, don’t worry, we will come back to the picodollars), or the fact that for years it required you to check a box certifying that you were not a Canadian because Colin (who lives in Canada) thought sales taxes were too burdensome to file (thankfully fixed these days), but let me give you one FAQ item which is the problem in a nutshell.

Q: What happens when my account runs out of money?

A: You will be sent an email when your account balance falls below 7 days worth of storage costs warning you that you should probably add more money to your account soon. If your account balance falls below zero, you will lose access to Tarsnap, an email will be sent to inform you of this, and a 7 day countdown will start; if your account balance is still below zero after 7 days, it will be deleted along with the data you have stored.

Yes folks, Tarsnap — “backups for the truly paranoid” — will in fact rm -rf your backups if you fail to respond to two emails.

Guess how I found out about this?

I use Tarsnap to back up the databases for Appointment Reminder.  Appointment Reminder has hundreds of clients, including hospitals, who pay it an awful lot of money to not lose their data.  I aspire to manage Appointment Reminder like it is an actual business.  It has all the accoutrements of real businesses, like contracts which obligate me not to lose data, regulations which expose me to hundreds of thousands of dollars of liability if I lose data, insurance policies which cost me thousands of dollars a year to insure the data, and multiple technical mechanisms to avoid losing data.

One of those mechanisms was Tarsnap.  Tarsnap is a pre-paid service (about which, more later), so I had pre-paid for my expected usage for a year.  I tested my backups routinely, found they worked, and everything was going well.

Fast forward to two weeks ago, when idle curiosity prompted by an HN thread caused my to check my Tarsnap balance.  I assumed I had roughly six months remaining of Tarsnap.  In fact, I had 9 days.  (Why the discrepancy?  We’ll talk about it later, I am not good at forecasting how many bytes of storage I’ll need after compression 12 months from now, a flaw I share with all humans.)  I was two days away from receiving an email from Tarsnap “Your account is running a little low” warning.  Seven days after that my account would have run down to zero and Tarsnap would have started a 7 day shot clock.  If I didn’t deposit more money prior to that shot clock running out, all my backups would have been unrecoverably deleted.

I am, in fact, days away from going on a business trip internationally, which previous experience suggests is a great way for me to miss lots of emails.  This is pretty routine for me.  Not routine?  Getting all of my backups deleted.

Getting all of my backups deleted (forgive me for belaboring that but it is a fairly serious problem in a backup service) would be suboptimal, so I figured there must be a way to put a credit card on file so that Colin can just charge me however many picodollars it costs to not delete all the backups that I’d get sued for losing, right?

Quoth the Colin:

But if you’re saying I should have a mechanism for automatically re-billing credit cards when a Tarsnap account balance gets low — yes, that’s on my to-do list.

Lemonade stands which have been in business for 5 years have the take-money-for-lemonade problem pretty much licked, and when they have occasional lemonade-for-money transactional issues, the lemonade does not retroactively turn into poison.  But Tarsnap has been running for 5 years, and that’s where it’s at.

The darkly comic thing about this is I might even be wrong.  It’s possible Colin is, in fact, not accurately stating his own policies. It is possible that, as a statement about engineering reality, the backups are actually retained after the shot clock expires e.g. until Colin personally authorizes their deletion after receiving customer authorization to do so.  But even if this were true, the fact that I — the customer — am suddenly wondering whether Tarsnap — the robust built-for-paranoids backup provider — will periodically shoot all my backups in the head just to keep things interesting makes choosing Tarsnap a more difficult decision than it needed to be.  (If Colin does, in fact, exercise discretion about shooting backups in the head, that should be post-haste added to the site.  If he doesn’t and there is in fact a heartless cronjob deleting people’s backups if they miss two emails that should be fixed immediately.)

Positioning Tarsnap Away From “Paranoia” And Towards “Seriousness”

Let’s talk positioning.

You may have heard of the terms B2B and B2C.  Tarsnap communicates as if it were a G2G product — geek 2 geek.

How does Tarsnap communicate that its G2G?  Let me quickly screengrab the UI for Tarsnap:

15 6 * * * /usr/local/bin/tarsnap -c -f database_backups_`date +\%Y-\%m-\%d` /backups/ /var/lib/redis && curl https://nosnch.in/redacted-for-mild-sensitivity &> /dev/null

I’m not exaggerating in the slightest.  That’s literally pulled out of my crontab, and it is far and away the core use case for the product.

Other things you could point to in describing Tarsnap’s current positioning are its web design (please understand that when I say “It looks like it was designed by a programmer in a text editor” that is not intended as an insult it is instead intended as a literal description of its primary design influence), the picodollar pricing, and numerous places where the product drips with “If you aren’t a crusty Unix sysadmin then GTFO.”

Example: Suppose you’re using Tarsnap for the first time and want to know how to do a core activity like, say, making a daily backup of your database.  That’s the need which motivated that command line soup above.  What does the Tarsnap Getting Started guide tell you to do?

If you’ve ever used the UNIX tar utility, you’ll probably be able to go from here on your own…

If you actually aren’t a master of the UNIX tar utility, don’t worry, there’s a man page available.  (It won’t actually help you accomplish your goal, because you are not a crusty UNIX sysadmin.)

This positioning has the benefit of being pretty clear — you will, indeed, quickly get the point and not use Tarsnap if you are not a crusty UNIX sysadmin — but it is actively harmful for Tarsnap.  Many people who would benefit most from Tarsnap cannot use it in its current state, and many people who could use it will not be allowed to because Tarsnap actively discourages other stakeholders from taking it seriously.

How would I position Tarsnap?

Current strap line: Online backups for the truly paranoid

Revised strap line: Online backups for servers of serious professionals

What does Tarsnap uniquely offer as a backup product?  Why would you use it instead of using Dropbox, SpiderOak, Backblaze, a USB key, or a custom-rolled set of shell scripts coded by your local UNIX sysadmin?

Tarsnap is currently defined by what it doesn’t have: no Windows client.  No UI.  Essentially no guidance about how to use it to successfully implement backups in your organization.

Tarsnap should instead focus on its strengths:

Tarsnap is for backing up servers, not for backing up personal machines.  It is a pure B2B product.  We’ll keep prosumer entry points around mainly because I think Colin will go nuclear if I suggest otherwise, but we’re going to start talking about business, catering to the needs of businesses, and optimizing the pieces of the service “around” the product for the needs of businesses.  We’ll still be pretty darn geeky, but treat the geek as our interface to the business which signs their paychecks and pays for Tarsnap, rather than as the sole customer.

Why should Tarsnap focus on backing up servers rather than even attempting to keep regular consumers in scope?

  • The average consumer is increasingly multi-device, and Tarsnap absolutely sucks for their core use case currently.  They want photos from their iPhone to work on their Windows PC.  They have an Android and a Macbook.  They have multiple computers at use simultaneously in their family.  Tarsnap is absolutely unusable for all of these needs.  These needs are also increasingly well-served by companies which have B2C written into their DNA and hundreds of millions of dollars to spend on UXes which meet the needs of the average consumer.  Colin has neither the resources nor the temperament to start creating compelling mobile apps, which are both six figures and table stakes for the consumer market right now.
  • Tarsnap’s CLI is built on the UNIX philosophy of teeny-tiny-program-that-composes-well.  It’s very well suited to backing up infrastructure, where e.g. lack of a GUI would cripple it for backing up data on workstations.  (We’ll ignore the lack of a Windows client, on the theory that UNIX has either won the server war or come close enough such that durably committing to the UNIX ecosystem leaves Tarsnap with plenty of customers and challenges to work on.)
  • Data on servers is disproportionately valuable and valuable data is disproportionately on servers.  Consumers like to say that their baby photos are priceless.  Horsepuckey.  Nobody rushes into burning houses for their baby photos.  Empirically, customers are not willing to spend more than $5 to $10 a month on backup, and that number is trending to zero as a result of rabid competition from people who are trying to create ecosystemic lock-in.  Businesses, on the other hand, are capable of rationally valuing data and routinely take actions which suggest they are actually doing this.  For example, they pay actual money to insure data, just like they buy insurance on other valuable business assets.  (Appointment Reminder, a fairly small business, spends thousands of dollars a year on insurance.)  They hire professionals to look after their data, and they pay those professionals professional wages.  They have policies about data, and while geeks might treat those policies as a joke, they are routinely enforced and improved upon.

An immediate consequence of focusing Tarsnap on servers is that its customers are now presumably businesses.  (There exist geeks who run servers with hobby projects, but they don’t have serious backup needs.  Have they taken minimum sane steps with regards to their hobby projects like spending hours to investigate backup strategies, incorporating to limit their liability, purchasing insurance, hiring professionals to advise them on their backup strategies, etc?  No?  Then their revealed preference is that they don’t care all that much if they lose all their hobby data.)

How do we talk to the professionals at businesses?  First, we can keep our secret geek handshakes, but we also start recognizing that most businesses which are serious about their data security will have more than one person in the loop on any decision about backup software.  Why?  Because having something as important as the security of their data come down to just one person is, in itself, a sign that you are not serious.  No sophisticated business lets any single person control all the finances for the company, for example, because that is an invitation to disaster.  We also recognize that these additional parties may not be geeks like the person who will be physically operating Tarsnap, so we’re going to optimize for their preferences as well as the geeks’.

What does this mean?

We decide to look the part of “a serious business that you can rely on.”  Tarsnap.com is getting a new coat of paint (see below) such that, if you fire your boss an email and say “Hey boss, I think I want to entrust all of our careers to these guys”, your boss doesn’t nix that idea before Malcom Gladwell can say blink.

We start arming our would-be-customer geeks to convince potentially non-technical stakeholders that Tarsnap is the correct decision for their business’ backup needs.  This means that, in addition to the geek-focused FAQ pages, we create a page which will informally be labeled Convince Your Boss.  Many conventions which geeks would be interested in, for example, let their would-be attendees print letters to their bosses justifying the trip in boss-speak (ROI, skills gained as a result of a training expenditure, etc).  I sort of like Opticon’s take on this.  Tarsnap will similarly create a single URL where we’ll quickly hit the concerns non-technical stakeholders would have about a backup solution: reliability, security, compliance, cost, etc.  This page would literally be 1/5th the size of this blog post or less and take less than an hour to write, and would probably double Tarsnap’s sales by itself.  The page will not mention command line interfaces, tar flags, crontabs, or picodollars.

We speak our customers’ language(s).  This doesn’t mean that we have to suppress Colin’s/Tarsnap’s nature as a product created by technologists and for technologists.  It just means that we explicitly recognize that there are times to talk tar flags and there are times to talk in a high-level overview about legitimate security concerns, and we try not to codeshift so rapidly as to confuse people.

We burn the picodollar pricing model.  With fire.  It’s fundamentally unserious.  (Ditto Bitcoin, the availability of which is currently Tarsnap’s view of the #1 most important they could be telling customers, rather than boring news like “Tarsnap is used by Stripe” or “Tarsnap hasn’t lost a byte of customers’ data in history.”)

Pricing Tarsnap Such That People Who Would Benefit From It Can Actually Buy It

Tarsnap’s current pricing model is:

Tarsnap works on a prepaid model based on actual usage.

Storage: 250 picodollars / byte-month
($0.25 / GB-month)
Bandwidth: 250 picodollars / byte
($0.25 / GB)

These prices are based on the actual number of bytes stored and the actual number of bytes of bandwidth used — after compression and data deduplication. This makes Tarsnap ideal for daily backups — many users have hundreds of archives adding up to several terabytes, but pay less than $10/month.

Colin, like many technologists, is of the opinion that metered pricing is predictable, transparent, and fair.  Metered pricing is none of predictable, transparent, or fair.

Quick question for you, dear reader: What would you pay for using Tarsnap to back up your most important data?

You don’t know.  That’s not a question, it’s a bloody fact.  It is flatly impossible for any human being to mentally predict compression and data duplication.  Even without compression and data duplication, very few people have a good understanding of how much data they have at any given time, because machines measure data in bytes but people measure data in abstractions.

My abstraction for how much data I have is “One MySQL database and one Redis database containing records on tens of thousands of people on behalf of hundreds of customers.  That data is worth hundreds of thousands of dollars to me.”  I have no bloody clue how large it is in bytes, and — accordingly — had to both measure that and then do Excel modeling (factoring in expected rate of growth, compression ratios, deduplication, etc etc) to guess what Tarsnap would cost me in the first year.  (Why not just say “It’s a lot less than $1,000 so I’ll give Colin $1,000 and revisit later?”  Because I have two countries’ tax agencies to deal with and my life gets really complicated if I pre-pay for services for more than a year.)

I screwed up the Excel modeling because, while I correctly modeled the effect of increasing data requirements due to the growth of my service in the year, I overestimated how much data compressed/deduplication would happen because I was storing both plain text files and also their compressed formats and compressed files do not re-compress anywhere near as efficiently as non-compressed files.  Whoopsie!  Simple error in assumptions in my Excel modeling, Tarsnap actually cost 4X what I thought it would.

By which I mean that instead of costing me $0.60 a month it actually costs me $2.40 a month.

This error is symptomatic of what Tarsnap forces every single customer to go through when looking at their pricing.  It is virtually impossible to know what it actually costs.  That’s a showstopper for many customers.  For example, at many businesses, you need to get pre-approval for recurring costs.  The form/software/business process requires that you know the exact cost in advance.  ”I don’t know but we’ll get billed later.  It probably won’t be a lot of money.” can result in those requests not getting approved, even if the actual expense would be far, far under the business’ floor where it cared about expenses.  It is far easier for many businesses to pay $100 every month (or even better, $1,500 a year — that saves them valuable brain-sweat having to type things into their computer 11 times, which might cost more than $300) than to pay a number chosen from a normal distribution with mean $5 and a standard deviation of $2.

So the pricing isn’t clear/transparent, but is it fair?  ”Fair” is a seriously deep issue and there are all sorts of takes on it.  As happy as I would be to discuss the intersection of Catholic teaching on social justice and SaaS pricing grids, let’s boil it down to a simple intuition: people getting more value out of Tarsnap should pay more for it.  That quickly aligns Tarsnap’s success with the customer’s success.  Everybody should be happy at that arrangement.

So why price it based on bytes?  Metering on the byte destroys any but the most tenuous connection of value, because different bytes have sharply different values associated with them, depending on what the bytes represent, who owns the bytes, and various assorted trivialities like file format.

Here’s a concrete example: I run two SaaS products, Bingo Card Creator and Appointment Reminder.  Bingo Card Creator makes bingo cards, sells to $29.95 to elementary schoolteachers, is deeply non-critical, and is worth tens of thousands of dollars to me.  Appointment Reminder is core infrastructure for customers’ businesses,  sells for hundreds to tens of thousands per year per customer, is deeply critical, and is worth substantially more than tens of thousands of dollars.

So the fair result would be that BCC pays substantially less than Tarsnap for AR, right?  But that doesn’t actually happen.  My best guesstimate based on Excel modeling (because BCC never bothered implementing Tarsnap, because I’m not mortally terrified that I could wake up one morning and Mrs. Martin’s 8th grade science bingo cards created in 2007 could have vanished if my backups failed) is that BCC would pay at least five times as much as Appointment Reminder.

What other intuitions might we have about fairness?  Well, let’s see, my company is engaged in arms length dealings with Tarsnap and with many other vendors.  I think it sounds fair if my company pays relatively less money for non-critical things, like say the cup of coffee I am currently drinking ($5), and relatively more money for critical things, like say not having all of my customer data vanish (Tarsnap).

I recently did my taxes, so I know with a fair degree of certainty that I spend more than $10,000 a year on various SaaS products.  (Geeks just gasped.  No, that’s not a lot of money.  I run a business, for heaven’s sake.  By the standards of many businesses I have never even seen a lot of money, to say nothing of having spent it.)

This includes, most relevantly to Tarsnap, $19 a month for Dead Man’s Snitch.  What does DMS do for me?  Well, scroll back up to the entry from my crontab: it sends me an email if my daily tarsnap backup fails.  That’s it.  Why?  Because “the backup did not happen” is a failure mode for backups.  Tarsnap does not natively support this pretty core element of the backup experience, so I reach to an external tool to fill that gap… and then pay them 10X as much for doing 1/1000th the work.  What?

(Let me preempt the Hacker News comment from somebody who doesn’t run a business: Why would you use DMS when you could just as easily run your own mail server and send the mail directly?  Answer: because that introduces new and fragile dependencies whose failure would only be detected after they had failed during a business catastrophe and, incidentally, be designed to avoid spending an amount of money which is freaking pigeon poop.)

So how do we charge for Tarsnap that accomplishes our goals of being predictable, transparent, and fair?

  • We’re going to introduce the classic 3 tier SaaS pricing grid.  This will give the overwhelming majority of our customers a simple, consistent, predictable, fair price to pay every month.
  • We’ll keep metered pricing available, but demote it (both visually and emphasis-wise) to a secondary way to consume Tarsnap.  It will now be called Tarsnap Basic.  Tarsnap Basic customers are immediately grandfathered in and nothing about their Tarsnap experience changes, aside from (perhaps) being shocked that the website suddenly looks better (see below).
  • We honor Colin’s ill-considered price decrease which he awarded customers with following the recent AWS/Google/Microsoft/etc platform bidding war.

We’re going to use our pricing/packaging of Tarsnap to accomplish price discrimination between customer types.  Our primary segmentation axis will not be bytes but will instead be “level of sophistication”, on the theory that quantum leaps in organizational sophistication/complexity roughly correspond with equal or higher leaps in both value gotten out of Tarsnap and also ability to pay.

Here’s some potential packaging options as a starter point.  These don’t have to be frozen in time for all eternity — we could always introduce them in April 2014, keep them around for 6 months, and then offer a new series of plans at that point in response to customer comments, our observations about usage, the degree to which they accomplish Tarnsap business goals, and the like.

The questions of what the pricing/packaging is and how we present it to customers are related but distinct.  This is the version for internal consumption — actual design of the pricing grid took more than 15 minutes so I decided to nix it in favor of shipping this post today.

Tarsnap Professional Tarsnap Small Business Tarsnap Enterprise
$50 / month $100 / month $500 / month
All of Tarsnap Basic All of Tarsnap Basic All of Tarsnap Basic
10 GB Unlimited storage, up to 500 GB of media Unlimited storage, up to 1 TB of media
Priority support Priority support
Onboarding consultation Onboarding consultation
Custom legal / compliance documentation
POs & etc

That’s the offering at a glance. What changed?

We’re de-emphasizing “count your bytes” as a segmentation engine. I picked 10 GB for Tarsnap Professional because it feels like it is suitably generous for most backup needs but could plausibly be exceeded for larger “we want our entire infrastructure to be Tarsnapped” deployments. Importantly, I’m *not* segmenting by e.g. number of machines, because I think the market is moving in a multi-machine direction and Tarsnap is so effective and elegant at supporting that sort of incredibly valuable and sticky use case that I don’t want to impede it. (Tarsnap also must implement multi-user accounts and permissions for larger businesses, because that is a hard requirement for many of them. They literally cannot adopt Tarsnap unless it exists. That’s a natural addition at the Small Business or Enterprise level, but since that feature does not currently exist I’m punting from including it in the current packaging offering. Once it’s available I say put it on Enterprise and then grandfather it onto all existing customers to say “Thanks for being early adopters!”, and consider adding it to Small Business if you get lots of genuinely small businesses who both need it but balk at $500 per month.)

We’ve added “effectively unlimited” storage to Tarsnap.  I think Colin just blew approximately as many gaskets at this change as I blew when I heard he was lowering his prices.  Revenge is sweet.  See, Colin has always priced Tarsnap at cost-plus, anchoring tightly to his underlying AWS costs.  Tarsnap is not AWS plus a little sauce on top.  AWS is a wee little implementation detail on the backend for most customers.  Most Tarsnap customers don’t know that AWS underlies it and frankly don’t care.  If you assert the existence of strangely technically savvy pixies who have achieved redundant storage by means of writing very tiny letters on coins guarded by a jealous dragon, and Tarsnap used that instead, Tarsnap would be the same service.

Tarsnap isn’t competing with AWS: the backups being safely encrypted is a hard requirement for the best customers’ use of Tarsnap.  I can’t put my backups on AWS: instant HIPAA violation.  Stripe can’t put their customers’ credit cards on AWS: instant PCI-DSS violation.  We both have strong security concerns which would suggest not using unencrypted backups, too, but — like many good customers for Tarnsap — we never entertained unencrypted backups for even a picosecond.

So we’re breaking entirely from the cost-plus model, in favor of value-oriented pricing?  What does this mean for customers?

They don’t have to have a to-the-byte accurate understanding of their current or future backup needs to guesstimate their pricing for Tarsnap anymore.  You could ask people interviewing for position of office manager, without any knowledge of the company’s technical infrastructure at all, and they would probably correctly identify a plan which fits your needs.  Stripe is on Enterprise, bam.  Appointment Reminder is on Small Business, bam.  Run a design consultancy?  Professional, bam.  Easy, predictable, fair pricing.

Why have the media limit in there?  Because the only realistic way you can count to terabytes is by storing media (pictures, music, movies, etc).  Colin is in no danger of selling Tarsnap to people with multiple terabyte databases — there’s only a few dozen of those organizations in the world and they would not even bring up Tarsnap to joke about it.  (That’s, again, said with love. AT&T will not be using Tarsnap to store their backed up call records.)  You won’t hit a terabyte on e.g. source code.  If someone does, ask for their logo for the home page and treat their COGS as a marketing expense.

How does Colin justify the “media” bit to customers?  Simple: “Tarsnap is optimized for protecting our customers’ most sensitive data, rather than backing up high volumes of media files.  If you happen to run a film studio or need backups for terabytes of renders, drop us a line and we’ll either custom build you a proposal or introduce you to a more appropriate backup provider.”

Colin probably blew his stack about Tarsnap no longer being content neutral, because this requires us knowing what files his customers are storing in Tarsnap.  No, it doesn’t.  You know how every ToS ever has the “You are not allowed to use $SERVICE for illegal purposes” despite there being no convenient way to enforce that in computer code?  We simply tell customers “Don’t use this plan if you have more than 1 TB of media.  We trust you.  We have to, since the only information our servers know about your use is $TECHNICAL_FACT_GOES_HERE.”   If this trust is ever abused in the future Colin can code up a wee lil’ daemon which checks customers accounts and flags them for review and discussion if they hit 30 TB of post-compression post-deduplication usage, but it’s overwhelmingly likely that nobody will attempt to abuse Colin in this fashion because serious businesses take stuff that you put into contracts seriously.  That’s 99.54% of why contracts exist.  (Most contracts will never be litigated.  If anyone ever abuses Colin and does not correct their use when told to, he’ll simply point to the “We can terminate you at any time for any reason” line in his ToS written there by any serious lawyer.)

I will briefly observe, with regards to cost control, that if every customer used 100 GB of data then this would cost Colin single-digit dollars per customer per month, that 100 GB of (de-duplicated, compressed) data is actually incredibly rare.  Since the happy use case for Tarsnap involves virtually never downloading from the service (because backups are inherently write-seldomly-read-very-very-very-infrequently) AWS’ “bandwidth free incoming, bandwidth cheap outgoing” will not meaningfully affect costs-of-goods (i.e. Colin’s marginal expenditure to have the Nth marginal client on Tarsnap).

I will also briefly observe that Colin does not currently have a terminate-your-account option in his ToS.  Why?  Probably because no lawyer was involved in creating it, a decision which should be revised in keeping with positioning Tarsnap as a serious business which transacts with other serious businesses.  Lawyers will occasionally ask technologists for silly contractual terms which have no relation to technical reality.  Reserving the right to terminate accounts is not that kind of term.  If any clients strongly object to it, they can have their own lawyer draw up a contract and pay Enterprise pricing after Colin’s lawyers have reviewed and negotiated the contract.  You want to hear why SaaS businesses should always keep a no-fault-terminate option available?  Get any group of SaaS owners together and ask for horror stories.  A surprising number of them involve literal insanity, involvement of law enforcement, threats, and other headaches you just don’t need to deal with for $29/$50/whatever a month.

What does priority support mean?

It means that Colin will answer emails to prioritysupport@ before he answers emails to support@.  That’s it.

I know, I know, this blows geeks’ minds.  Is it OK to charge for that?  Of course it is.  You advertised what they were getting, they accepted, and you delivered exactly what you promised.  That’s what every legitimate transaction in history consists of.

Why would customers buy this?  Perhaps because they have company rules such that they always purchase the highest level of support, and the difference between $50 and $100 a month is so far below their care floor that that avoiding requesting an exception is worth the marginal cost to them.  Perhaps because when their backups have a problem a difference of a few minutes is actually an issue for them.  Perhaps because it isn’t really an issue for them (if it is, Tarsnap’s SLA is a nonstarter, seeing as Tarsnap has no SLA) but they like to see themselves as important enough that it is.  Perhaps because they’re worth billions of dollars and run credit card transactions for hundreds of thousands of people and why are we even having this discussion of course they want priority support for our backups.  (That’s called “price insensitivity” and every B2B SaaS ever should take advantage of it.)

What is an onboarding consultation?

Nobody buys Tarsnap because they want to use Tarsnap.  They buy Tarsnap because they have a burning need in their life for encrypted reliable backups (or a need for not losing their data in event of a breach or a fire or a hard drive failure or all the other ways you can lose data).  Tarsnap is a piece of the puzzle for meeting that need, but it isn’t all of it.

Can I confess ineptitude with UNIX system administration?  I founded a company, but I’m not a sysadmin.  My first several days of using Tarsnap were marred because the cronjob entry which I thought was supposed to do a timestamped backup every day was failing because of improper use of backticks in bash or some nonsense like that.  Whatever.  Now that it works it doesn’t matter what the problem was, but back when I implemented Tarsnap, that was a problem for me.  I guarantee you that Colin could have dealt with that problem in seconds.  I would love to have had him available to do that.  Now in actual fact I could probably have just sent Colin an email and he would have gladly helped me, but I didn’t do that because I’m a geek and I hate imposing on people, so why not make that offer explicit?

There’s many other ways to fail at backups other than screwing up your crontab.  Did you want to backup your MySQL database?  Did you backup the actual data files rather than a mysqldump?  Sucks to be you, but you won’t know that until the most critical possible moment, likely several years from now.  Did you forget to print a hard copy of your Tarsnap private key?  Sucks to be you, but you won’t know that until your hard drive fails.  etc, etc

Colin is a very smart guy and he has more experience at backups than many of his customers, so why not offer to make sure they get up and running on the right foot?  He does consulting anyhow (or did, back when Tarsnap was not paying the bills), so just do it in the service of the product: ask customers about their businesses, make sure they’re backing up the right information on a sensible schedule, and offer to assist with the non-Tarsnap parts of the puzzle like monitoring, auditing, compliance, etc etc.  (That would, incidentally, expose Colin to real-life justifications for features which should absolutely be in-scope for Tarsnap, like monitoring.)  It makes it easier for clients to justify using Tarsnap, easier for them to succeed with using Tarsnap, and easier for them to justify to other stakeholders why they went for the Enterprise plan rather than the Professional plan.  Businesses are quite used to paying for experts’ time.

(From Colin’s perspective, by the way, the effective hourly rate on these free consultations will eventually absolutely ROFLstomp his highest hourly rate.  I charged $30k a week back when I was a consultant, and onboarding Appointment Reminder customers is still monetarily a better use of my time.  ”Hundreds of dollars a month” multiplied by “many customers” multiplied by “years on the service” eventually approaches very interesting numbers.)

What does custom legal / compliance documentation mean?

Many larger businesses require certain contractual terms to buy software, even SaaS which those contractual terms do not contemplate.  (e.g. “You should provide us with media containing the newest version of the software on request, delivered via courier within 7 business days.” <– an actual term I’ve been asked to sign for SaaS).  Instead of saying “We have a ToS which is a take-it-or-leave-it proposition”, say “We’re willing to have our lawyers look over any terms you have, and will either counteroffer or accept them depending on whether they’re reasonable.  This is available at our Enterprise pricing level.”

If your organization is sophisticated enough such that it can afford counsel and layers of scar tissue that generate custom language required to use software, it can afford Enterprise pricing.  If it’s not, you can use the easy, affordable options in the other columns.  (And while we won’t say this in so many words to clients, if you think you get custom legal work done for you at the lowest price, you are irrational and we do not desire your custom.  I’ve had clients ask me to sign their handwritten-and-scanned contracts which all but obligate me to give them my firstborn if Microsoft eats their Googles… and could I get the $29 a month pricing, please.  I’m not even going to waste my lawyer’s time with looking at it for less than $500 a month.)

In addition to improving Colin’s ability to get people up to Enterprise pricing, this opens new markets up for him.  For example, an IT company working with US healthcare clients might ask Colin to sign a BAA.  (I think, as a founder of a company which has to care about that, that Tarsnap is likely out of BAA scope, but somebody might ask him to sign that anyhow.  Better safe than sorry, etc.)  Rather than saying “No.”, Colin should say “Let me one that run by the lawyer.”, who will advise him that while it’s a paperwork hassle the first time it exposes him to zero legal risk.  So Colin would gladly cash that $500 a month check while mentioning explicitly on the website “Do you need HIPAA compliance for your backups?  We can accommodate that!”

Speaking of which: there should, eventually, be a Tarsnap in $INDUSTRY pages on the website for all of the top use cases.  On the healthcare page you could brag about HIPAA compliance, on the payment processing page about “Stripe uses us!” and DCI-PSS compliance, etc etc.

What is the transition strategy from metered pricing?

Simple.  Metered pricing is now called Tarsnap Basic and is available from one weeeeee little text link somewhere on the pricing page, or alternately by contacting Colin directly.  It has everything Tarsnap has as of the writing of this article.  Nobody who has ever used Tarsnap Basic has anything taken away.

Colin will be shocked and amazed at this, but very few customers are going to actually search out and find that link, he will not experience significant decreases in the number of new accounts he gets per month, and — I will bet pennies to picodollars — he discovers that, amazingly, the people who prefer Tarsnap Basic are, in fact, his worst customers in every possible way.  They’re going to take more time, use the service less, and in general be more of a hassle to deal with.

We grandfather in existing Tarsnap Basic clients.  If there is anybody paying Colin more than $100 or $500 a month for Tarsnap currently, Colin can either a) advise them that they should upgrade to one of the new plans (if they’re not using media files), b) immediately upgrade them to the new plan himself, or c) tell them “You’re now on a special variant of the new plans, such that you have no limit on your media files.  Otherwise it just purely saves you money.  Have a nice day.”  I feel that all of these are the right thing to do, and they might be the only recommendations in this post which Colin actually won’t object to.  Yay.

Why grandfather in clients?  It will cost us a bit of money in opportunity costs, but a) keeping commitments is the right thing to do, b) we can justify it as being a marketing expenditure to reward the loyalty of our early adopters, and c) the portion of customers receiving deeply discounted Tarsnap services will quickly approach zero because Tarsnap has yet to even scratch the surface of its total addressable market.

Why keep Tarsnap Basic at all?  Honestly, if this were a paid consulting gig, I would be pulling out my This Is Why You Brought Me In card here and going to the mattress on this issue: Tarsnap’s metered pricing is a mistake and should be killed, not rehabilitated.  You pick your battles with clients, but this one is worth fighting for.  Unfortunately, I believe that years of ragging Colin about picodollar pricing has caused him to dig in his heels about it, such that he feels it would be a rejection of the core of Tarsnap if he were to go to better pricing options.  Since I hope that Tarsnap actually improves as a result of this post, I’d be more than happy with an incremental improvement on the pricing.

What is a PO?

A PO is a Purchase Order.  It is a particular document enshrined as part of the purchasing ritual at many businesses, which often require a bit more ceremony to buy things than “Give us your credit card and we’ll Stripe it.”  Colin can now respond to any requirement for heightened purchasing ceremony with my magical phrase “I can do that with a one year commitment to the Enterprise plan.”

Can we pay with a PO?  “I can do that with a one year commitment to the Enterprise plan.”

Do we get a discount for pre-paying? ”I can do that with a one year commitment to the Enterprise plan.”  (Let’s be generous: $500 a month or $5k for the year.  Cheaper than a week of a sysadmin’s time!)

Can you help us work up an ROI calculation for our boss?  ”I can do that with a one year commitment to the Enterprise plan.”

Do you accept payment in yen?  ”I can do that with a one year commitment to the Enterprise plan.”

Can we pay you with a check?  ”I can do that with a one year commitment to the Enterprise plan.”

Tarsnap’s clients and Tarsnap will both benefit from Tarsnap charging more money

More money in the business will underwrite customer-visible improvements to the business, such as e.g. buying actual insurance for data which is in his care.  It will allow him to prioritize features that core customers really need, like e.g. the recurring billing thing which has been on the back burner for several years now.  It will let him not have to worry about cash flow as much as he is presumably doing currently, allowing him to take customer-favorable actions like not deleting all of your backups within days of a transient credit card failure.

It will allow Colin to buy his way around the bus number question.  (“What happens if you get hit by a bus?”  Currently: Nothing immediately, but eventually the service might fail.  We hope we fail at a time convenient for you to not have any of your backups?  Later: Don’t worry, we have systems and processes in place to cover business continuity issues.  Our lawyers have a copy of our credentials in escrow and we have a well-regarded technical firm on retainer.  In the event of my death or incapacitation, contracts activate and the business is wound down in an orderly fashion, such that your data is never lost.  You’d have several months to decide whether to keep your backups with a successor organization or migrate them to other providers, and our successor organization would assist with the migration, free of charge.  We have this described in a written Business Continuity Plan if you’d like to take a look at it.)

It also, frankly, compensates Colin better for the enormous risk he took in founding Tarsnap (as opposed to e.g. working in-house at any of his clients).  I know Colin is pretty happy with the living Tarsnap currently affords him.  Bully for him.  I hate attempting to change anyone’s mind about core philosophical beliefs, but on this particular one, Joel Spolsky did me an enormous favor back in the day and I’d like to pay that forward to someone else in the community.  (Particulars elided because it was a private conversation, but Joel convinced me not to just get BCC to the point of self-sufficiency and then retire, and part of the rationale is relevant to Colin.)

What we’re fundamentally concerned with here is an allocation of the customer surplus — the difference between what customers would pay and what they actually pay — between the customers and Colin, in his capacity as Chief Allocator For Life Of All Tarsnap-related Surpluses.  Colin is currently deciding that his customers are the most deserving people in the entire world for those marginal dollars.

Is that really true?  Appointment Reminder, LLC is a force for good in the world, I hope, but it certainly doesn’t match my intuitions as the highest and best use of marginal funds, and it really doesn’t care about the difference between the $2.40 it currently pays and the $100 it would happily pay.  That won’t even cause a blip in business.  As the founder, the LLC’s bank account is very much not my own pocket, but I’m probably the best informed person in the world about it’s balance, and I’d literally not be able to notice the difference after a month.

Can I tell you a story about Anne and Bob?  They’re trying to divide a carrot cake fairly between the two of them.  Carrot cake, if you’re not familiar with it, has delicious carrot-y goodness and is topped with very sugary white frosting.  In the discussion of the fair division of the cake, Bob mentions “By the way, I’m severely diabetic.  I can’t eat sugary white frosting.  If you give me any of it, I’ll scape it off.”

There’s many fair ways to cut that carrot cake, but (assuming that Anne likes sugary goodness and would happily have all of it if she could), any proposed allocation of cake that gives Bob one iota of frosting can be immediately improved upon by transferring that frosting to Anne’s piece instead.  This is true regardless of your philosophy about fairness or cake cutting, or whatever Anne and Bob might contemplate regarding the delicious carrot-y portions.  Even stevens?  That works.  Give Bob extra cake because Anne isn’t particularly hungry?  That works.  Anne has a lethal allergy to carrots and so wants none of the cake?  That works, too.  Anne and Bob belong to an obscure religion founded by cryptographers which dictates that in case of conflict over resources ties go to the person whose name has the lexicographically lower MD5 hash when salted with the name of the resource at issue?  That works too!  Just don’t give Bob the frosting because that’s just not the best way to cut the cake.

This stylized example uses absolutes, but in the real world, Colin and his customers are cutting a cake composed of encrypted-backup-so-your-business-doesn’t-fail goodness iced with whole-tens-of-dollars-a-month.  The customers mostly don’t care about the frosting.  Colin should take all of it that is available to him.  Aggregated over hundreds or thousands of customers it is absolutely lifechanging for Colin, Tarsnap, or whatever people or organizations are implicated by Colin’s terminal values.

Even if Colin desires to subsidize people whose use of Tarsnap is economically suboptimal when compared to Appointment Reminder’s (and thus who can’t afford the $50 a month), Colin should not cut prices on Appointment Reminder to do it.  He should instead charge AR (and hundreds/thousands of similarly situated organizations) $100 a month and then use the $100 to buy, hmm, “a shedload” of AWS storage, allowing him to charge nothing to whatever people/schools/charities/etc he wants to benefit.  You could call even put that on the pricing page if you wanted to.  Tarsnap Dogooder: it’s free if you’re doing good, email us to apply.

Colin has twice proposed that there should be a special optional surcharge if customers feel like they’re not paying enough.  Let’s run that one by the 6 year old with the lemonade stand: “Why don’t you do this?” “Because few people would pay for it, and it would complicate the discussion about buying lemonade, and it would make them feel really weird, and if they wanted to be charitable they’d probably have a markedly different #1 priority for their charity right now than middle class kids with entrepreneurial ambitions.”  All true, 6 year old!

I might also add, as someone who was dragged kicking and screaming into being a responsible grownup running a serious business, that while I personally can choose to donate money the business can’t.  If it isn’t necessary it isn’t a business expense (that’s phrased 必要経費 — quite literally “necessary business expense” — by my good buddies at the National Tax Agency — and yes, for the 43rd time, I really can read Japanese).

Memo to OSS developers: I can pay money for software licenses, even if the license is just “MIT, but we invoice you”, but I cannot just put business funds in your tip jar.

Tarsnap Needs A Fresh Coat Of Paint

I have abominable design skills.  That said, I still wouldn’t ship Tarsnap’s design, because it is the special flavor of poorly designed which could actually cost sales.  (Many non-beautiful sites do not cost sales.  Example: look at every bank or enterprise software company ever.  Very few would win design awards.  They just have to waltz over the very low does-not-scare-the-customer-bar.  Tarsnap trips.)

Here’s what I’d tell a contract designer hired to re-do the Tarsnap CSS and HTML: “Competitors to Tarsnap include Backblaze, SpiderOak, Mozy, and the like.  People who could make the decision to use Tarsnap might be familiar with and generally appreciate Twilio, Sendgrid, and Stripe.  Steal liberally from their designs and keep nothing of the current design.  Heck, you can even copy their mistakes, like using carousels.  No mistake you copy from those folks will be anywhere near as bad as it looks right now.  Lorem ipsum out the text.  If you have any question about a visual element rather than asking Colin or I you should ask any Project Manager or Team Lead you know ‘Would this cause you to run away from the screen in revulsion?’ and you can keep absolutely anything where the answer is ‘No.’”)

A visual redesign will probably cost Colin four to low five figures.  That’s cheap at the price of the business it will bring in within even the first month, but hey, let’s hypothetically assume it isn’t in the budget.  In that case, we go to Themeforest and buy any SaaS template which isn’t totally hideous.  Here’s one.

Pardon me for ten minutes while I pay $20 and deliver a quantum leap in visual experience…

And done.

Old: 

New:

Seriously, I have live HTML for that, and it probably took a whole 20 minutes.  Rewriting the entire Tarsnap website from scratch would be roughly one day of work.

That testimonial from Patrick Collison is, by the way, legit.  It could easily be accompanied by a logo wall of customers in a redesign.

I’m really ambivalent on what could go in the large image that I placeholder’d out, by the way.  Literally anything.  A stock icon enterprise shot would work, a skewed listing of arbitrarily database backups could work, a photo of some model exuding “I feel the thing that can only be felt by people who did not just lose all of their backups”, anything.  Even “This space intentionally left blank” is more professional than the existing Tarsnap site.  That could be fixed after fixing re-occuring billing or the cronjob which goes around deleting people’s backups.

Ordinarily I would suggest A/B testing designed changes, but Colin won’t ever actually run an A/B test and this is a clear improvement, so in this case I’d settle for shipping over certainty.

Getting Started With Tarsnap — Slightly Improved

Get Started Now is probably not my most innovative call to action button copy ever, but it’s an improvement over the existing call to action button… principally because the current site has no call to action button.  If you’re good at scanning blocks of text, you might find the link to [get started with Tarsnap].  Go ahead and load that in a new window, then come back.

Can you tell me what you need to do to get started with Tarsnap?  Feels like an awful lot of work, right?  That’s partially because it actually is a lot of work, and partially because it’s communicated poorly.

The Getting Started guide for software which assumes the user knows what a man page is includes the actual text “Go to the Tarsnap registration page, enter your email address, pick a password and enter it twice, and agree to the Tarsnap terms and conditions. Hit Submit.”  Is there any crusty Unix admin in the entire world who needs this level of detail in instructions to get through a form?  All this does is make the process feel more painful than it already is.  Also, why is that button called Submit?  I lack any information that customers for Tarsnap are masochists and accordingly Submit-ting is probably not what they came here to do, so how about we re-use that CTA “Get Started Now” or something similar.

We then go to the client download page.  Wait, scratch that, the instructions-for-building-from-a-tarball page.

“Hey kid, if instead of lemonade, you were selling a paper cup, a sugar cube, and a lemon, how much of that would you sell?”  ”Mister, you ask really dumb questions.”

Colin should pick any five distributions and have the packages ready to go for them.  Heck, you can give people copy/paste command lines for getting them up and running, too, if you’re feeling really generous.

You can demote the build-from-tarball UX for advanced users or people using obscure distributions.  This will substantially ease the user experience here.  Even folks who are quite comfortable with reading pages of instructions to compile software don’t do it for fun.

After successfully getting the client installed, we then have to configure our server’s key pair.  That can (probably?) be integrated into the get-the-right-package described earlier.  (If you wanted to be really clever, you could come up with something such that the user never has to e.g. plug in their username and password because you already know it since they just gave you their username and password prior to navigating to the instruction page, but hey, that will actually take a few hours/days of programming.  We can do it a few months from now.)

There is a really important instruction in the Getting Started guide which is easy to overlook, even with being bolded:

STORE [THE KEY FILE] SOMEWHERE SAFE! Copy it to a different system, put it onto a USB disk, give it to a friend, print it out (it is printable text) and store it in a bank vault — there are lots of ways to keep it safe, but pick one and do it. If you lose the Tarsnap key file, you will not be able to access your archived data.

Tarsnap will appear to work if you ignore that instruction.  Ignoring it will, almost certainly, mean that actually using Tarsnap was for naught, because if your machine dies your ability to access your backups dies as well.

1)  At the very least, Colin should email everyone who signs up a new machine 1 hour later asking them to confirm that they have, in fact, moved their key file somewhere safe.  I guarantee you that this mail will catch many people who didn’t.  (I only noticed that instruction two weeks into my use of Tarsnap because, like many people, I don’t read on the Internet.)

2)  I know Colin currently conceptualizes Tarsnaps as “backups for the paranoid” and this resonates with some of his users, but as long as we’re moving to Serious Business, let’s give serious businesses their choice of levels of paranoia to embrace.  You can default to the current “You manage your key and, if you screw it up, well I guess then you’re totally hosed” but supplement that with “Optional: We can hold a copy of your keys in escrow for you.  [What does that mean?]”  This gives people who prefer Tarsnap to be absolutely 150% unable to decrypt their information to be able to get that, but also lets folks trade modest security for reliability.  Many businesses care about reliability more than the modest security tradeoff.

For example, where do you think my Tarsnap keys are?  Storage on my person is out of the question, and storing in a physical location is difficult when I split my time between two continents, so they’re somewhere in The Cloud.  I’m taking a gamble that that cloud provider and I are at least as good at securing that key file as Colin would be.  I trust us, but I trust Colin more, so I wish there was a simple “In case of emergency, get Colin on the phone and have him securely transfer a copy of the key files backed to me” option in case disaster strikes.  (And again, that sort of thing is historically something people are happy to pay for.  If I were to hypothetically use the “print out a copy of the key and put it in a safe deposit box” option that actually costs more than Tarsnap does currently.)

What Happens After We Install Tarsnap?

Currently, absolutely nothing happens after you install Tarsnap.  It just leaves you to your own devices.  There’s a very lackluster getting started guide which barely reads you the command line options.

Does the user want to read command line options?  No.  Probably 90% of users need one of, hmm, five things?

1)  I want to back up my database.  How do I do that?

2) I want to back up my source code.  How do I do that?

3) I want to back up this entire freaking server.  How do I do that?

4) I want to back up my website.  How do I do that?

5) Somebody told me to get the important stuff backed up.  I’m not sure what is important.  Any help?

It doesn’t hurt the experience of Crusty UNIX Sysadmins (TM) an iota to write a decision tree into the website which would give handy, detailed instructions for people encountering these very common needs.  They’d be more likely to get Tarsnap into a place where it is useful, more likely to spend more money (on Tarsnap Basic), and more likely to ultimately achieve success with having restorable, usable backups via adopting Tarsnap, as opposed to muddling their way through backing up MySQL and accidentally getting files which can’t actually be restored.

What Else Could We Change About Tarsnap?

Lots.

  • The marketing site includes no testimonials or case studies.  Solicit and add them.  Stripe seems to be an easy layup here, since they’re already on the record as loving Tarsnap.
  • There’s no reason to go to Tarsnap or cite Tarsnap except if you want to use the tool or you personally like Colin.  Colin’s a likeable guy, but he could also be a likeable guy building the Internet’s best set of instructions for backing up arbitrary systems.  How to back up a Rails app!  A WordPress site!  A Postgres database!  etc, etc . They’d get him highly qualified traffic from people who are very motivated to learn about robust, secure ways to back up their systems.  Too knackered to write these pages, Colin?  I sympathize, what with all the exhausting work lifting money off the table and into your pockets, but now that you have lots of money you can pay people to write these pages for you.
  • There’s an entire Internet out there of companies whose businesses implicate backups but which do not want to be in the backup business.  Let’s see: Heroku, WPEngine, substantially every SaaS with critical data in it, etc.  Colin could approach them serially and offer easy integration options if they are willing to trade exposure to their customer bases.  It’s a win-win: target company gets the world’s best answer to the “Is my data safe with you?” question, Colin gets scalable customer acquisition, target company’s customers get our-data-does-not-vanish.
  • Tarsnap assumes as single-user-with-godmode privileges, which doesn’t map to the understanding of many businesses.  Accounts should have multiple users and access controls.  Audit logs and whatnot are also options.  All of this will help people justify Enterprise pricing and also help people justify using Tarsnap in the Enterprise at all, since — at present — Tarsnap fails a lot of company’s lists of hard requirements.  (You don’t need every company in the world to be able to use you, but there’s plenty of features which unlock hugely disproportionate value for customers and for Colin relative to the amount of time they take to make.  Multiuser accounts doesn’t double the complexity of Tarsnap but it probably singlehandedly doubles Tarsnap’s exposure to dollars-spent-on-backup, for example.)
  • Tarsnap doesn’t currently do the whole backup puzzle.  It doesn’t have monitoring, it doesn’t have convenient ways to restore, etc.  Tarsnap could easily create more value for users by filling those sub-needs within backups and could potentially even consider branching out some day.

Ten thousand words, crikey.  OK, I’ve said my piece.  If you’d like me to do something similar for your business, I’m not actively consulting anymore, but you’d probably be well-served by getting on my email list.  I periodically go into pretty deep coverage of particular areas of interest to software companies, and — occasionally — there’s an announcement of commercial availability of this sort of advice.  Speaking of which, I should get back to building the stuff that people pay for, in anticipation of fun new ways to give Tarsnap more money.

35 Comments

Kalzumeus Software Year In Review 2013

I’m Patrick McKenzie (and often go by patio11 online). I started the world’s least ambitious software business in 2006, and it took over my professional life.

Every year I publish my stats and my thoughts on what worked well and not. Other folks tell me it has helped them, and the act of putting words to virtual paper helps me think through things — since I’m a one-man shop this post is the closest thing to strategic planning that ever happens.  Here are the writeups for 2006, 2007, 2008, 2009, 2010, 2011, and 2012.  (Hint for Googlebot: if someone is looking for the Bingo Card Creator Year in Review 2013, this is the right post, but BCC is a small portion of the business these days so I’m re-titling it.)

Capsule summary: 2013 was mixed from a business perspective. Sales fell at several of my lines of business, for various causes, not all bad.  Appointment Reminder, on the other hand, doubled sales, both on a per-year and on a monthly revenue run rate basis. I’d call it a pretty good year by any objective standard and a minor disappointment with regards to my personal goals.

Sales for Kalzumeus Software were approximately $112,000 and profits were approximately $60,000 *.

* Explaining That Asterix: As of 2013, I actually went ahead and formally incorporated my businesses. Appointment Reminder, LLC runs that product, and Kalzumeus Software, LLC runs everything else. Like in previous years, I’m not disclosing the Appointment Reminder numbers.  In 2010 and 2011 Kalzumeus Software dominated my personal income, so the health of that business was a bellweather for my overall financial situation.  This is no longer true.

Things Which I Suck At: Bookkeeping/Accounting: I used to do all my own bookkeeping and accounting, both for Japan and the United States. I’m still in charge of it for Japan but, thankfully, I have competent professional advisers for the US. Unfortunately, I did not get them hard numbers consistently enough for them to get me hard numbers by the end of the year, so it is likely that the below numbers will not match the “official” numbers I put on my tax returns. Treat these numbers as ballpark rather than audited  financial figures.

The Year In Brief

Bingo Card Creator was in maintenance mode for the entire year. I successfully transitioned myself almost entirely from working on it. Traffic and accordingly sales declined by about a quarter.

Appointment Reminder was theoretically my main focus in 2013. This was, again, more theory than practice. The bad news is that competition from consulting in the early half of the year and health problems in the later half of the year made it impossible for me to give AR the sustained focus that I wanted to give it. The good news is that despite my only sporadic ability to move forward on the business, sales doubled.

I quit consulting in approximately May of this year, to focus on my product businesses. It produced no new revenue, aside from collecting outstanding invoices, though did consume a bit of time/focus prior to winding down.  The full story is below.

I experimented more in 2013 with delivery of productized consulting in a variety of form factors, including writing a book on conversion optimization (technically written back in 2012 but released in the last weeks of it), continuing to sell the course on lifecycle emails which I released last year, developing a new course on software conversion optimization, and running a few online workshops through partnerships with other software entrepreneurs. It’s funny: when you phrase it like that the year sounds really really productive and yet sometimes it doesn’t feel that way. Hmm. Anyhow, feedback from customers has been overwhelmingly positive and the line of business has mostly achieved the free-me-from-the-consulting-treadmill goal I had for it.

I continued angel investing in a very limited fashion in 2013. I now have a grand total of two investments, in Stormpulse and Binpress. One to two a year seems to be a good fit for the amount of bandwidth I have available for software companies which I don’t own, considering folks typically want my advice a lot more than they want my wee little checkbook.

Bingo Card Creator

Bingo Card Creator is a freemium SaaS application (with a deprecated-but-still-used downloadable client) which makes bingo cards, mostly for elementary schoolteachers.

BCC was in maintenance mode for the entire year. “Maintenance mode” means that I do the minimum work required to keep the business up and running, rather than attempting to create new systems to e.g. improve marketing outcomes or substantially improving the product.

My only substantial work on it was spinning up two processes to allow me to work even less, to whit, transitioning front-line customer support from myself to a virtual assistant (the illustrious Sugar from Pepper VA Services, without whom I’d have long-since lost my sanity) and hiring Nick Disabato to run A/B tests every month so I wouldn’t be tempted to do it myself.

Bingo Card Creator’s traffic has fallen substantially this year, including large declines in organic search and AdWords traffic. This is the direct cause of BCC’s substantial decline in sales.

BCC Stats:

Sales: 1,734 (down 23% from last year’s 2,254)

Refunds: 57 (down from last year’s 89 — most were caused by a carder ring which ran ~30 fraudulent charges through us before we convinced Paypal to lock them out)

Sales Net of Refunds: $50,156.16 (down 23% from $64,791.81)

Expenses (estimate, pending bookkeeping): ~$27,000 (down slightly from $29,145.20)

Profits (estimate, pending bookkeeping): ~$23,000 (down substantially from $35,676)

Wage per Hour: I think I spent approximately 10 hours on process improvements for BCC over the year and approximately 10 hours on customer support, so the hourly wage is on the order of $1,000.  (One significant digit since I don’t keep anything like accurate time cards.)

BCC Web Stats:

Visits: 770k (down from 1.08 M)

Unique Visitors: 630k (down from 875k)

Page views: 2.4 million (down from 3.4 million)

Traffic sources of note: Google (50%), AdWords (14%), direct (12%), Binghoo (11%)

Trial signups for online version: 61,000 (down from 87,000)

Approximate online trial to purchase conversion rate: 2.6% (up from 2.4%)

BCC: What Went Right

Outsourcing front-line support has been a long time coming to Bingo Card Creator. I used to genuinely love responding to customer emails every day. Some time in 2011 or 2012 I started to dread it, because after 5 years of saying e.g. “Thanks for the email Miriam. I’m sorry, Bingo Card Creator does not support using clip art. Have a nice day.” I was going absolutely spare. My business friends told me that every time we got to talking I’d recount more exasperating CS anecdotes (“You won’t believe what someone told me today!”), which should have suggested I was burning out. My replies were getting less helpful, my responsiveness dropped from 99.X% of customers getting a reply within a day to avoiding checking email for days at a time, and, here’s a confession from the dark recesses of my soul, I occasionally felt contempt for my customers.

So I decided last year that I was finally going to bite the bullet and outsource front-line customer support. It isn’t rocket science, but I never actually made getting it done a priority until early this year.

Steps to outsource support:

  1. Stop using Gmail as my primary customer support platform, because “share Gmail with someone other than me” is a non-starter for me. I instead redirected our primary CS inboxes to Snappy, a helpdesk SaaS product. (I also tried ZenDesk but my VA felt it was hard to use. Snappy is a breeze, for both of us.)
  2. Write up a statement of principles and standard procedures for CS. My statement of principles is so that Sugar, or any VA I later bring into the company, understands “who we are” despite not being in the trenches with me since 2006. The standard procedures tells her how to operate the systems (our backend, Snappy, etc) that she has to use to do her job, how to write in the company voice, how to answer our most common questions, how to get help from me when she can’t answer a question, and how to help evolve the standard procedures document. I flagrantly stole this idea from the guys at the Tropical MBA podcast.
  3. I made some minor tweaks to my backend admin area to make them more user-friendly for someone who isn’t me. You might need to actually make a CS dashboard if you don’t have one already.
  4. Shadow Sugar as she does the job for a few weeks, by simply reviewing the tickets she worked in Snappy. I offered feedback on some responses and updated the standard document in response to others. (e.g. “You didn’t think you could answer this question and referred it to me for resolution. We will tend to get this question a lot, so we’re going to add it to the standard procedures document. Also, in the future, notice how my resolution here is in keeping with our company’s principles? You could have guessed I was going to do that, right? Great. If you feel in the future that you absolutely know the right answer, you don’t need to have me tell it to you. Go ahead and take action on it. I trust you. Don’t be afraid of not doing exactly what I would do, either — if we’re on the same page about principles, then a tactical mistake here or there doesn’t matter.”)

All that sounds pretty high-level, right? OK, concretely, here is our standard procedures document. The only thing I’ve taken out are credentials for our backend. Feel free to pattern your own on it if you’d like. Also feel free to improve it — this was a one-day project for me, not a heartbreaking work of staggering genius.  (n.b. That’s a frozen copy, not the live Google Doc, because while I’m a pretty transparent guy I don’t want to have to constantly censor credentials or what have you in the future.  If you’re viewing this post years after the publication date, it is likely out of date.)

As you can see, neither the Bingo Card Creator CS operation nor outsourcing it was particularly complicated.  It does, however, save me substantial time and focus, since I no longer have to worry about the product more than once or twice a week, when Sugar runs into something which she can’t handle.

Outsourcing A/B testing has also been a qualified win, mostly in that rather than spending my own time doing conversion optimization for BCC (a huge win historically — e.g. 60% more sales last year as a direct result of it), that happens without having me in the loop, and I’m freed up to work on more important projects. When Nick Disabato announced he was doing A/B testing expertise as a product I simultaneously a) facepalmed for not having done it years ago and b) signed up to be his first customer.

So what did Nick do for me? Great question. I have no clue and that’s exactly the way I like it. However, since that is a bit unsatisfactory for those of you reading this, I actually logged into Visual Website Optimizer to check up on his recent tests.  A representative example: in December, he ran some tests testing the layout of my Christmas landing page.  I’d normally think that’s likely a loser from a conversion optimization perspective, but the stats apparently disagree with me: conversion to the free trial increased from 15% to 19.5%.  That’s not a hugely useful result in and of itself, given that that page doesn’t get the volume to justify huge amounts of effort, but repeatable processes which collect wins like that are worthwhile for me.

I figure Nick is likely to eventually achieve results which more than pay for his efforts in perpetuity, and it also gives us the opportunity to work together on BCC (which is low-risk for me), get a good working relationship and base of shared knowledge, and then start systematically applying that to higher-leverage opportunities like e.g. Appointment Reminder.

BCC: What Went Wrong?

Traffic fell off a cliff: The only major problem in Bingo Card Creator has been the substantial decline in traffic as compared to 2012.

I have not dug deeply into why this has happen, because it’s strictly irrational for me to do so at this point.

Why? Let me share an item from my todo list for later today: “Call $HAPPY_CUSTOMER and apprise them that their credit card failed for the last month’s charge of Appointment Reminder right before Christmas, so that we can charge them $2,400 this year like we did last year.” I anticipate that phone call to take 5 minutes or less. $2,400 is approximately equal to an entire month’s profits of BCC. Any questions?

I rather suspect that it is just down to the ebb and flow of Google algorithms rather than any specific named algorithmic change (Panda/Penguin/etc) or penalization.

Appointment Reminder

Appointment Reminder is a SaaS application which makes reminder phone calls, text messages, and emails to the clients of professional services businesses (accountants, lawyers, doctors, HVAC installers, etc).

As in previous years, I am going to take the liberty of not disclosing exact numbers for Appointment Reminder. This is largely for two reasons: one, I go back and forth on taking investment for it someday, and having numbers publicly available complicates getting investment. Two, a significant fraction of Appointment Reminder’s revenues are through Big Freaking Enterprise Sales, and contract sizes are such that, when I win one, detailed granularity on my sales numbers would let an interested party figure out who just bought AR and how much they paid. I’m generally not contractually at liberty to disclose that, and (frankly) publishing it would be quite against my interests in getting the next contract.

What I can say:

  1. Appointment Reminder’s revenue for 2013 is approximately double it’s revenue from 2012. Monthly recurring revenue, which is my main metric of interest, is also about double on a YOY basis.
  2. The enterprise pipeline looks better than I could reasonably expect it to be, given my slackadasical efforts with sales in the last 6 months.
  3. We’re absolutely smashing my projections for COGS, which were approximately 20% at the design stage. (COGS is “cost of goods sold”, which in the AR context is dominated by the underlying telephony services we purchase from Twilio on behalf of our clients.)

Appointment Reminder: What Went Right

We had rock-solid technical performance in 2013, after having some severe issues in 2011 and hiccups in 2012. I’m sufficiently confident in AR’s systemic reliability and our monitoring setup to represent it as ready-for-mission-critical-use for customers while not causing me as much stress as being on 24/7/365 pager duty would ordinarily entail.

I don’t believe, off the top of my head, that we had any extended customer-visible downtime in 2013.  (Edit: Spoke too soon — I had misremembered the date of a partial outage.  In connection with the Ruby on Rails January of Fun (TM), I applied a series of security patches at 3 AM in the morning Japan time, and in the process managed to cause a partial outage to the service for several hours before realizing my mistake and fixing it.  This luckily did not severely impact any customers.)

At the same time, AR is not yet where I’d like it to be. We’re mostly covered on system-level issues, but we still have application-level errors on a handful of phone calls every month. The denominator is large, but my target for errors is zero, not “so few that customers are unlikely to notice.”

In conjunction with doing my course on lifecycle emails last year, I “hired” myself to do a proper job of email marketing for Appointment Reminder, which previously had “the absolute minimum required to ship the product.” One would think that “Psst, doing this would make you a lot of money” would be more successful inducement than “Advising people to do something that I don’t do in my core product feels wrong” but, in fact, that second factor was the one which lit a fire under my hindquarters. Our conversion rate is up and our churn rate is down, which (eventually) translates into a large portion of the 2X increase in revenue.

I’m quite happy with several security improvements I made in 2013 for the benefit of customers (and myself), including a) improving our HIPAA story, b) getting an E&O policy to cover the business, c) formally incorporating the LLC, and d) migrating from Rails 2.3 to a commercially supported version of Rails.

I didn’t commercially exploit a lot of these to the degree that I could have — for example, only a single digit number of customers even know that Appointment Reminder is insured — but they’re peace of mind for me and, knock on wood, I’ll retool processes in 2014 to take more systemic advantage of them.

Also, I couldn’t do it at all without Twilio.  In the spirit of full disclosure, I’ve hit a growing pain or two with them over the years, but at the end of the day they’re probably my favorite vendor ever.  (I’m told that some people operate under the assumption that I’ve taken their shilling due to how much shilling I do for them, so for the avoidance of doubt, the only consideration of value that I’ve gotten from them is three track jackets, which if you compare to my monthly Twilio bill must make them the most expensive track jackets in Japan.)

Appointment Reminder: What Went Wrong

I did not execute well on my plan to do enterprise sales for Appointment Reminder. I did not end up attending any conferences for target customer segments. I was insufficiently diligent in following up with many leads, which resulted in AR getting written out of a lot of sales processes where, if executed properly, we would have had a decent shot of winning. A lot of this was due to distracted focus, for reasons I’ll discuss in a moment.

I did not deliver an awesome experience with regards to customer support for Appointment Reminder customers consistently in 2013.  When I got very busy or stressed, one of my coping mechanisms was avoiding opening email, out of an irrational fear of finding more work or stress in my inbox.  This does not play well with email being the primary support channel for a business!  It only cost me a handful of accounts which I know of, but commitments are commitments, so I should be better at this going forward.  At present Gmail is reconfigured to force me to deal with AR email first, and I’m working on managing stress levels to avoid having a burnout-related relapse in inbox avoidance.

I was not successful in hiring for Appointment Reminder this year. There are a few places where AR could probably justify a full-time employee. Product development is one: I think AR probably got, hmm, call it 4 weeks of full-time development effort within the product, where I could easily have done the entire year full-time if I didn’t have other things to do.

I’d also really like to have someone for combination customer support and concierge onboarding — e.g. walking every single trial customer through getting their office up and running on AR from their current workflow for appointment management. My very limited experiments with doing this for customers make it pretty clear that it is stupendously valuable.

So why didn’t I hire? A combination of fear of the unknown — I’ve never had an actual employee, and worried about that fundamentally changing the character of the business — and just having way, way too much on my plate to get any portion of the business to the point where I could comfortably hand it off to an employee who didn’t have founder-level amounts of discipline/drive/skill.

For example, take a look at the Bingo Card Creator description for what it takes to outsource just routine T1 customer support. I was successful in that because I understand the task in my bones, could do it blindfolded, and have produced substantial systems and processes which mean you don’t have to be me to succeed at doing it for me.

I am successful at customer onboarding for Appointment Reminder at the moment, but it’s still at the flying-on-seat-of-my-pants level of improvisation and willingness to e.g. crack open the Rails console while on a phone call and update things in real time rather than just having a sympathetic ear, good product knowledge, and a bunch of knobs to twist.

Maybe in 2014. Maybe not. We’ll see.

Consulting

Since quitting my day job in April 2010 I consulted with a variety of software companies, mostly selling B2B SaaS, on ways to improve their sales. In broad strokes, my shtick was applying engineering to improving their marketing/sales outcomes. For specific examples of engagements, see last year’s post.

I got really good at it. After having made clients millions of dollars, I had a sufficiently good understanding of where the points of leverage were in software businesses and how to credibly explain them to potential clients that I was routinely selling new engagements at e.g. $30,000 per week.

I quit consulting this year. Why? It’s complicated.

Partly, I felt like I had achieved what I set out to achieve in consulting. My internal Nagging Doubt Monster was quite loud in 2010 that I might know enough to run a toy business like BCC but that the skills probably would not generalize to “real” software businesses. It turns out that my Nagging Doubt Monster is an idiot and that my skills generalize impressively well up the sophistication chain. By the end of my consulting career I was working with very smart folks like Fog Creek, Matasano, WPEngine, Wildbit, and 37signals, and to the best of my knowledge my clients generally had very successful outcomes.

So what was next? Well, continuing to do ten-ish weeks of consulting a year for clients like that was certainly an option. If I wanted to grow the business, I could have titrated off of my own products, hired employees for the consultancy and trained them in my bag of tricks then set them loose at client engagements, or moved up to the next level of clients.

NDAs prevent me from naming names, but suffice it to say I grasped for a brass ring at a Very Large Software Company. If that engagement had been knock-out-of-the-park successful, my consultancy would likely have been captured by their business, in the manner that e.g. Lucky Strikes sort of subsumed the Mad Men advertising agency.

That didn’t happen. What did happen? NDAs happened.

I was a solo consultant with a part-time consultancy, so my pipeline was not all that deep at the time I was trying to put this deal together. Since we were contemplating a success outcome where my consultancy’s available bandwidth went to zero, I began turning away prospective engagements in anticipation of the deal happening.

So fast forward to May, where a) I’ve been absolutely wracked by stress for several months, b) I have no consulting pipeline, and c) I come to the realization that the brass ring deal will probably not happen.

I talked to a lot of my friends and mentors, and they kept asking “Why do you do consulting?” Previously when asked this I had great answers, like “I love the opportunity to work with smart people on new challenges!” and “I have a wedding to pay for!” It had been a while since I won a new challenge merit badge, and my wedding was paid for. But like many people, I felt sort of pot-committed to justifying my present state of affairs, so I felt substantial inertia to continue the consulting business.

The straw that broke the camel’s back was a conversation with Ruben Gamez, a buddy of mine, at Microconf. We were chatting about what I’d say in my presentation about my consulting business, and everything I had planned to say had the ring of falsehood to it.

So I put an “I Quit” slide into my presentation, and that was that.  Quitting a consultancy with no active engagements turns out to be really easy: all you have to do is stop saying Yes.  (Conversely, starting a consultancy is fairly easy if you’re known to be good at something with high utility to potential clients, since all you have to do is stop saying No.)

Consulting: What Went Right

Quitting. My level of work-related stress declined drastically. I felt substantially less worried about the constant treadmill of refilling the pipeline. I get substantial amounts of personal satisfaction from being able to say that my family only eats every month because I’m really good at shipping products.

Consulting: What Went Wrong

The particulars of that NDAed engagement belong here, but obviously I can’t tell you them.

Quitting was poorly timed. Although transitioning away from consulting was a decision months/years in the making, the exact timing of it was very impulsive. It was, in hindsight, more risky than I normally tolerate, and exposed my family and I to substantial avoidable stress.

Last year I had ~$150k of consulting billings, which represented almost half the revenue of the company. This year I had close to zero, aside from converting some accounts receivable into actual cash ($15k or so, which I didn’t include in this year’s total because I already put them in last year’s as accounts receivable). Going cold-turkey to zero would have been an interesting ride no matter what the timing. I picked uniquely poor timing during the year to decide to do it.

Remember how I suck at accounting? I have historically run my businesses on a cash basis. This makes a lot of sense in software: if money in minus money out is a positive number for a month, and that positive number is enough to live on, yay. I never prepared for my own use anything like e.g. a balance sheet for the business. Why bother? I knew how much cash was in the bank account.

There are a bunch of things which would be on a balance sheet which were not reflected in my bank account. I was peripherally aware of them, in the way I was peripherally aware of hundreds of things about the four lines of business I run, but when I got busy/stressed/etc they were not at top of mind. One thing, in the Liabilities section, is Accrued Tax Liability. For example, if you have your best year ever in 2012, when 2013 rolls around, the mechanics of progressive taxation mean you’ll have to cut a few fairly large checks — in my case, to both the US and Japan.

When were those checks due? Right around when I quit consulting. At the start of the slow season for Bingo Card Creator. Coincidentally, when I made a few large capital investments in Appointment Reminder. Also with the product pipeline for productized consulting totally dry. And with large one-off expenses in my personal life.

This ended up being a perfect storm of a cashflow crunch for me.  I went from having a nice cushion in my checking account and thinking “I’m going to close the largest deal in the history of my business any week now” to owing high five figures at credit card interest rates while staring down an empty sales and product development pipeline.

My business-related stress level (probably 7 out of 10 during the worst of the consulting rigamarole) spiked. By August it was 8 to 9 for weeks on end.  This directly contributed to me becoming severely ill, which is a subject for another post.  Getting ill doesn’t help your stress level or help you execute on the business to ease the financial considerations that are causing the stress which is exacerbating your illness, by the way.

In hindsight, here’s what I should have done given the epiphany “I’m ready to quit consulting.”

  1. Call up my top five clients.
  2. Tell them that I’m quitting consulting but want to make sure that they have any loose end projects tidied up before I become totally unavailable.
  3. Booked three projects at $1X0,000, which would have given me an easy glide path out of that line of business.

At the time, I felt doing this would keep me attached to the treadmill. That’s silly. I’m disciplined enough to execute on a commitment like that, and it would have been so much easier than playing a game of chicken with my bank / credit card statements.

(To avoid worrying anybody: The cash flow crunch eventually worked itself out, since it was caused by transient timing issues rather than structural problems.)

Productized Consulting

One of the things I experimented with last year was moving from a pure services model consultancy, where I worked for clients on defined engagements for (generally) a weekly rate, to introducing some products where the core customer base and customer goal was the same (the client is a software company and they want to use engineering to drive marketing outcomes) but it didn’t require weeks of my time to deliver the services component.

This was quite successful last year, and I wanted to continue experimenting with the model this year. Under that general rubric:

  1. Rather than just throwing blog posts out into the ether, these days I focus most of my writing effort on my email list. (If you’re not on it, you can sign up here.) It’s the minimum form of engagement with my business where somebody could affirmatively opt to not be a stranger.  Topics range from enterprise sales for developers to SaaS pricing to A/B  testing to whatever strikes my fancy when I’m writing.  I shoot for every Friday but it more typically comes out once to twice monthly
  2. Above the dreaded penny gap, I have a book which I wrote on software conversion optimization.
  3. Last year, I released Hacking Lifecycle Emails, a 5 hour video course on doing drip email campaigns and lifecycle email optimization, which was one of my most common consulting gigs.
  4. I also did, if I recall correctly, three online training events, one on email marketing with Joanna from CopyHackers and Colin from Customer.io, and two with Brennan Dunn on creating recurring revenue for consultancies. (If only I had been thinking more on that subject at the start of the year!)
  5. This year, I started work on Software Conversion Optimization, a video course with interactive elements, including a higher tier which is basically a mini-consulting engagement.  It hasn’t shipped yet, as of January 6th 2014.

It might superficially appear that there’s a ladder of sophistication/engagement there, from targeting the least engaged customers with free email to offering the most engaged customers a $2,500 mini-consulting gig. That appearance is mostly an accident, as all of these products were planned in isolation from each other. I also don’t do anything particularly sophisticated with cross promotion of them.  That’s probably something I should fix this year, come to think of it, since they have synergistic effects and most of the people who could buy one could buy all of them without perceiving any difference in cost.

Productized Consulting Stats

I’ll report the sales by product and the expenses consolidated, since the products share the same systems/resources for delivery, which dominate cash expenses.  I don’t keep web stats for the productized consulting business — pure oversight on my part.  D’oh.

Book Sales: 1,239 units, for royalties of approximately $5,000. Many of the units were actually sold in 2012 but I didn’t even hear about that until 2013 because, in the publishing world, 6 weeks is an acceptable amount of time for a SQL transaction to require. (This is no slight against my publisher, Hyperink — it’s the legacy players in the industry who currently dictate the pace.)

Hacking Lifecycle Emails Sales: 41 sales for $18,927

Software Conversion Optimization Sales: 46 pre-sales for $15,922

Workshop Revenue (my cut only):  $22,000 (rounded and aggregated to avoid revealing financial information of third parties)

Total gross revenue: ~$62,000

Expenses (estimate, pending bookkeeping): ~$10,000

Productized Consulting: What Went Right

My emails to my mailing list have been some of my best writing in years, which is enormously motivational for me as I had previously felt like my blogging in roughly the 2010 to 2012 range was not as consistent or as informative as it had been in previous years.  The great thing about email as opposed to blogging is it is a truly bidirectional format, so people will often write me to say “I tried this advice and it actually worked!  We just closed a $500k sale using one of these tactics.”, where I never really had consistent, high quality interaction with people through my blog comments.  This has lead me to actually write more consistently for the mailing list than I’ve managed for the blog in years, which is in general a win for my personal happiness, for the business, and (I hope) for you guys as well.

Customers have taken the ideas from these things and ran with them.  This makes me enormously happy, as they’ve meaningfully changed businesses they’ve been implemented in.  It was always fun when I was a consultant to hear that a client closed e.g. $100k of new business as a result of part of an engagement, but at many of my clients, that wasn’t a transformative outcome.  Some of the results I’ve heard from productized consulting customers have been transformative — 20% increases in MRR for SaaS products, $0 to thousands in recurring revenue for one-man consulting shops, etc.  I do a little happy dance every time I get one of those emails.

I hooked up an autoresponder sequence to my email list, which just sends people who are newly arriving at it the four or essays that I personally like the best.  One of them has a brief plug for my lifecycle email course in it.  Adding that made a clearly visible bump to the residual sales of the course without requiring any huge amount of effort to do dedicated sales.

Stripe.  I occasionally kick myself for custom-rolling my own delivery application rather than just using Gumroad like any sane individual, but the Stripe integration has performed flawlessly.

As compared to Appointment Reminder, where I often have to force myself to do what needs to be done, working on these projects has been invigorating for me.  I often reflect on a bit of advice Peldi gave me prior to launching Appointment Reminder: “Is optimizing the schedule of dentists’ offices your passion?  No?  Then why are you committing to working on that for the next several years?!”  These projects let me write/teach, both of which I find enjoyable regardless of the topic, and they let me focus disproportionately on the MarkDev (somebody make a convenient word for this, please) rather than the rest of the business, which doesn’t excite me quite as much.

Productized Consulting: What Went Wrong

I originally intended to launch the Software Conversion Optimization product in August, but delivery dates slipped due to severe illness.  I alluded to it above and will probably talk about it at length in a separate post.  Anyhow, that delayed the project by several months.  It will (knock on wood) ship this January, as I promised when I opened pre-sales in late December.

My friends, including Amy Hoy, advised me to apologize and call off the launch earlier than I did.  I should have taken that advice — instead, I attempted to soldier on through despite being sick, which accomplished absolutely nothing for my customers and was damaging to my stress levels and health.  More broadly, I should have stuck to one of my rules, which is Never Pre-Commit To A Ship Date.  (That rule is even in the standard operating procedures document, for crying out loud!  Maybe I need to bold it a few more times until it will sink in.)

This is the only work day in January where shipping Software Conversion Optimization is not my main/sole task.  I’ll be happy to have it ready, because I’m excited to hear what people do with it, and because I’m keenly aware that I currently have the Unearned Revenue liability on the balance sheet until I do.

I’ve experimented with form factors for productized consulting, and not all experiments panned out.  In particular, I’ve learned that for live, online training sessions, having long presentations with text-packed slide decks presented back-to-back is not maximally in the interest of the audience or the presenters.  Lesson learned.  (You would think as a former classroom teacher I would have been able to predict that one.)  I much prefer the more organic conversation style that I’ve been using recently, with smaller groups and more cross-talk.

Overhead

In previous years I just threw everything that wasn’t either BCC or AR under the consulting category, but I no longer have a consultancy, so I think I’ll break this out explicitly.  My business has substantial expenses which are not related directly to a particular product.  Examples might include my errors and omissions insurance, fees for registered (and renewing) the LLCs, accountant / bookkeeper fees, business travel, my blog’s hosting bill, and the like.

Of note for those of you wondering how to calculate how much revenue you need to make it as a solo entrepreneur: The single biggest cause of it is me being in Japan, since I have substantial travel expenses to e.g. attend conferences (almost invariably requiring a $1,500 plane ticket for me), and my tax/legal/etc situation is far more complicated than it would be if I lived in the US (where the majority of my business is concentrated).  But for this factor it would likely be below $10,000 at my business’ current level of sophistication.

Ballpark estimate, pending bookkeeping: $25,000.

Goals For 2014

Bingo Card Creator

  • I’m honestly happy to let Bingo Card Creator coast to whatever number the Google gods, in their infinite wisdom, decide to give me.  If that’s $25k profits on $50k revenue again, that’s a happy number, as long as it doesn’t require a huge time investment.
  • I would consider spending a few hours getting a new freelancer up and running on content creation, which has been stalled for the last few years.  It isn’t a huge priority for me, though.

Appointment Reminder

  • I’ve long had a particular number in mind for Appointment Reminder for where I feel like I would have “made it.”  It is at approximately 4X the present run rate.  I think this is an aggressive target for 2014 but could be achievable if I’m able to devote 6+ months of solid work to AR, finally, for the first time ever.
  • I’d like to successfully land a 6 figure a year Big Freaking Enterprise deal for AR.  The economics of the company work without it, but that would be a fun merit badge.
  • No progress on this from 2013, so let’s try it again: I’d like to get a systemized pipeline in place for AR enterprise deals rather than running them all myself by the seat of my pants, such that I could eventually hand execution of that to someone else.  I’m not sure I necessarily would want to do that, but the capability of doing it could only make my options better.
  • As an intermediate step to hiring, I need to find a Rails consultancy that I’d trust and enjoy working with, and get them to start doing in-application tactical projects for me.  The only problem with this is that the codebase is currently a disaster and fixing that (or at least documenting which parts of it are likely to explode if touched) will probably cost a month.

Productized Consulting

  • Ship Software Conversion Optimization, and sell (a total of) $80,000 of it (which is on the order of $60,000 more beyond existing pre-orders).
  • Explore the possibility of doing more products this year, if I have the time and desire to.  At this point last year I thought I’d ship four full courses a year, but seeing the amount of work it has taken me to do one to my standards, that’s crazy talk if I also want to work seriously on AR.
  • I still think $200k is a reasonable number to shoot for for this line of business, assuming I ship 2 courses in the year and residual income for pre-existing products continues to be as meaningful as it was in 2013 (one of the big positive surprises for the year, by the way).

Business / Personal Grab Bag Goals

  • I am mostly over the immediate flareup of the medical issue from earlier in the year.  Staying healthy is one of my key priorities for 2014.  Concretely, I want to get back to going to the gym three times a week for 45 to 90 minutes.  Also concretely, if my subjective stress level goes and stays above 5, I’m hitting the Big Red Button on whatever is doing that, rather than just trying to tough through it again.
  • It’s been over a year since  I’ve done any substantial OSS work.  Hopefully I can carve out a few weeks in 2014 to do that, or at least cause that to happen by exchanging money for the time of skilled developers.
  • Get the bookkeeper/accountant/etc what they need to do their jobs throughout the year, rather than just at the end, so that I don’t get bushwhacked again by issues which they would have seen coming.  Also, find a good accountant for the Japanese side of things.
  • Keep making a meaningful contribution to the businesses (and where possible, lives generally) of other software entrepreneurs, which is a major point of personal satisfaction for me.  It seems like a good thing to make the focus of my career for the moment.

Far more important than any of the above: I’m enormously blessed to have my wife Ruriko in my life.  No list of goals for myself is complete without “Be a better husband.”  (And, knock on wood, maybe I’ll be able to write “Be a better father” in next year’s installment.)

25 Comments

Kalzumeus Podcast Episode 6: Teaching As Marketing

Happily, there are many ways to productize your relationships with customers or your expertise as a consultant.

[Patrick notes: The transcript below has my commentary inserted like this, as usual.]

What you’ll learn in this podcast:

  • Why vegetarians do not give great advice on pricing hotdogs, and Hacker News comments about the inadviability of selling information very rarely come from people with actual budget to buy information
  • Why having multiple packaging options (for example, at an X / 2X / 5X ratio) increases total revenue from products
  • Why you don’t have to be “Internet famous” to build an audience via teaching, and perhaps use that to sell things down the road

If You Want To Listen To It

MP3 Download (~90 minutes, ~82MB) : Right-click here and click Save As.

Podcast format: either subscribe to http://www.kalzumeus.com/category/podcasts/feed in your podcast reader of choice or you can search for Kalzumeus Podcast in the iTunes Store.

Transcript: Teaching As Marketing

Patrick McKenzie:  Hi to everybody. This is Patrick McKenzie, perhaps better known as better known as Patio11 on the Internets. Welcome to the, I think, seventh edition of the Kalzumeus podcast. [Patrick notes: 6th!] I’m joined here by special guest Nathan Barry, author of “Authority,” founder of ConvertKit, and a guy who has a few other things in his expanding product empire.

[Patrick notes: If you sell software, information, or consulting services, take a look at ConvertKit.  I started using it recently for one of my businesses.  It bakes a lot of acquired smarts into an email marketing workflow tool.]

Nathan Barry:  Thanks for having me.

Patrick:  Thanks very much for being here. I think we’re probably going to be talking about info products today, primarily. Let’s ask the obvious question first. Do you like the term “info product”?

Nathan:  I think it’s a little degrading. I tend to just refer them as courses or books. “Info product” always brings up the scammy Internet marketer.

Patrick:  Right. The whole “make money online” niche.

Nathan:  Right, exactly. I just try to write things and teach things that provide value. “Info product” doesn’t demonstrate that very well.

Patrick:  That’s something I totally agree with. I try to call mine “productized consulting” because the book was like a consulting engagement except delivered with less of my hours of unique attention attached to each delivery. I think you were also a consultant before you got into being a publisher, right? How did the arc of that transition go for you?

Nathan:  I did some freelancing in college, and then after I left college, I did a year freelancing full time. That worked pretty well for me, but then I went on an extended five or six week international trip. Didn’t do any work. Came back. It was the beginning of 2009, and there was a recession going on in the US, so nobody wanted to work with me then. I ended up taking a job leading the design team at a local startup, and I worked there for three years. That was a really great experience. Learned a lot of things. Learned a lot of things not to do.

I ended up building a few little iPhone apps on the side. Got those to making a few thousand dollars a month a month in revenue, and then used that to quit my job and go back to what I would call then “consulting.” Where before I referred to myself as a freelancer, after that point I referred to myself as a consultant. I think I brought a lot more value to each of my engagements, having more experience.

After leaving that job, I launched my first book, which was “The App Design Handbook.” That’s when everything changed for me. I went from these iPhone apps that were making anywhere from $1,000 maybe up to $4,000 a month, but really uneven revenue. A lot of it was chance. There wasn’t a great marketing strategy there or anything but then with the first book, things started to make sense as far as marketing and product launches, and I was able to make about $12,500 off of the book sales on the first day, and I never looked back. I actually never took a consulting project after that, because, as you call it, productized consulting pays really, really well.

Patrick:  It kind of cannibalizes the business too. After you’re capable of waving the magic wand and getting another one out the door, there’s increasingly less and less impetus to go out and grab another client engagement.

Nathan:  Exactly.

Patrick:  Keith and I just…the last episode of the podcast was on how this could potentially be a way for people to get out of consulting, which since we’ve already done that topic to death, we’re just going to do more deep dives into how to actually execute on it, rather than saying, “Yeah, it would be a great idea to get away from crazy client issues, and chasing invoices, and yadda yadda.” Can you just refresh my memory, when did you launch “Designing Web Applications,” which was your first book basically?

Nathan:  The first book was “The App Design Handbook,” which was focused on iOS applications.

Patrick:  Oh, that’s right. Sorry. I’m getting the chronology wrong.

Nathan:  That one came out September 4th, 2012, so as we’re recording this, it’s been out for about nine months or so, and then the second book was “Designing Web Applications,” and that came out December 12, 2012, so just about 90 days later.

Patrick:  That is pretty impressive. I kind of got the impression from just following your stuff on the Internet that you have been doing this for many, many years, and that I have to break myself to actually do the math. It’s like, “Wait, that’s 10 months.” Granted, you have a career before that, and you’re able to leverage what you learned from that, but the public portion of the career, or “public,” the so-called “Internet celebrity” portion of the career is just the last 10 months.

You Don’t Have To Be “Internet Famous” To Cultivate An Audience

Nathan:  Yep. That’s right. There was one key thing or habit that I formed that made that really, really easy to do, and that came from Chris Guillebeau. He writes a bunch of books and has a popular blog and stuff, but he kept telling me the idea of writing 1,000 words a day, basically the idea of making slow, consistent progress on whatever you’re trying to do. I built up a habit of writing 1,000 words a day, and that’s how I actually finished my first book. I tried to write a book in the past, and I’d never made it past the first three or four pages, so by working on it consistently every single day, I was actually able to finish it pretty quickly, and I kept track of it in a little iPhone app how many days in a row, and 1,000 words a day…

What happened is I launched “The App Design Handbook” in September, and I had a streak of 85 days in a row at that point, or 70 days in a row, or something, so then the next day after launch, my phone popped up and said, “Are you going to write 1,000 words today?” I went, “Well, I have 85 days in a row, so I don’t want to break that chain, so yeah, I’m going to write 1,000 words, but what am I going to write it about?”

I thought, “You know, I really like…I talked about designing iPhone applications, but I’ve spent a ton of time designing web applications as well, so I should write about that,” and basically I just rolled right into the next book, because I had this habit of writing 1,000 words a day. Anyway, it’s just continued, and it’s turned into another book after that, and I think I’m about a month away from hitting a full year of writing 1,000 words a day.

Patrick:  Wow. Congratulations.

Nathan:  Thanks.

Patrick:  I really think that the determination and stick‑with‑it‑ness there is valuable to a lot of people. My business was no great shakes back in the day, and the reason that it’s something larger than no great shakes now is just not stopping, even when I was just very, very part‑time in it, and couldn’t muster up for more than up to five hours a week, I was trying to grind out one A/B test every week, rain or shine. I don’t think I hit my streak numbers nearly as often as you did, but that was definitely one of the factors that kept it going in the right trajectory prior to actually quitting the day job, having more time to work on it.

Let’s see. Something that I often hear from people who I advise, “Well, if you don’t love the day job or don’t love consulting, maybe you could try this productized consulting thing,” that, “Well, yeah, maybe that works for ‘Internet famous’ people like you, Patrick, but I do not have a platform, or a reputation, or 7,000 Twitter followers, yadda yadda yadda.” In your experience, do you need to be “Internet famous” to actually make this work?

Nathan:  No. Not at all. It certainly helps in some areas, but I was not Internet famous just before I launched my first book. People hadn’t really heard of me. I didn’t have credibility and expertise. I designed a lot of software, but nothing…I didn’t design the Facebook mobile app, or anything for major startups, or things like that. It’s a fascinating topic of how you can gain credibility and authority, and one that I’ve worked on quite a bit, but just by teaching, you gain this perceived expertise. One story that I like to tell for me personally is, back in 2006, I was doing web design, standard marketing websites, so I spent a lot of time getting pretty good with CSS, fixing cross‑browser bugs, coding up everything.

I came across this site when it first launched called css‑tricks.com, and it was by Chris Coyier, and I remember looking at his site and going…I read a couple articles and I went, “Oh, I know that. He’s not much of an expert because I already knew that,” and I gave myself a little arrogant pat on the back or whatever.

He kept coming out with more articles, and I kept seeing that I already knew that, so we were basically at the same level and we were learning at the same pace. Over some time, other web design friends would ask me a question, and I would…instead of answering it, I would think, “Oh, Chris already wrote about this, so I’ll forward on his article,” because it was pretty good.

This continued on. Finally, Chris launched a Kickstarter campaign years later, so he’s been helping people out and writing articles about CSS for years. He launches a Kickstarter campaign saying, “I’m going to redesign css‑tricks.com, and I want to be able to raise $3,500 bucks so that I can focus on it, on doing a great redesign for a month, and I don’t have to worry about clients, or jobs, or anything like that.

Basically telling his audience, “Will you help me out so I can do this? As a reward, I will record all these screencasts of the process and tutorials, and everybody who backs the project will get access to that.”

I don’t have the exact number in front of me, but it was something like $85,000 that he raised out of his $3,500 goal, and that made me really sit up and realize there’s something else going on here. It’s not about skill, because Chris and I were at the same level. We started at the same point.

Because he was teaching, I think he got better than I did, and I definitely learned some stuff from him over the years, but he wasn’t that much of an expert than I was skill‑wise, but I did not have the ability to flip a switch and come up with $85,000 in effectively product sales, in whatever, 20 days, in what his Kickstarter campaign was.

That made me realize that the difference between he and I is that we both got better at the same level, but I kept that knowledge to myself, whereas he shared it with everybody. He was teaching, and that gave him authority, and that gave him a following. That’s the moment that made me finally sit up and go, “I need to be teaching.”

Patrick:  I totally agree with you there. I think teaching gives you both breadth and depth, breadth in that the size of the community and the size of your following increases, and depth in that you, just by the nature of teaching things, tend to learn them better than if you did not have to explain them to better. One of the reasons I originally started my blog back in the day is that I was worried that if I just had to bat an idea around in my head, that I could deceive myself very easily, whereas actually forcing the discipline of seeing that idea in print would mean that I would have to confront the internal logic of it more.

It turns out that when you are routinely confronting the internal logic of your ideas, of the marketing direction for your software product or whatnot, and seeing that, “OK, I posted in January about this being the plan. It is now July. Let’s see if the plan, and the actions subsequent to the plan, and the results actually match up together,” and then course correcting based on that is much, much more effective than just doing natural human thing to retrospectively construct a narrative that supports what you’ve been doing all along.

Yeah, big fan of teaching, obviously for…it’s a good thing to do for one’s self, clearly. I think it’s also a net benefit for the community and whatnot.

I don’t swing quite as hippie as some of the community do, but I think that open source and the cross‑pollination of ideas that happens with the Internet, with the communities that have started on the Internet and moved offline, like the Business of Software forum community used to be just a message board on Joel Spolsky’s site back in the day, and then a bunch of us know each other in person now.

The Amy Hoy crowd of friends [Patrick notes: I'm an honorary member] is growing and meeting each other offline these days. Hacker News meetups are moving offline. The ideas are getting mixed in these groups, and then between groups and whatnot, in a way that combines them to something that’s larger than some of the parts, I think.

Nathan:  One thing that I want to add on that, because we talked at a really high level about teaching is important, but when it comes to actually launching a product and building that credibility, I would say the first thing that’s really, really important is to say, “I’m writing a book. I’m putting out this course,” and put up a landing page for it, and just by doing that, as a very first step, you gain some credibility. For me, I was a random designer who occasionally blogged about useless stuff, but when I made the transition to, “I’m writing a book about designing iPhone applications,” I think there were a bunch of people that sat up a little bit and looked, and just because I put up that landing page and said I was writing a book, that gave me the start of some credibility.

Patrick:  I totally agree with that, and that people’s framing for value propositions are very important. The same way that people frame a newspaper article is ipso facto worth more than a blog post, someone who’s a published author, or soon to be a published author, on a topic is ipso facto more authoritative, more credible, better informed with regards to that topic than somebody who isn’t. Just putting that “author” word on your sleeve is a better positioning for yourself than having other, less useful words on your sleeve, like, say, “blogger.”

Nathan:  You do need to follow up the landing page with a statement of credibility, with something that actually demonstrates expertise, like some really in‑depth blog posts on the topic, sample chapters from your book, things like that. You do need to actually be good at it and show the world.

Patrick:  It’s kind of like all marketing. There’s the up‑front promise, and then you have to actually deliver at some point, the promises your marketing is making, because the Internet has a short temper and a long memory. You only get one reputation these days, not to say that your first product is going to be the end‑all, be‑all of every book ever published in the history of man, but you can’t put things which are terrible attached to your name, because you only get one of them.

That conflicts with another piece of advice that I often give, which is, “Ship things even if they’re crappy.” How can I resolve that contradiction? Definitely do ship things even if you think they’re crappy, because I think other people will think they are substantially less crappy than you.

[Patrick notes:  This might not have come out entirely correctly during the audio.  What I mean is that you shouldn't let excessive obsession with making the product perfect get in the way of delivering V1.0 to paying customers.  One of the worst pathologies of software entrepreneurs is being perpetually 6 months away from the minimum viable release.  It is much much better, both for you and for your customers, to ship something in a month and then spend 5 months polishing it in response to real user feedback then either spending 6 months in the BatCave then shipping or, worse, spending 6 months in the BatCave then not shipping.]

I think as creators, we often have kind of that Dunning‑something‑or‑other effect going on, where we see all the warts. We don’t have the view from outside our own head of how useful this is to someone who is just getting started, or has never seen curated resources on this topic, or has not been living this for the last 90 days of 1,000 words a day like we have.

Nathan:  I think when it comes to the reputation, if you’re trying hard to put out something that’s good, people will give you a lot of credit for it, and I think if you’re putting out something that’s scammy, or charging a lot for it when there’s not the value there, that’s where it’s going to hurt your reputation, but if you’re earnestly trying, and shipping things often, and trying to deliver a lot of value and help people, then putting out an early version of your product is not going to hurt your reputation.

Information Wants To Be Free Hates Being Anthropomorphized

Patrick:  That’s something that prevented me from publishing for the longest time, was just being scared of being seen as taking advantage of people. Partly was due to the natural engineer distrust of charging money for anything, and partly something that I would not have said that I agreed in, but a little voice inside of me was agreeing with anyway, was, “Information is free on the Internet. How could you possibly charge money for it?” Which, being older and wiser now, I’ve learned that, especially when you’re talking in a B2B context, this: Anyone who has employees, and accordingly must pay salaries every two weeks regardless of what they are doing, is literally incapable of finding things for free on the Internet.

Because if you tell one of your lead engineers to spend two weeks researching a topic, and you pay them $10,000, regardless of whether the blog post they were reading were “free,” creates a lot of value to a curated topic, and gives them resources of a known quality and an easy digestible format.

Rather than having them have to spelunk and do the curation step themselves, or do the, “Before I actually get to doing the work that I’m supposed to doing, I’m designing this web application or writing this email campaign, I have to first design a curriculum to teach myself that, and I will take my own curriculum, warts and all, and then I will do the implementation, and then we will actually get back to selling the thing that makes this business run.”

Nathan:  That’s where if you’re teaching a skill that other people use to make money, and you’re teaching it to people who have money, so that can be programming, design, marketing, anything, if it meets those two criteria, then people will happily pay to save even a little bit of time, because they’re businesses and they’re looking at profit, and loss, and those factors. That’s how it’s easy to justify a price of $250, or $500, or more if you can demonstrate that it delivers far more value than that and saves far more time.

Patrick:  Yeah, definitely. And there will be people, when you announce, that say, “Oh, you jumped the shark. You sold out. Nobody will ever buy this. Yadda, yadda, yadda.” Everything I’ve ever done, from Bingo Card Creator on down, I had at least a few people saying, “Nobody’s going to buy this.” At some point, I’ve just come to accept it. There exists that psychograph of people who just are fundamentally unhappy with the notion that products sell. That they’re empirically not that good at predicting that because all products ever have sold. So, I would just discount that opinion when people say it to you.

Nathan:  I’m going to, I think, misquote you when I say this but you mentioned it in a Hacker News comment on…I think it was for my book “Authority,” when it came out. There was somebody complaining about pricing and other things about it. Your comment was something along the lines of, “This is like the vegetarians complaining about the prices from the hot dog vendors.” Basically, these aren’t the people who are buying your product or who have any interest in your product and so their opinion is not really relevant.

Patrick:  I released a video course about life cycle emails last October, I think. It was largely focused for people who had businesses at a certain amount of scale. My typical consulting client was, at the time, 10 to 50 million dollars a year in sales. When I had an idea of the person I was writing for, it was really someone who had the official title, “Chief Marketing Officer,” or “Head of Product,” or something like that at a business that was at or near the scale of my consulting clients. Maybe at a million dollars a year of sales or at the low end a couple hundred thousand dollars a year of sales.

And then, there being many folks in the Internet who do not have several hundred thousand dollars a year of sales, people were, in the context of, “I am a $30 an hour freelancer” saying “$500 seems like a whole lot of money.” Whereas it just doesn’t, when you’re selling software licenses and they cost $20,000 a pop.

It was hilarious feedback I was getting because I was getting the, “Oh, it’s crazy to charge money for this free blog post on the Internet. Yadda, yadda, yadda.” And the feedback I was getting from some of the potential customers where it was like, “We are literally incapable of tracking a number this low on our systems. The expected value of a single lead exceeds the price of this course by several times. That is making it difficult for me to convince my boss to buy it.

Somebody literally asked whether they could just write an extra zero on the invoice.   That is two requirements: A, get an invoice but B, write an extra zero on it to convince the boss that it was worth the money.  Amazing, right?

Have Multiple Packages At Different Prices

Patrick: That segues neatly into the next question, packaging. One thing that’s worked out very well for you is having…I don’t know what the word is. One project, one overarching brand for a product but having multiple ways to deliver that product or multiple packages at different price points. Can you walk us through how you got started with that and how you think about packaging?

Nathan:  Yeah. Really quickly, the idea is…Or how it’s come out in practice is I have a book. We’ll take “Designing Web Applications” as an example. The book, to me, is the core product. It’s going to be…Not that this matters, but 150 pages of content. That’s where I put the majority of my effort. But then, there are other things, other useful things that could go with that. I’ll price just that book at $39. But then I think, “What other things could I include that will save someone time?” Because there are people who value their time far more than they…They value it at a higher rate. And so, I want to think, “What can I include that will save them time and they’d be willing to part with a little bit more money for?”

And so, that’s things like much more specific video tutorials on specific actions or Photoshop templates, code samples, all those kind of details. I also think about what would provide additional value, just as an educational resource. It may not save time but it’s more things. And my favorite there to do is interviews. I don’t like interviews as the product themselves. I like them as a value add to an existing product.

And so, I’ll get a bunch of different, fantastic people to sit down for half an hour or an hour and I’ll interview them about the topic. So for “Designing Web Applications,” I interviewed Ryan Singer and Jason Fried from 37signals who are fantastic product designers. I interviewed Trent Walton who had just redesigned Microsoft.com. And just was able to gain a lot of insight into their workflow and process, but also bundle that up and include it with a top tier package of “Designing Web Applications.”

And so, what I ended up with taking the book and all that other content and dividing it into three packages priced at $39 for just the book and I think there was a few other little things in there with it. And then $99 for the book plus some of the video tutorials and some of the interviews. And then everything, all the interviews, more tutorials, more code samples at a price like…I went with $249.

What that does is it lets your customers segment themselves. The freelancer who makes $30 or $40 an hour can buy just the book, get a ton of value out of it, hopefully implement all the stuff, and be a really happy customer. Maybe the design consultant who charges a lot more, values his time a lot more, can go with the middle package. Get more stuff out of it, $99 might not be that much to spend for him and the extra value is definitely worth it to him.

But then that $249 package is fantastic for real businesses because to them, once they’re holding that company credit card in their hand, there’s really no difference between $39 and $249, so long as it’s below that magic threshold of, “I have to ask my boss for approval.”

Patrick:  Which, FYI for anybody who hasn’t heard me say this 100 times, that magic threshold is generally under $500 or $1,000.

Nathan:  Yeah, exactly. If you’ve made a decision to buy this product and it’s just a matter of which version to buy, at that point…And I know this from buying stuff for my design team at the last company I worked for. I would look at it and go, “Is this higher package, a more expensive product, going to save me a couple hours worth of time?” I would do some quick math on it. “How much effort and time will this save my team?” If it was more than a couple hours, then it was totally worth it. There was one time I was buying a WordPress plug‑in that I needed for the marketing site. I only needed a single site license, but I was thinking about it and going, “Well, at some point in the future I might need a multisite license. I could see…There’s a decent chance of that.”

And so, I bought the multisite license for the company well in advance, just to make sure that I wouldn’t have to come back to the site and remember my log in information and sign back in and make another purchase because I knew what my time was worth to the company. I knew what they paid me. And I knew that just me coming back and making a second purchase was more expensive to the company than me upgrading to the multisite license right then.

Patrick:  It’s one of those mindspace shifts where people…Both of us come from modest means. We were talking about this prior to the podcast. You get the feeling ingrained in you when you are just doing commerce for yourself that if you’re from modest means and have a very frugal mindset that a $12 purchase versus a $20 purchase is something you think about and consider and weigh the pros and cons carefully because that’s eight dollars that you could save, right? Where in a corporate situation basically nothing under the cost of one week of a fully loaded employee’s time is a meaningful amount to the company. My business these days is running at a fairly high clip of revenue and expenses. I wrote a $10,000 check on less than two hours of thought in the recent past.

Given that as my pricing anchor of how quickly I can spend money when it is justified by value to the business, $49 and $249 and $749 all round to zero for me, basically. That’s not bragging. Bingo card greeter and all this kind of a blip on the scales of a “real business.”

If you haven’t had a P and L responsibility at a company yet, it’s kind of difficult to make the shift and figure out ultimately how little pricing matters from your perspective. It makes a great difference, a great, huge difference from the perspective of the person selling it because being smart about pricing and smart about packaging can really juice your returns from doing the same amount of work.

Nathan:  Yeah, and I’ll share some numbers on that in just a second. My favorite story related to expenses and business and that kind of thing is a friend of my dad’s growing up was an engineer at a very large printer and computer manufacturing company. He had a story of in their R and D lab, they had this series of drawers, a whole bunch of different nuts and bolts and all these little parts that were all separated out into 30 different drawers and labeled perfectly and all that. He was walking along and he bumped into it and knocked the whole thing on the floor and made this disaster. Everything’s mixing together of all these parts. And so, another engineer jumps up to help separate it all out and so he fixes it. He just grabs a broom and a dustpan and sweeps it all up and throws the whole thing away. The engineer’s like, “But those parts are worth money.”

He’s like, “How much are they really worth? $15? And we’re going to spend an hour’s worth of time, both of us, separating this out and cost the company $300 or more? Not going to happen. Throw it away and move on.” That just shows how, when you have a sensible approach to pricing, it makes a big difference.

But referring to how it makes a difference on the seller’s end, “Designing Web Applications” made $26,500 in the first 24 hours after it came out. Had I just used a single price point, so had I not given the people who wanted to pay more an option to pay more because if the $249 price wasn’t there then I wouldn’t have had fewer sales, necessarily, or I wouldn’t have had more sales. It’s just those people who would have paid $249 would have just given me $39 instead. Had that not been there, I don’t have the exact number in front of me but it would have been about $8,000.

Patrick:  So essentially, for similar amounts of work to develop the product, you made and extra ‑‑ let me do the math in my head ‑‑ 220 percent or so because you were savvy about your pricing strategy for it.

Nathan:  Yeah, exactly. Every time I’ve seen multiple packages in use, both when I do it and when other people do it, it consistently doubles revenue if not triples revenue.

Patrick:  Right. This is something where it’s very rare to find tactics which are just magic win buttons that work in every situation. This is one of them. Sort of like charge more, which, by the way, charge more. That’s both for the people listening to this and, honestly, I think the two of us could hear it, too. I remember Keith, my co‑host, had to talk me out of pricing my first product at $79 and then eventually went up to $249 for the early adopter discount and then basically $500 for the ongoing sales of the product. That obviously created a significant value for myself and my customers.

So, A, charge more but the multi‑tiered structure for packaging, much like the multi‑tiered structure for Software as a Service, is very, very good at reducing the absolutely absurd amount of customer service that these products would otherwise generate. The case where we’re selling something to a business for $49 which they’re going to turn around into several hundred thousand dollars worth of additional business for the company.

Nathan:  Yeah. My favorite part about it is, you can get more revenue based on the value you’re providing. Every company does not get the same amount of value of your product. You could let them pay based on the amount of value they’re likely to get, and you don’t have to exclude the people at the bottom end level. The freelancers can still afford my book at $39. I don’t have to completely exclude them.

Patrick:  That’s, also, for some people, been that particular point, has been a way to assuage their inner worries about charging more. For example, some people are very concerned about distributional access to their things. They don’t want to exclude folks who are starting a business or less well off than other people. Given that you know you have an affordable entry point into the product, then there’s no reason to feel guilty to about charging $500 or $1000 to the firms who can afford it. I’ve seen a lot of people be pretty successful at that. Personally, I almost intentionally wish I could. Like Mark, something that I very nearly did last time and I might do this time for my product, was asking a quick four question questionnaire, like “Do you already have a business that is making at least “x” amount of dollars? Check this box. If you do not, check that box.” So it physically not let you buy it because it depends on the kind of product. You’re delivering advice on the product. It’s only going to meaningfully create value for people who are already operating a business at scale. Obviously, both their point of view and from my point of view, I would prefer not to sell to people who are not going to get the value from the product.

Nathan:  Yeah. I think that’s good.

Patrick:  So echoing your tale of just put a packaging structure in place it being an auto-win, you can do something which we would call in software a “site license.” Instead, you can buy it for yourself or, if you want, to share it with your team. It’s not DRM‑ed or anything. You can download it and put it on your server. Just by the, I think I called it the corporate package, which was four times the price. There was, absolutely, nothing about the product during the implementation. There was no DRM on either version so it was, either, files which you could download, and watch and do whatever you can normally do with files, or files which you can download, and watch and do whatever you normally do with files, but could explicitly show it to other people. Now, I know you haven’t had quite as much success on the site licenses I have. What was my success on that? I was selling these site licenses of between $1000 and $2000. I think just for the cost of putting one extra paragraph on my page I got, I remember, it being like low five figures of marginal revenue associated with that. I would have to run SQL in order to verify that. It was, obviously, clearly, worth doing for me. And, clearly, worth buying for the company because a lot of them said, “Oh. Yeah. We listened to advice and turned it into a six figure campaign. Congrats.”

At that point, the $1,000 price tag really isn’t all that much compared to how much they got out of the advice.

Quick Tips on Selling Team/Site Licenses For Your Products

Patrick: Anyhow, the reason why I think the site license worked better for me than it has for you is, both, mine was competing with less options. You already have the sophisticated tier structure in place with  three different tiers. Then you had the up sale to the site license which was presented in parallel to those three.

You didn’t give it the same weight in either the copy, or the visual presentation or anything. You would have, really, had to work to find the site license on your site.

Whereas on mine, it was given equal visual weight to the core product. Also, in terms of who we sell to, your market is largely designers, mine was by construction just B2B software firms. B2B software firms have a very particular notion about the importance of intellectual property in terms of the makeup of the people who work with them, their business models, the way they treat things internally. A lot of them will err on the side of caution when given, even, a nudge in the direction of “BTW. This is intellectual property, you can’t just put it in the company drop box like I know you’re going to want to do, but that’s something you could buy.”

And then a lot of them, seeing that will be “Oh. That is something I can buy. That is something I will buy.” This comes naturally to folks working at a software company.

Nathan:  I think it’s important to think about, like you said, who the target is and how much they care about intellectual property and copyright. That said, I think that my audience, there’s enough design teams, that would be interested in the product, that I think it could have been a good fit. I think the area that, maybe, not as many people would have gone for the site license as a percentage as with your products just because of the fit and focus. But I think the biggest mistake that I made…And this copy is still on Nathanbarry.com/webapps if you want to look at the copy and design for that part. Pay attention in order to find the site license. That’s part of the mistake is that I just said one line about, “If you like to share this with your team, buy the site license for $1000 dollars.” I went with the 4x price, as well.

I don’t think it triggered any red flags for people as far as on the copyright side of things. Like, looking at your copy, it triggers something of, like you said, “Hey, this is an intellectual property issue. You need to pay attention.” Whereas mine says, if you want a site license go buy it. It doesn’t trigger any thoughts of if you share this with a lot of people, it’s a copyright violation. So copy matters.

Patrick:  Copy definitely matters. That’s something that we see over and over again in our work, both, for ourselves and for other people. I’m going to read out the copy that I use for this because I like it. You can see it at lifecycleemails.com if you plug that into your browser. My sales page is still up and still making sales. It’s probably something we should talk about in a moment. “Do you have a few people at your organization who would benefit from taking this course? No, problem. We sell group licenses, too. You can either grant your coworkers access to the course on our site or you can download the material and host it internally. One corporate license covers up to 100 people within the same organization. We trust you not to abuse our confidence. No DRM is involved.” That positions it as it mentions like obliquely the IP related thing. It doesn’t wham them over the head with it.

As long as we’re talking about IP, and DRM and whatnot, what’s your stance on piracy? I know a lot of people are like, “Oh. God. You’re selling files? People can copy files? You’re going to lose all your money to people copying it for free.” Empirically, how’s that working out for you?

Nathan:  I make money from my products. People by them. They’re quite available on torrent sites. You can go check them out. Go Google “Designing web applications,” I don’t know, “Free download.” Whatever you would add on to the end of that. Actually, you can just probably Google the product name, and click to the second page and you’ll get free downloads. You might get some viruses along with that. It’s widely available to pirate. I didn’t add any DRM. I am quite happy with the amount of money I’m making. I just don’t worry about it. I don’t want to give my customers the idea that I don’t trust them. I don’t want to frustrate them with DRM or anything like that. Basically, I don’t want to potentially jeopardize a relationship with somebody who I care about and who cares about me in order to potentially stop somebody who will probably never buy my product.

That said, it might be worthwhile to hire a freelancer to get Google to delist some of these, at least so they don’t show up on the first page of results, but otherwise, it’s just not worth the effort.

Patrick:  I think more than the minimum of effort placed to secure things is probably a loss. Especially, in our industry/things we are selling. I’m a heretic on DRM with regards to software programmers in that I understand why it’s valuable for people in the content industries like video games, and movies and whatnot. They have a sales cycle which is dominated by the first 48 hours and first one week of sales. Even if they can delay the appearance of a crack by six hours, that makes a meaningful amount of revenue for the business. For sole proprietors like us who have products like these, it’s basically, anything above the minimum amount of work to keep honest people honest is a net loss to you. The minimum amount to work is requiring a credit card to download and don’t make the link copy, pastable to other people. I think you use Gumroad for fulfillment, right?

Nathan:  Yeah. I do. They’re fantastic. I love the team over there and highly recommend them.

Patrick:  I met them through the BaconBizConf where they were one of the speakers. Ryan Delk, I think he’s the founder, came out to there, we got to… [crosstalk]

Nathan:  Yeah. He’s the head of their business development.

Patrick:  Got you. Yeah. It was great fun and they’re style of folks. I did all of my delivery/fulfillment through an application which I coded largely because, at the point, where I was launching this list year, I hadn’t done any hard core programming in a while and really wanted to. It’s absolutely the wrong choice. Nobody, is not buying your thing because it doesn’t have the custom coated shopping cart.

Nathan:  Right. You hear people, somebody said this the other day where they, really, liked Gumroad’s implementation of the check‑out process, which is fantastic. But what they didn’t like, is government charges a five percent fee so that includes the credit card processing plus, I think, 25 cents. Whereas “Stripe” charges 2.9 percent plus 30 cents or 25 cents, somewhere right in there. So “Stripe” is 2.1 percent cheaper. So this person was going to rebuild on their own, because they had the technical skills, the Gumroad checkout process almost exactly in order to save 2.1 percent on each transaction.

Patrick:  Right. It’s absolutely insane like you’re committing yourself to doing the barebones implementation of doing something like this is between three to five days of work. If you figure you’re first info product is going to sell so you’re fairly successful with it because you’ve heard from Nathan, and Brennan and myselfand you’re not making all the mistakes we did on our first one. So you sell $100,000. You saved yourself of $2,000 of tax write‑offable costs for a week of your time. Whereas, if you had spent that week, you know your existing consulting business, you would presumably have made a lot more. Or if you had spent that week rather than duplicating the table stakes to entrance, you had just worked on your copy, you would be at a multiple. It’s absolutely insane how important copy is, like headings and whatnot, the calls to actions on buttons.

I’ve seen people who have coded their own shopping cart and it was more important to them that it worked than all of the little details received adequate attention. They left the button on the buy page be “Submit”.  [Patrick notes: Elements of this story have been changed to protect the innocent guilty.  And, as always, I will cop to having made mistakes at least this forehead-slap inducing before.]

Nathan:  [laughs]

Patrick:  Where, I’ve got eight years of A/B testing experience, at this point. I can pretty much tell you that if you had thought to change that button, that would be worth like 20 percent of sales. But you didn’t think to change that button because you had just spent a week building a shopping cart when you should have just been pulling one off the shelf from Gumroad or any of the numerous scripts you could drop in and get this to work.

Nathan:  Yeah. There are all kinds of other factors. Like its fascinating talking to Ryan from Gumroad about all the stuff they do on fraud prevention. There’s a lot of stuff that goes into processing payments that you don’t see in an interface.

Patrick:  Yeah. I tend to think, and again, do what I say, not what I do, unless you are very sure you’re going to add value to your implementation, go with one of the people you can buy to do this.

Nathan:  Unless you really want to code a shopping cart.

Patrick:  Unless you really want to code a shopping cart.

Nathan:  Go for it.

Patrick:  The Gumroad guys did try to sell me aggressively a few times. I told them, one of the reasons I said, “No,” was I said, “Look. It’s my professional competence to build check out flows because I do that for consulting clients.” So the experience of coding one more where I can actually share the results of doing it adds value to me. I don’t think that’s totally a self‑serving excuse because I wanted to build a shopping cart, but there are perhaps those two things together in solution.

To change topics briefly, you mentioned a few minutes ago that you threw interviewers into one of your top tiers on your packages. I want to talk a little more about interviews because, I think, interviews are underappreciated as a promotional tool. One of the reasons that a lot of people do interviews to either supplement a product or as the product itself is that, candidly, the creation costs for interviewers are less than writing an equivalent amount of stuff yourself.

Nathan:  Absolutely.

Patrick:  I guess, you turn on the camera, get an expert in front of the camera, hit record, talk for 30 minutes, stop hitting record and that has a certain amount of perceived value which, generally, tends to scale up with the perceived expertise of the experts and what they say in the interview. In addition to the content creation costs being lower, if you are interviewing experts, experts typically already have their own following. The first thing they do when you release your thing and say, “Hey. Thanks for being a participant in my designing web applications. Your interview is in the top package, and I released it today.” They will promote that to their audience/their community, which since they typically have a larger audience community than you do, and many of that audience community will follow them wherever they go, that gets you exposure to people who are willing to buy your thing because that expert or that person they trust was in it.

Nathan:  Yep. Absolutely. You give them a copy of the whole product, which since it’s just information, that doesn’t cost you anything, and you include that with an email of, “Thank you so much for being a part of this. I really appreciate it. Here’s a free copy of the book and everything. Here’s the link if you want to share it.” In general, that’ll get, at least, 50 percent of the people you interviewed to share it. At least, and that’s worth a ton.

Patrick:  Every time I get interviewed in something, I, at the least, tweet it out and I generally send a brief notification on my email list on the next scheduled email, “By the way, if you guys want to hear more from me, I was interviewed in this book thing.” I’ve heard from people who use unique tracking, everything, that just the tweet can be worth 20 sales. It takes me a minute to compose, and then all of 10 minutes to compose the email to me asking for it so worth it at the margins right?

Nathan:  Yeah. It’s also a fantastic way to get to know people who can deliver a ton of value to your business and all kinds of things.

Patrick:  Because after you’ve done something together, you’re no longer strangers.

Nathan:  Actually, a perfect example is you and I, where I think we exchanged some comments on “Hacker News” and, maybe, an email about pricing. I think your exact comment was something like your pricing is the first non‑stupid pricing I’ve seen on “Hacker News,” or something like that.

Patrick:  Yeah. I was very impressed with it going on.

Nathan:  [laughs]

Patrick:  That’s right. This trajectory has happened a lot for me in recent years. Get to know someone through “Hacker News,” swapping an email occasionally. Then you interviewed me for one of your products, I think, “Designing Web Applications?”

Nathan:  Yeah. Because I wanted to cover the business marketing side of it. I always give people an introduction to that. So we had that brief exchange about pricing. Going back to the pricing conversation for a second, I had lower prices for the “App Design Handbook.” Based on your feedback, I increased them to the 39.99 to 49 prices that we talked about earlier. Yeah. We did an interview, included it with “Designing Web Applications.” It’s just a great way to get to know people because you and I have talked a lot since then, hung out at conferences.

Patrick:  Yeah. We’re definitely moving past Internet buddies into that professional acquaintances/friend stage of the relationship which it sounds a little odd, sorry.

Nathan:  [laughs]

Patrick:  I can be a little socially awkward at times. I’ll own it. It’s a real thing, right?

Nathan:  Yep. Exactly.

Patrick:  There are definitely people who…Some of my good friends are people who “I met on the Internet.” If you hang out with somebody for a few years, there’s no other word for it. You’re friends or you’re not. Anyhow, obvious to the two of us, but perhaps not obvious to the people listening to this. When you’re approaching 10 different people to do interviews, what sort of monetary incentive, are you offering them to do these interviewers?

Nathan:  I get this question a lot. The answer is zero.

Patrick:  I think we’ve both covered this topic in depth with other people. But somebody, not you, but a different person who was asking me for an interview for a book that they were launching which they were going to price it like $20 asked what number they would need to offer me from that to make it worth my time. And I said, “Look. I like you. I like the idea for this project. It was something I’m doing, making a SaaS in a sense like a sideline, side project. I said, “I like you. I like the project. I will do the interview. Candidly, there is no amount of money that you could reasonably offer me from this project that makes a darned bit of difference to my financial situation for this year. So don’t.” I think you got Jason Freed to do an interview with you. You could ball up your entire business and my entire business and drop it in the 37signals bottom line and I don’t know if anybody at that company would notice. Offering $3000 to get on the phone with you would not necessarily move any needle for Jason Fried et al.

Nathan:  Yeah. Exactly. He’ll do it because he wants to help out, business people, people putting out products, and he’s a nice person and generally wants to be helpful. But as soon as you start talking money and how you’re going to offer him five percent of your product that may or may not make anything, it just gets weird. Don’t ever bring that up.

Patrick:  It’s that thing, predictably, irrational where people have one schema for evaluating monetary transactions and they have the other schema for evaluating non‑monetary transactions and they operate in different fashion. I’ve got a rule…This is by the way a hack around for me having issues with socializing when I was younger, I always say yes when people invite me to do things. Unless I can articulate a good reason to say no, I say yes. If you invited me out to a party that was happening later today, I would say yes. Then maybe think about whether there should be any reason for saying no rather than doing the thing that I would default to when younger which is saying no just because my brain would cook up some rationalizing, but it was really I’m terrified of going to the party.

Nathan:  [laughs]

Patrick:  So if you ask me, “Can we hop on a Skype chat and I’ll record it and put it in this product?” Like 99 percent of the time, unless I have a date with my wife or something that you’d be bumping, the answer is yes. But if you ask me to do a business proposition, then the cold blooded business man in me comes out and very few business propositions are going to be worth my time.

Nathan:  Well, a classic case of this is with people doing open source software development, you’ll get some really top notch developers who will pour hundreds and hundreds of hours into these projects, all for free, never get any money directly out of it. So somebody will come in and go, you’ve put all this time in, I just need something slightly different. Can I pay you $25 to make this change? As soon as you say that, “Well, hold on. I’m a $200 an hour consultant.”

Patrick:  It’s like boom, slapped in the face.

Nathan:  ”Not only am I not going to do it, you’re offending me. You don’t value my time at all.” If you ask them to do it for free, chances are they would do it, but you’re right, it’s that two totally different mindsets. If you want to interview people, if you want to help somebody, ask very nicely with a pitch very specific to them, that you didn’t just copy and paste to a whole bunch of people, and most likely they’ll do.

Patrick:  The single best thing that can convince me to give the rest of the email some thought is some serious thought in the first few sentences I follow you, I’m familiar with your work, and have a reason why you in particular should be contributing to this thing in particular, rather than, “And clearly I wrote a list of 10 people who have a name in our space and am emailing it out to all $10.” I hate to sound like I’m an Internet celebrity, because I’m not. There are people like…Nathan and I are much closer to you, podcast listener, than we are to the 37signals or the Joel Spolskys of the world. But, it is a fact of nature, we do have a certain amount of audience.

If you are doing a product on A/B testing, conversion optimization or running a small software business and you can tie that to things that I’ve written before or things that I’m clearly passionate about, than I want to say “yes” to that.

Whereas if you’re just doing “How to Start a Start Up,” or “How to Get Venture Funding,” than I don’t know if Paul Graham is too busy to get interviewed for something like that. But Paul Graham would be a much better person to interview than I would be. “How to Get Venture Funded”…I don’t know.

Nathan:  You have a lot of experience that area…not.

Patrick:  Get into Y Combinator. That will help grease most of the skids for that. If you had a question then, “How to Get Into Y Combinator,” and being on “Hacker News,” like it’s my job, might give me some idea of what to tell you. I don’t think that would be something that I would make people pay for the advice for. Anyhow, wow, D, we’re at about an hour and we got more to cover, so mind if we move on to the next topic?

Nathan:  Sounds good.

Patrick:  The beating heart of both of our businesses is an email list. I think that even when I say that it is the beating heart of our business and probably, in my case, I think if I were to produce a formal statement of assets and liabilities, my email list would come in right under the accumulated value of my IP. For the business I think, you might…with circumstances for your business it might actually be the other way around. And yet people do not understand this, so let’s wax rhapsodic, or whatever even more about how you should have an email list and be sending stuff to it. You first.

Nathan:  I put having an email list as the second most important business realization that I’ve ever had, the first being that you should teach. Email lets you teach to people in a reliable way, and reliable and consistent. What you said about business assets, I would consider my email list, and it’s not massive, right now it’s 7,000 people, to be the most valuable asset that I own. It’s probably more valuable than everything else I own combined, more valuable than my cars and whatever else, not that I have a lot of assets, but it’s worth a ton, and I can’t understate that.

I can’t say that too strongly, but I should point out it’s not that I have 7,000 emails separated by commas that I can download and do something with. It’s that I’ve built up a relationship, and I’ve taught useful things to 7,000 people over time.

Patrick:  I think, when we talked about it in marketer speak, that just the phrasing of list, it gets people…like that obscures the fundamental relationship, which is that… Maybe the better way to think about it is not that you have a list of 7,000, but that you have 7,000 relationships created with people who trust Nathan Barry as their go‑to guy on these subjects, not just any 7,000 people, but largely 7,000 people who have a deep amount of interest and need for the sort of thing that you make, and ability in many cases to pay money to buy it.

Nathan:  I guess the important thing that I want you listeners to take away is that how email…the consistency of it. I asked at the Bacon Biz conference, it’s a room full of bootstrap‑ers, and software people, and all of that, and I asked, “Who likes recurring revenue?” and there’s a good chuckle from everybody, as everybody raises their hand. Recurring revenue is awesome because it’s predictable, your customers who love you the most keep paying you, in theory, it grows over time, you’re going to have a certain amount of loss, and so long as you can exceed that with growth, then you make more money than the previous month, all kinds of awesome things.

I had a realization that email is like recurring revenue for traffic and visitors. I looked at my traffic stats for my blog, and they were all over the map until I started building up a good email list. I could have traffic that went up a huge amount one month, because of a story went viral or whatever, and then drop significantly the next month. It was crazy and all over the map, but email, I could just keep consistently growing that list.

I’d lose some every time I sent an email, but so long as I gained more than that, my list grows every time. I have a relationship with each one of those people, so to me, email is the same idea as recurring revenue, but for getting visitors and engaged readers to your content.

Patrick:  I totally agree with everything you just said. One of the reasons I created my email list after years of not doing it, which are years that I very much regret now, because there were hundreds of thousands of people who visited my blog over that time that I have no way of getting in touch with ever again, like you, I had a blog. There were many articles which were very well received on it, and there were, on any given day, 500 or 1,000 people would make it a habit of checking to see whether I posted a new thing.

But aside from those folks who are like in the inner circle of really love everything you do and want to hear about it, there was no way for me to grow that number effectively other than just publish, publish, publish, and no way to reach people in any more deliberate manner than just posting something and hoping that it got good distribution on Hacker News and whatnot.

Partly as a business owner, no matter how much you like any distribution channel, you never want to be totally locked into them, and then partly as just like a regular old Hacker News denizen, it’s weird, but I occasionally ask for my things to be on the front page less, just because I never want to burn people out with them or give people the impression that I’m explicitly using Hacker News as the “Me, me, me all the time” marketing channel.

One of the benefits of having the email list was that, by construction, since people have asked to get it from you, it can be the “Me, me, me” show, as long as…well, it shouldn’t be the “Me, me, me” show. It should be the “You, you, you” show, that every email to them creates value for them, whether you’re teaching them new things or potentially giving them some sort of sales message for something that would create value.

It can be a…how do I want to phrase it? It can be rather more focused on things I am doing than, say, blog posts could be without coming off as quite self‑absorbed.

Nathan:  Yeah, because they opted in to hear from you, and at any time, they could opt out, so you can guarantee that these people want to hear from you.

Patrick:  Right. Speaking of opt‑outs, by the way, a great line I heard from Joanna at Copy Hackers was that the unsubscribed is not something you should take as a mortal insult. It’s just like the email equivalent of hitting the “back” button. We’ve all see the stats for our blogs. We know that a lot of people won’t read it, they’ll just hit the “back” button and whatnot, and we’re OK with that, but then we get the report from MailChimp that says, “You sent out the mail to 7,000 people and five people unsubscribed,” and then we get that feeling in the pit of our stomach, like, “Oh God, what did I say?” It’s not something you have to worry about at that level.

It’s like, one percent of the list on every email, then you have to worry about it, but some people are going to decide that it wasn’t for them, and that’s OK. I’ve said it in various degrees of seriousness, but 500 people who don’t like what you’re doing and three dollars will buy you a cup of coffee, but three dollars might not actually buy you a cup of coffee these days.

Nathan:  Yeah, and something…I think this is from Ramit Sethi, where he talks about actively trying to get people to unsubscribe, just because if somebody doesn’t want to be on the list, then they’re never going to buy anything from you, and you don’t actually want them on the list. That’s why you make it super easy to unsubscribe, and Ramit goes as far as sending out email saying, “1,000 of you should unsubscribe.” I think he had that as a subject line.

Patrick:  Can we go back in the time machine from…do you remember back when you had no email list? What was the first thing you did to start growing?

Nathan:  I put up a landing page saying, “I’m writing a new book called ‘The App Design Handbook,’ and put in your email address to hear about this book when it comes, and to hear about the process,” which, by the way, if you put together a landing page, the email opt‑in form is the most important thing on the landing page.

Patrick:  By far.

Nathan:  By far.

Patrick:  Headline email opt‑in form. Everything else is quite secondary for a page that doesn’t have much content on it.

Nathan:  Yeah, and you don’t need a lot of content. An email address is…you’re not trying to get them to spend hundreds of dollars, so there aren’t a lot of objections to overcome, other than, “We won’t spam you. I promise.” I put up that landing page, and I tweeted it out to my 412 followers, and I got 10 or 15 people who went to the page and said, “Yeah, that’s cool. I want to hear about that.” Those 10 or 15 people started at the list. A few people posted links to it. I emailed a few friends who were designers and said, “Hey, could you share this?” Through just kind of that activity, I got, I think, 30 or 40 people who said, “I want to hear about your process making this book, so I can hear about it and maybe purchase it when it’s ready for purchase.”

The great thing about that approach is you’re not getting random people who may or may not be interested in a product. They already told you, “I’m interested in this product,” so it’s not a matter of coming out with a product later and wondering if your audience will want it. If you start with product first, then you’re going to get higher conversion rates from email to paid, just because they already expressed some level of interest.

From there, the landing page got shared around a little bit. I think it made it on Hacker News, on the home page for just a little bit, and that brought in 150 email addresses, so I was sending out like 200 then. Then I wrote a detailed blog post about designing iPhone applications, and at the bottom of that blog post was that same email opt‑in form. “I’m writing a book. If you want to hear about it when it comes out, and hear from me a little bit in the meantime, drop in your email address.”

Patrick:  It’s the great underused technique for getting emails. How did that work out for you?

Nathan:  It continued to grow, and an important note is that this email list didn’t grow in silence. I knew that those initial 200 people, that they wanted to hear about designing iPhone applications, so I wrote this tutorial and I sent to them, and I said, “This is kind of related to the book. I think you’ll like it.” With that, I said a short paragraph of like, “Here’s how’s the book is coming along,” just so that three months, when I said, “The book’s here. Buy it,” they will have a clue who I am, because I stayed in touch and provided value throughout the process.

Patrick:  That’s honestly one of the biggest stumbling blocks for people with email, to keep the list warm by continuing to deliver value to it.

Nathan:  Yeah. Those blog posts that you put out…well, first, I guess what I should say is, linking to a landing page for a book, people will do that, and they’ll share it around, but it doesn’t actually provide any value right away. It doesn’t provide any value to the reader. If I share it with my Twitter followers, I tend to do it more as a favor to the author, because I think it’s a cool thing they’re doing, rather than because I’m like, “Oh, my readers really need to see this,” because it’s just an email opt‑in form.

Patrick:  I think you can…that’s true, the way most people do it. I think there’s definitely ways to structure the page, even if it’s just an opt‑in form, such that linking it to your audience does provide value to you. For example, so much of social sharing is based on trying to project an image of yourself to people. That’s why there’s like 600 political related thing in my Facebook feed right now, and not so much that someone was like, urgently, “This particular post is the best thing I have ever read about issue X,” but rather, “I have a position on issue X which I want to broadcast to people, so I will share this post.”

If you had an opt‑in form which, even with just one sentence, a really focused copy, like planted a flag in the ground, if that was something people wanted to sign on with, I think they would retweet that just to sign on for that movement, and to demonstrate to people that that represented them. What’s a good example to come up with that?

Somebody I know just recently put up an opt‑in page for a book on Ruby on Rails security, a topic near and dear to my heart, and they said…their one sentence of arresting copy was, “Your Rails application is broken,” like security‑wise, and that’s not the exact copy, but, “All applications are guilty until proven innocent. You’re not doing it right. I will teach you how to do it better. Give me your email.”

A lot of people retweeted just because they endorse that message of, “If you haven’t seriously thought about security, if that hasn’t been the number one issue on your plate for a while, then yes, your application is broken.” Does that make sense?

The other thing that works really well for getting distribution for landing pages is to have some sort of free goodie that you can give people in return for their email address, and then plug that goodie in other places, for example, doing guest posts with a, “If you’re interested in this topic, go here, and I will give you a one‑hour‑long video on blah, if you give me your email address.”

Or for people who do conference presentations, just having a bit.ly URL to your landing page, and put on the last slide of your conference presentation, “If you’re interested in this topic of the conference presentation, you can get…the term of art is a premium, but you can get this free valuable thing from me by going here and giving me your email address.” If there are 200 people in the room, you can get 20 emails like that…

Nathan:  They do.

Patrick:  You can put that in podcasts as well, do the Rob Walling kind of podcast tour to drum up interest in your thing, which kind of makes me want to ask, do you have any landing pages that people should be on?

Nathan:  If I was going to follow up with that right now, I would say something like…it’d be better if it worked into the conversation, but I have this email course on how to launch products, and if you go to nathanbarry.com/launch, you can get in on that free email course, and over three weeks, get some awesome content on exactly how to launch products.

Patrick:  That would’ve been a much smoother way to introduce it, but yeah, exactly like that. That’s something that you can do in virtually everything. You can also give that pitch to people in one on one, when you’re just shopping around your idea in your local community. I think the AppSumo guys were very smart about it. They said, “How do people get their first 100 customers, or 100 sign‑ups to an email list?” and it’s largely just by banging down doors like that.

Nathan:  One thing that I did very recently is I wrote an article for “Smashing Magazine,” and it was titled, “How to Launch Anything.” It’s my exact product launch plan, kind of my formula that I followed for three books now, exactly how to do it, but at the end…I always feel weird in guest posts. It’s kind of lame in a guest post to say, “If you want to learn more about this, buy my book.” That’s kind of an awkward transition, I think, and a lot of editors on sites will be like, “Really? That’s too self‑promotional.”

A great transition, and one I did on the “Smashing Magazine” post, is at the end, I said, “I don’t want your education on product launches to end here. You just read a 3,000 word article. That’s great. There’s much more to know. We could dive a lot deeper, so I put together this email course just for you guys. It’s at nathanbarry.com/launch. Go check it out, sign up, and we can continue this conversation, and we can dive a lot deeper over the next few weeks,” and that did very, very well.

Patrick:  I think that is excellent, excellent positioning. There’s multiple parties that have to be happy with that, and the circumstance we’re using, someone else’s audience, obviously the editor at “Smashing Magazine” has to be happy, you have to be happy because, ultimately, it’s your work and your business, and the readers have to be happy, and that’s kind of a meeting of those three. Sometimes conflicting interests where it works for everybody.

Nathan:  Yeah. And then, in that email course, later on in the process, I can pitch my products, and that’s totally fine.

Patrick:  Yeah.

Nathan:  So long as the email course provides a bunch of value on its own. But, two, three weeks in, I can give a, after casually introducing my product, later on I can give a hard pitch for it, and that works great.

Patrick:  Right. And people have less, not like memory a human would have memory, but memory in the homeopathic sense that homeopaths think that water has memory, which it doesn’t. But people on an email list have even less memory than water in that sense. While they’re a good source of traffic and bad sources of traffic given roughly consistent user demographics and whatnot, and connection of the need that got them onto the email list in the first place, their behavior downstream doesn’t strongly reflect how they got into it, a guest post versus a post on Twitter versus yadda, yadda. With, again, that very importantly given roughly similar demographic and need fit.

If you assume that folks on Smashing magazine are also designers, they are likely to be just as good for fits with the Nathan Barry ecosystem as folks who are coming in from a hacker news thread or yadda, yadda.

Just to give a story from my own experience, when I realized last May that I wanted to start an email list, not May a couple of months ago, but 2012 May, the first thing I did was put together a 45‑minute video on designing the first run experience of web applications because that’s something I have a good deal of expertise in and went fairly well as a video format and was something that I hadn’t done to death before, to be honest. I said, if you give me your email, I will give you this 45‑minute video.

It was not planned. Sometimes things just seem to fall into place retrospectively. I thought I was eventually going to be releasing some sort of product to the list after I had it. The priority at that point was to have the list and not have a use for it rather than have a use for it and not having it.

But it turns out that I eventually had a product that had a lot of video. By construction, if I’m asking people to sign up for the list to get a free video, it’s going to be people who appreciate consuming video rather than don’t. There are some people who listen to podcasts but don’t do texts. A lot of people will read hundreds of thousands of words from me but hate…

I’ve been told that my voice grates on people, or they just don’t listen to anything or whatever. And similarly, there are video people out in the world, so if you’re going to be selling video, attracting video people is a useful thing.

It also, the first video, you can still see it at training.kalzumeus.com. It was really, really rough. My equipment, my process for taking the video and whatnot were not exactly where they are right now. But that gave me an opportunity to get the kinks out of the process and a 45‑minute free video rather than the five hours of paid video where quality issues would be more apparent and looked on in a harsher manner.

Nathan:  Exactly. The takeaway from that is, if you’re using a free incentive to get people on your list, have it be similar in style and media type to a product that you think you might offer down the road.

Patrick:  Right. I think media type, character, tone, audience, yadda, yadda. It would be a bad, bad decision to get Magic: The Gathering players together onto your email list if you’re eventually going to be selling enterprise software. There is some overlap there, but the closer to 100 percent overlap that there is between your audience and the people you sell to, the better. Which, that segues into our next topic.

Both of us are kind of weird for business in that we have a product portfolio rather than just the one thing that we do. I have a very, a product portfolio which comprises a lot of disparate groups of people. Like the elementary school teachers who buy my Bingo Card Creator have zero interest in my authorship activities about selling more software for B2B SaaS companies.

Those folks have zero interest in Appointment Reminder, which helps scheduling at doctors offices and other places that need to send automated phone and SMS reminders to their clients to come in on time.

You have a much more focused product portfolio in that you’re kind of Nathan Barry, the person who teaches designers to be better at what they do and are branching out a little bit. But I really like your approach more than my approach just in terms of being able to cross‑sell to the same people over and over and over again, having a focused brand and more focused in your activities.

Nathan:  I think focusing in on your audience is really important. I wish I did a better job of it. To some extent, I have taken the approach of this is what I’m interested in. Hopefully I’ll get people who are also interested in the same things. So I’ve got a book on designing iPhone applications. A book on designing web applications. There’s a pretty good overlap between those two, designers. It may not be 100 percent overlap, but it’s pretty high. But then I branch out a little bit. I’ve got an email marketing application called ConvertKit. Some of those designers are going to care about selling products, so they will be interested in using email to do that. If we assigned a random number, there’s maybe 30 percent overlap there in some level of interest.

And then, I also happen to talk a lot about writing and publishing e‑books because I shared all the stats from my books. I’ve got some of those soon‑to‑be authors in my audiences. My latest book is called Authority and it’s on building an audience, building credibility and authority, and then how to write and sell e‑books, information products, I guess.

There’s great overlap with ConvertKit because, if you’re following my methodologies, you’re using email, ConvertKit’s designed exactly for my process. There’s not a lot of great overlap for the design stuff, but there is some. I’ve got plenty of people who have purchased all three of my books. It’s not as tight as I would like it to be. I think the person who does this best is Brendon Dun. He’s been on the podcast before.

Patrick:  Right. Brennan just passed a…Freelancers and consultants, they’re his bannermen and they will follow him into war. Sorry. I was watching Game of Thrones yesterday, if you couldn’t tell. But it works very well. There’s a consistent confluence of interest between what he’s working on any given day and what they’re interested in.

Nathan:  And the only way he differentiates is maybe what scale they’re on in their business, where he’s got some products for people who are brand‑new freelancers and then he’s got some for people who are building up an agency or a consultancy. He can run that spectrum of $40 product to $1,200 workshop, but it’s all within the same audience. The closer you can get to that the better. I have an iPad application that I made a few years ago. It made some money that helped me quit my job, so I’m very, very grateful for it. I learned a ton from the process.

But now, it’s targeted at speech language pathologists, which has nothing to do with, there’s no overlap whatsoever between them and designers or product marketers, anything like that.

It’s this product that’s sitting out there. It makes me $800 to $1,200 a month, which I’m certainly not complaining about, but it has no overlap in my ecosystem and I just don’t know what to do with it. If I was being smart, I would probably sell it off for a tiny amount of money to get rid of it or just shut it down or, you know, because it just doesn’t fit. As much as you can get a single audience, the better.

Patrick:  I think my candid and public advice for you would be either sell it for 10K or try that for two weeks and, if you don’t get any takers, then it’s probably the case that the ongoing focus drain that it requires from you would be better deployed at other points in your business. But given that there’s an installed customer base and whatnot, it would be better for them if you were able to successfully sell it to someone. Maybe someone who wanted to get into the app game and yadda, yadda.

Nathan:  Hopefully someone who had speech language pathologist as an audience, as customers.

Patrick:  That would be a great choice. Something I often see in small software companies is a husband and wife team where one of them is the domain expert and one of them is the programmer. If there is a programmer out there whose spouse is a speech language pathologist, and given that we know several thousand programmers, there’s at least somebody who’s in that combination.

Nathan:  Send me an email.

Patrick:  Please send Nathan an email.

Nathan:  Yeah, nathan@convertkit.com.

Patrick:  Speaking of which, so we’ve been talking mostly about info products, but both of us have significant SaaS experience. You’re running ConvertKit. A lot of people often ask me how you get the idea for a SaaS product that will actually sell to people. I really like ConvertKit as an example for this because it’s not a product that sprang out of your forehead Athena. Wait, no. Was it Athena or Aphrodite that came from the forehead…Athena from Zeus’. It’s a natural extraction from the business you already happen to be running. Obviously the designing web applications and whatnot are a technology‑focused business but they’re not a “tech business” in the way people usually think of where you have this pre‑existing business. It was obvious there was a recurring need in the business that could be better be met with technology than by the existing processes you were doing.

So you created that technology and you were basically customer number one for it. Given that you knew that knew that this process that you had been using was generalizable across your industry and across other industries, then you knew that there would be a market for it rather than just throwing something at the dart board and praying it stuck.

Nathan:  Absolutely. I know, since I built a tool that I want, for a process that I know makes money as far as how to email market and a lot of the stuff we’ve just been talking about, I knew that I would be a customer at the very least. Even if nobody else wanted it, I knew that I could use this tool to sell other books and products and make money. But the other fantastic thing that I love about building products for yourself is that you can actually use them like a real customer instead of using them in some artificial way. I had a tool years ago that was used by…

It was a SaaS application used by sign language interpreting agencies to schedule and manage all their freelance employees. I would go through, we’d release new features and I’d go through and test it. I would fill in all this fake data. I would click through things, but I wasn’t actually using the tool because I had no reason to use the tool.

It was all artificial use whereas, with ConvertKit, because I’m the biggest fan of the software and the person who is chomping at the bit to get new features in and all of that, I’m using it every single day and improving on it, testing it. It’s just a much better spot to be in then trying to use some tool that you don’t care about in an artificial way.

Patrick:  Given that I run Bingo cards for elementary teachers and scheduling software for the office managers at plumbing firms despite no longer being an elementary school teacher and having no experience in office management for plumbing firms, I can definitely tell you that the experience of developing a product where you’re using it “in anger” in your own business is much different than trying to guess what people are using it with. For those folks who are not building something for themselves, and I think that’s a totally valuable way to go about things, you have to have much more of your cycles devoted to being in the room with the customer, whether that’s a literal fact or kind of spiritually in the room with them, seeing how they use it in their business, rather than slinking off to the Bat Cave and coding up features that may or may not actually share on the ground correspondence with the way they use it or the way their business is run.

Nathan:  You certainly can, especially if you focus on solving a painful problem, you can definitely build software for other people. You’ve shown it with appointment reminder quite successfully, and I’ve done it on some other projects, it’s just I’m really loving the process with ConvertKit, building for myself.

Patrick:  Definitely, that’s still on my to do list. I want to try doing a course through that and see if it…obviously it’ll work. The big question for me is whether it will work in a transformatively better way than the processes I already do for it. Again, the fact that I had processes was not a reason for you not to make the tool, right? There are a lot of people that it’s their first time doing this or they don’t have a consistent way of doing email courses. You kind of get to bake in all the best practices you know from having done it for the last year and had significant success. Kind of a 37signals line having an opinionated product that delivers not just a pleasing UI and a nice experience, but also has like mini Nathan Barry whispering over your shoulder.

“The right way to do it. Here you’re going to do it like this. You’re going to put up a formula that looks like this and you’re going to schedule a course that looks like this.” You hit “go” and it will be magic. I really like everything about the product and the meta‑products around it, the strategy and where it fits in your business and in the business of your customers. On that note, just time check. We are passed the hour and a half mark, so we probably want to be wrapping it up in the next few.

Nathan:  Yeah, sounds good. Oh, I’d like to address validating the market for a product before you build it.

Patrick:  That could be a podcast in itself, but let’s definitely address it.

Nathan:  We’ll try to talk about it really quickly. Jason Cohen and a few others talk about if you can sell your idea and actually collect money from a handful of people before you build it, that’s really, really important. When I was trying to figure out what to build for ConvertKit, or what angle to take and if people wanted it, I went around and asked a bunch of people, “Is this a painful problem for you, with auto responders?” A lot of people said, “Yes.” You were actually the one person who said…I think what you said is, “You should build that software, but I would not buy it.” The reason is because you have all your own processes and that kind of thing. So, I went around and asked a bunch of people, “Is this a painful problem? Would you buy it?” Then I took it a step further and I asked, “How much would you pay for it?” And I got a number. Some people it was 50 dollars a month, some people it was…I think the highest number I got was 300 dollars a month.

Then I went further and said, “Would you pre‑order it? Would you pay for this before it was ready?” A lot of people said, “Yes,” with varying levels of certainty. There was two people that I was 100 percent certain would pre‑order it. The only problem is I didn’t have a way for them to pre‑order it right then. So what I did is I said, “OK, cool. Thanks for your time. I will check back with you in a few weeks, when I have a way for you to pre‑order it.”

I did that. I came back and the moment I came back and said, “OK, here’s a Gumroad checkout page. You can pre‑order it now.” That’s when I started to get real feedback. That’s when I started to get the, “Oh, well, it doesn’t have this feature.”

Patrick:  ”It won’t actually integrate into my system. I don’t actually have enough time to start running a campaign tomorrow. I’m just not ready for this.”

Nathan:  Yep, exactly, and it was, “Well, it would be a lot of work to switch away from my existing tool.” I started to get real feedback and the people that I was dead certain would pre‑order, never did and they still don’t use the tool today. Luckily for me, a bunch of other people did pre‑order it and so I got validation from other sources. But just one of the most critical lessons that I learned this year is that you don’t get real feedback unless you ask for money.

Patrick:  Yep and you don’t even necessarily need to be able to physically take the money, but actually asking for it is important. One thing that Jason Cohen did, which I did before, my validation for the Appointment Reminder market. I went to the Gold Coast/Magnificent Mile area of Chicago, which is an area that I happen to know has lots of high end retail. At the time I thought Appointment Reminder would largely be sold to massage therapists and salons and things like that. They’re thick on the ground over there.

I took out $400 from an ATM and would just go in to every salon, every massage therapy practice, ask if the person behind the counter was the owner. If yes, ask if they accepted walk‑ins. If yes, say, “OK, I would like to get your 30‑minute service, but I don’t want to actually have the service. I’ll pay you for the 30 minutes and I just want to talk about the industry for a little bit because I’m interested in it.”

Then we would have discussions about what their scheduling practices were like and what sort of software they used. Most of them were on pen and paper. Did they do reminder calls? What was their no show rate? What percentage of their business was recurring appointments? Yadda yadda yadda.

At the end of this I would demo the two page demo application I had for Appointment Reminder and said, “This will be available eventually. Is it something you’re interested in to solve this no show problem that we’ve established that you’re having?”

If they said, “Yes,” I would literally ask, “Can I put you down for the first month of it at…?” I picked a number. For most of it was 30 bucks. The pricing still is today, on the low end.

A bunch of them said, “Yes” and then I would follow up with, “Can I get a check for it?” That can you get a check question changes the conversation quite a bit, like you’ve noticed.

By the way, when you’re doing pricing, pricing is generally not something you should ask customers for, in my experience. That’s something you should announce to them and get the up‑vote or down‑vote on it. I think you would’ve had better results if you had said, “It’s going to cost a hundred dollars. Is it worth at least a hundred dollars for you?” Rather than pick a number without any sort of anchor attached to it. Because…

Nathan:  Yeah, I think that’s true.

Patrick:  If you went in to my consulting clients and said, “What’s the value of a lead for you guys?” “Twenty thousand dollars.” “OK, it’s going to cost a thousand dollars. Assuming it generates a lead every month, is the thousand dollars worth it for you?” They’d be like, “Um…” Scratch, scratch, “Yes.” And you’d have a different pricing structure than you do currently and a few people paying you quite a bit of money. That’s neither here nor there, I still really love what you’ve done with the business.

Anyhow, well, I think we’ve covered a lot of ground and to avoid boring people with our voice anymore, I’ve kind of cut this short. But we should definitely do another one sometime.

Nathan:  Sounds good.

Patrick:  Alright.

Nathan:  It was a lot of fun.

Patrick:  Yep, thanks so much for sharing your insights with us, Nathan.

For the people who are in my ecosystem, but not in yours yet, the easy entry point for them is nathanbarry.com/launch. Then that will get them on your email list and get them all the wonderful goodness that you give people for free with the obligatory there might, eventually be a sales pitch in there. For the two people who are listening to this but are not on my email list yet, you should be on it: see training.kalzumeus.com. Alright folks, thanks very much for sticking with this podcast through our kind of inconsistent schedule and occasional technical glitches. We’ll be back in a few weeks, so thanks much and see you next time.

 

[Patrick notes:  Still reading?  I've been working this August (and soon to be September -- bah, I always underestimate timelines) on a new project, about conversion optimization for software companies.  As part of the project I've been teaching a brief email mini-course on the subject. People have told me they're getting the 10% increases in conversion rate we've been shooting for.  Click here to sign up.  Totally free, cancel any time, yadda yadda.  There will probably be a more commercial announcement in a few weeks.]

Comments Off

Kalzumeus Podcast 5: Quitting Consulting Via Productization

Keith Perhac and I are back with the 5th epsiode of the Kalzumeus podcast.

Keith and I both have experience working as consultants in software development and online marketing.  People often ask us how to transition away from the feast-or-famine nature of freelancing, where you do very well when you’re delivering engagements and getting them paid quickly, and then do very poorly when work dries up or you have invoice collection issues.  One way to improve on this is building recurring revenue for your consultancy, via products.  A lot of folks think that the only way to do this is spinning a SaaS out of your consultancy.  While I have an abiding love for SaaS, building SaaS businesses takes a metric truckload of time and largely is not a good option if you have e.g. a personal burn rate of $6,000 which you need to cover next month.

Happily, there are many ways to productize your relationships with customers or your expertise as a consultant.

[Patrick notes: The transcript below has my commentary inserted like this, as usual.]

What you’ll learn in this podcast:

  • Why I wound down my consulting business recently, even though it was pretty successful
  • How to sell consulting clients retainer agreements, long term support contracts, and software licenses to become less dependent on revenue from new engagements
  • How “productized consulting” (it’s like infoproducts, except with a less obnoxious name) can make tapering down consulting viable for people who need predictable revenue
  • Examples of non-software products that technically-oriented folks could be creating
  • How Keith and I have applied content marketing (God, another word I hate) and effective use of email to sell these sorts of products
  • Our advice on pricing/packaging, and a few pointers at successful implementations of it to copy liberally be inspired by

If You Want To Listen To It

MP3 Download (~75 minutes, ~68MB) : Right-click here and click Save As.

Podcast format: either subscribe to http://www.kalzumeus.com/category/podcasts/feed in your podcast reader of choice or you can search for Kalzumeus Podcast in the iTunes Store.

Transcript: Quitting Consulting Via Productization

Patrick McKenzie:  Hideho everybody and thanks for tuning into, what is this, the fifth episode of the Kalzumeus Podcast. I’m Patrick McKenzie, better known as Patio11 on the Internets and I’m here with my co‑host Keith Perhac.

Keith Perhac:  Hi, I’m Keith Perhac, not known on the Internet.

Patrick:  Yeah, it’s been an absurd amount of months since we did the last version of the podcast together. What’s new and exciting with you, Keith?

Keith:  Oh my God, so much. I have a new daughter, which is fun, takes a ton of time out of my life but the main thing that I’ve been working on, non‑family related, is new productization. I’m sure you have a lot to talk about that, as well. I’ve been doing consulting about two years now, going on three. It’s gotten to the point where I want to start that whole productization thing. I think that’s what we’re going to talk about today.

Patrick:  Yeah, I think we’re going to be floundering around a little bit, as always, but largely people have been talking to us. Both folks who want to start consulting, and we’ve covered that topic before I feel, but also folks who feel like they’re stuck in the freelancer/consultant treadmill and want to get off it and start a product business based on that.

Keith:  Exactly.

I Quit Consulting.  Here’s The Expurgated Version Of Why.

Patrick:  We’re addressing that this time. Let’s see. I quit consulting recently.

Keith:  Congratulations.

Patrick:  That isn’t very public on the Internet, but it’s out there now, I guess. A brief background if you haven’t tuned into the other podcasts, since about April 2010‑ish, I’ve done occasional consulting for largely business‑to‑business software‑as‑a‑service firms. At the end of it, it was typically more successful firms in the industry that were doing between $10 and $50 million a year in revenue. I largely did my shtick for them. If you’ve been following me around the Internet, you know I love A/B testing, conversion optimization, pricing and vice, running email campaigns, yadda, yadda, yadda. Basically, if you boil it down to a business card that was tweet sized: “I make money for software companies.” I did that for a while. It was often fun. Unfortunately, I got to the point where there was not much of a future for it.

That isn’t actually true. There was a future for it, but it wasn’t a future that I wanted for myself. For example, at the end of last year, I was routinely bringing business from the Fog Creeks of the world, very successful companies that had a certain amount of scale. The step up from doing fairly motivational things for them at their levels of scale was to go into the Fortune 500 because there were other people who could continue to generate the growth in my weekly rates that I wanted or provide exciting new challenges.

I had an engagement at the Fortune 500 almost happen at the start of this year.  Obviously, I’m NDAed because the Fortune 500 company’s legal department is better funded than the Axis of Evil and twice as nasty.

My experience with the Fortune 500 company didn’t work out so well.

After that didn’t work out so well, it had collapsed in such a way to take out months of my consulting pipeline. [Patrick notes: When established clients or new prospects came to me and said "Do you have any availability in $TIMEFRAME?", I kept saying "I'm sorry, but I believe a large client will have 100% of my availability for the forseeable future."  Then I'd pass them to other consultants.]  I was thinking, “Do I really want to start rebuilding the consulting pipeline?” Which just means getting other engagements on the calendar, prospecting and talking to people who could potentially be good fits and whatnot, with an idea of starting to do more engagements starting in, say, August for delivery. Then having to pretty much pound the ground every week from August to December to make my numbers for the year work out.

Was there a reason to do that?  I took a look at the growth in my product businesses.

Every year for the last two, I’ve said “This is going to be the year where I actually work on Appointment Reminder in a consistent manner.”   And every year it gets neglected.  Appointment Reminder really deserves my attention (both in terms of “it deserves to have a fair shake” and “look at the revenue graph now extrapolate where that would be if you treated that like it mattered”).  I’ve just decided to quietly wind down the consulting business and focus more on my own stuff, which has been working out pretty well. I probably have done more coding on Appointment Reminder in the last month, month and a half, than I have in the previous two years. That’s fun.

Keith:  That’s something that I think a lot of people don’t realize when they get into the consulting or the freelancing gig. Especially I thought when I quit my job and started freelancing, I was like, “This is great. I’m going to be doing interesting programming and development work 80 percent of my time.” [laughter]

Keith:  That is the biggest lie ever. Now, I do still do a lot of development, less so now, but 90 percent of my time, honestly, is overhead. It’s finding new clients, like you said, setting up that funnel for your consulting business. Who is going to come in? Scheduling that all, getting contracts signed, getting contracts done, talking with customers, talking about what you’re going to do. Then you actually only spend a week or two weeks, depending on the contract, doing it. The rest is all overhead.

Patrick:  This is particularly true when you move from a solo consultancy into a firm model, like Keith has. I think, Keith, you are the principal at the firm. You have a bunch of contractors who occasionally work with you.

Keith:  Correct. It’s actually I say that I do a little development. I do much less development now because I do mainly the planning work. It’s like, “We have to meet these target numbers, so we are going to do A, B, C and D.” Then I work with my devs and it’s like, “Hey, let’s accomplish this with one, two and three.” Then in 90 percent of the cases, they’re the ones that are actually coding.

Patrick:  We talked about this in our earlier podcast with Brennan Dunn and company. In the solo consultant model, you’re typically doing pretty well if you can actually bill 75 percent of your time, so 75 percent of the time is actually billing engagements. The other 25 percent of the time is overhead, prospecting for new engagements, taking your vacations, yadda, yadda, yadda. When you move into a model where you’re no longer the sole partner and you have to manage people, typically your billing efficiency drops in drops until the 50 percent region or less as your firm scales up. Then the remaining 50 percent is unbilled time where you are more managing your people or continuing to rain make, get the new engagements, do the prospecting, deal with the administrivia such that your team is able to sustain a 75 percent‑plus billing efficiency.

That’s one reason why when people switch from a solo consultant to having a team, their income actually typically goes down for the first while until they have enough people under them such that the…what’s the word, leverage? Yeah, the leverage works out to more than replace their higher prior rate.

Keith:  Correct.

Patrick:  Anyhow, that’s where our consulting businesses are at, and we frequently hear from other people when we’re going to conferences and whatnot or just reading our inboxes. They similarly have a certain amount of success doing the consulting dance. The word burnout is used very frequently. Consulting, I don’t know if higher stress is the right word, but there is less stability than involved in W‑2 employment, where you just have one boss that you need to keep happy. You often don’t know where next month’s paycheck is going to come from. This sort of thing motivates a lot of people to find something that’s a little more stable for themselves.

Keith:  There’s also a lot of more concentrated work in consulting. Where if you’re, like you say, a W‑2 employee and you have a project, you’re there eight hours, maybe ten hours, depending on where you work, a day. You don’t have that huge rush. For consulting, you line up and spend your time rainmaking, getting the consultants lined up. Then it’s a week of solid work or two weeks of solid work, where you’re not doing anything, except these projects. You don’t have any downtime for meetings. You don’t have really time to just screw around because you have a deadline. You have your milestones that you have to accomplish and you have a very limited amount of time to do it.

Patrick:  Right. One of the reasons consultants can justify our crazy weekly rates is that typically we parachute into the project and just grind it out. Whereas with a W‑2 employee: every business has a cycle associated with it. Sometimes you have your busier periods and sometimes you have periods with a little more slack in them. You can have slack in a consulting engagement. That happens, but typically it’s a result of at least one of the parties not being on the ball. It doesn’t happen quite so often. You will typically spend fairly little time when you’re billing out at $200‑plus an hour reading Reddit.  Well, one would hope.

Keith:  [laughs] One would hope, yeah. I actually had a client (NDAed) who told me after the week was over that I had accomplished more in three days than they had accomplished in six months. He was like, “How do you do it?” I’m just like, “Honestly, because I don’t have to deal with your meetings every day, I don’t have to deal with any fires that come up. If someone says, ‘Oh, someone hacked the server, A and B’s privacy policy isn’t correct,’ I don’t have to drop everything and deal with that. All I have to do is concentrate 100 percent on the milestones in our engagement.” That gives a lot of freedom to just be really creative and be really, really productive.

I’m in the middle of a couple of engagements right now that are much more freeform. They’re mainly for friends, or friends of friends. [Patrick notes: Uh oh.] It’s not a, “Here’s a week of my time.” It’s, “We’ll do about eight, ten hours a week.”

What I’ve actually found is that it’s much harder to do that. It’s much harder to have that ramp‑up and to ramp down and to balance it between my other clients. I would actually highly recommend, and you’ve recommended this to me before, to definitely not do hourly, but not even do daily. Get your contracts as a weekly rate. Block off the time and say this is what we’re going to do in this amount of time. Otherwise, things just sprawl. They really just sprawl out of control.

Patrick:  I also think that it’s generally an anti‑pattern if you have any serious work scheduled for part of your time and then have friends’ or friends of friends’ engagements. You and I are friends. Occasionally we do work together, but it’s difficult to maintain the correct level of professional distance with friends.

Keith:  Definitely.

Patrick:  It’s also difficult to schedule them against the rest of your business if, for example, the rest of your business is actually charging meaningful rates. Then you have a grandfathered rate with a friend where you’re charging what you were charging when you were stupid and just out of college. Not that you were stupid or just out of college when you started your consultancy.

Keith:  [laughs] I was not out of college. I will not say anything about the being stupid when I first started. I think we’re all a bit stupid when we first start consulting.

Patrick:  This is true. That’s one reason why, and this is a little widely ranging, people very rarely stick with their initial set of clients. Partly because your business grows and it’s difficult for all client relationships to grow with you. There were clients that I really, really loved working with that started working with me in my first year of consulting. My rate went up from, I think it was $100 an hour, when I started. By the tail end of the career, I was putting out engagements that had $30,000 a week or $50,000 a week on the estimate and winning them. Not all clients made that jump, to put it mildly.

Keith:  I’m actually in that same position right now. I’m working with a lot of clients. I’m starting to have to phase out some of my older clients, because they are still at the, “Oh yeah, a week of Keith’s time is worth $1,500.” It’s just not anymore.

Patrick:  Yeah. Let’s see. We were talking about why people would want to quit and move to more of the perceived security and control that they get from running a product business, where they are both able to confidently predict that they’ll have enough money to pay the rent next month, even if the pipeline doesn’t work out at 100 percent or if their cash flow management with the existing consultant clients doesn’t work out at 100 percent. For example, there was a thread on Hacker News recently, where somebody had been doing six weeks of consulting for a particular client. There was a $10,000 check that was floating out somewhere. He really needed that $10,000 check. The first way to never get screwed about a $10,000 check is to not really need it.

But, if you’re in that position and the $10,000 will make a meaningful difference to you or your family, that can be a very difficult thing to have to juggle every month versus say having the typical SaaS model, where you might be getting the same $10,000, but it’s split between 40 accounts at $250 each. Any one client deciding to be a screwball with regard to paying their invoice doesn’t necessarily give you the risk of homelessness.

Keith:  Right. It also ties you to your client. If you have a large client that’s paying you 10K a month or 20K a month or whatever in a retainer function, then losing that client hurts you a lot more than if you have maybe 200 customers for your product, paying you $50 or $100 a month. Losing any one of those customers or two of those customers is not going to hurt you as much as losing that one big client.

Patrick:  I think Brennan Dunn had a great line in his podcast recently. He said, “If you are a W‑2 employee, you have one boss. If you move into consulting and have three clients, who are each responsible for about one third of your billing, you now have three bosses.” Each of them is independently capable of getting peeved off at you and independently capable of having a material impact on your standard of living, where if you move up to having 300 clients you no longer have bosses. You have people whose business you can take or leave.

Keith:  It’s in a good way, in a good way, not in a, “Screw you customers, go home.” kind of way. I find that you are more free to be creative and be engaged with the customer, when you are not beholden to them.

Patrick:  I think that’s totally true.  [Patrick notes: This sounds like a theme of 37signals work.]

Keith:  When you are 100 percent in that person’s debt, you’re much less likely to stick your head out and fight for what you believe in, because you’re not willing to rock the boat.

Patrick:  Mm‑hmm, right, not just fight for what you believe in, but also fight for the best possible outcome for the customer. Sometimes what customers need and what they want are not exactly the same thing. Giving them what they want is typically the best way to preserve the relationship. Sometimes, as consultants, you might be incentivized to do things, which you know, in your professional opinion, are not quite the best idea for them, but which are the easiest things that you could possibly sell them. For example…

Keith:  That’s a hard example to come up with. [laughs]

Patrick:  That’s a hard example to come up with, because we don’t want any past client thinking “Oh wait, that was our engagement!” [Patrick notes: Wry humor.  My clients were, of course, uniformly geniuses.]

Patrick:  You can imagine that there are clients out there and let’s say you do web design. You know that certain things convert better than other things. But the design has to get signed off not just by your point of client contact at the company, but their boss as well. A certain way of designing the page might have a little more visual flair to it and makes it easier for their boss to sign off on it, where that would negatively influence their convergence. You know ultimately that they are not in the business to have a beautiful website. They are in the business to make shedloads of money selling their product to customers, who will be happy to use it. But, because you need to continue that relationship, you might be perversely incentivized to give them the design that their boss will like, rather than the design that will convince their customers to get into more business with them.

Keith:  I actually had a customer I can talk about. He loved music on his top page, for some unknown reason.

Patrick:  Oh God.

Keith:  I know. It was a real estate agency.

Patrick:  Oh God.

Keith:  They insisted on putting it on. I was like, “This will drop your conversions. People will run screaming from the page.” The owner of the company told me, “I’ve been doing this web thing for five years. I know what’s going on.” I’m thinking to myself, “I’ve been doing it for 15, but whatever.” Anyway, at that point, we had Google Analytics and the numbers showed that the bounce rate went from something like 30 percent to 80 percent. People just ran screaming from the page. Nothing would convince him otherwise, nothing.

Patrick:  I’ve got to ask. I have a funny feeling what the answer is… Keith, is this one of your American clients or is this one of your Japanese clients?

Keith:  [laughs] No. This was a Japanese client, who I dropped like a hot rock.

Patrick:  I am shocked, shocked to hear this.

Keith:  [laughs] Yeah, no. I would also drop an American client who said that to me as well. But I have had much better luck with my American clients. For everyone, who is just now tuning in, Patrick has been telling me to drop my Japanese clients like a hot rock for quite some time.  [Patrick notes: Not because they're Japanese, just because Keith's conveniently available cross-section of the Japanese market has been uniformly pathological.]

Patrick:  Right. Don’t get me wrong. There exist large classes of people, who you should never, ever work for in America. But you typically don’t get to the top tiers of successful tech companies by being a client you could never, ever work for, whereas that is very, very common in Japan, especially in our neck of the woods. Just empirically, in Keith’s and my businesses, it has been the reproducible problem that working with Japanese corporations has not been nearly as successful as working with American clients. They typically have a much lower peg for the amount they are willing to pay engineers or people who kind of look like engineers. Keith and I don’t really look like engineers in Japan, but, be that as it may…

Keith:  I would just say tech people.

Patrick:  Right, tech people.

Keith:  Anything that deals with technology, like that whole Internet thing.

Patrick:  Right, that whole Internet thing. That whole Internet thing should cost $3,000 a month in Japan, for the fully loaded cost of an engineer [Patrick notes: Hmm, a little low -- $4,000 fully loaded, probably], whereas, in America, it’s closer to $20,000. If you ask for a “ridiculously high rates” like the equivalent of say $60 an hour, your Japanese clients will balk and balk hard at that, whereas a $200 an hour rate or let’s say a $100 an hour rate in America is the number that you would get for just putting out your shingle as a new consultant, who knows how to do in demand technology stack, even if you’re not sophisticated about bringing business value with that technology stack.

Keith:  Right.

Patrick:  By the way, a lot of people ask, “Hey, I’m a freelancer and I don’t charge $100 an hour. How do I get to the point where I can charge $100 an hour?” The answer is often just stop taking engagements at less than $100 an hour, because you are in demand at the moment.  [Patrick notes: For the most actionable business advice packed into the fewest words, see this post by Thomas Ptacek.]

Keith:  Right. I think there is a difference in that you have to position yourself better. This is kind of getting off topic, so I want to close this thread as soon as we finish this. You have to position yourself in a way that the $100 an hour is palatable to the person. You can’t just say, “Oh yeah. I’ll code up your web page for $100 an hour.” That’s probably not going to fly.

Patrick:  Right.

Keith:  Although lately rates have gotten so high that it may fly in some cases. But, if you position yourself, even if you are just coding up a web page for $100 an hour, if you position yourself in such a way that it shows that you are producing value to the business, and that is the biggest thing that you will deal with. This is something we are going to talk about with productization with B2B over B2C. If you are producing actionable results and business results to a company, they are willing to pay whatever. I’m looking for a new accountant here in Japan right now. One of the things I’ve been talking about is accountancy rates, because they go from almost nothing to ungodly expensive. I’ve been very clear. Anyone who can save me, in my taxes, more than I am paying them, I’m happy to pay that.

Patrick:  Right. There is no rate too high.

Keith:  Right, exactly. If I pay you $10,000 a year and you’re saving me $15,000 a year, I’m making $5,000. I’m very happy with that. That’s getting off topic.

Patrick:  That’s totally true. We’ve covered that topic in previous podcasts before.

Keith:  Yeah.

Patrick:  Let’s go into the models that people can use, both when they are still consulting, to do a soft transition to productization and then the harder transition later.

Keith:  Right.

Patrick:  Let’s see. One semi‑productization model for consulting is to just get your clients from the point where you are doing individual engagements and no money comes into the company without a new engagement being proposed, a new statement of work getting issued and a new contract negotiation, to the point where you’re getting money on a recurring basis from them.

Keith:  Right.

Patrick:  One model for that is called the retainer agreement. Keith, I think you have more on the ground experience with this than I do, because I was stupid and never got retainer agreements.

Keith:  [laughs]

Patrick:  Why don’t you describe how you set that up with a typical company?

Keith:  OK. For the first year of consulting, I never had any retainer agreements. They are also hard to do in Japan, another reason why you should not do consulting in Japan. [Patrick notes: Keith is talking about getting clients to agree to them, rather than they being legally problematic or anything.] But, eventually what it comes down to is that it is… after finishing an engagement, it behooves the company to have someone who understands what’s going on behind the scenes with the engagement. If you’re doing an A/B testing engagement, someone who knows the numbers can measure the impact and can essentially take the time every month to iterate, and that’s a great word for startups and it’s really true, iterate on the engagement. If I spend a week creating new landing pages, a new content management strategy for people to increase their SEO, and a new lifecycle email, that’s great. They have created that. But who is going to do the reporting? Who’s going to do the new iterations of that every month? If that’s something that they are willing to do in‑house, that’s great.

But most of the time, when you have hired a consultant, there’s two reasons.

One is you don’t know how to do it yourself. The other is you don’t have the time to do it yourself. That’s a very big one. Even if there are very smart people in your company, they are involved with company things. Like we were saying earlier, someone, who is only focused on tasks A, B and C is much more effective with getting those tasks done. [Patrick notes: One of the hardest problems across clients in my consulting career was convincing the client that they needed to re-task one employee to implement my bag of tricks on an ongoing basis.  A lot explicitly asked me to join the company to do that.  Stupidly I did not have a back-up offer after politely declining, like a retainer agreement for ~3 days a month.]

Having someone every month, not at the full rate…let’s say you charge, for example, $10,000 a week…not someone, who is going to charge you $10,000 every week, but someone who might charge $3,000 or $5,000 a month to come in maybe a day or so, maybe 10 or 20 hours, and put together a report, come up with some new test ideas, approach them to the company and implement them.

Patrick:  Right. This isn’t just a great thing for the consultants. It’s actually a great thing for the company. This both has the perception and the reality of decreasing project risk. You won’t believe how many projects I worked on, where they were a success as of the day I handed them off to the company, but then, for internal focus reasons or whatnot, they just didn’t get somebody to do the feed and watering of the new infant and then the infant died.

Keith:  Right.

Patrick:  For example, they want to protect their investment of say $20,000 in setting up the A/B testing system or getting them running. But they might just not have enough bandwidth internally to make that somebody’s job or they might assign it to a particular engineer and then that engineer gets busy with other priorities in the company and then that one is easy to drop, because it wasn’t his baby. Given that it was your baby originally, just telling people that you can be on top of that for them and that, as a result, it’s going to continue being successful and the engagement won’t get wasted, is a massive value‑add.

Keith:  Right.

Patrick:  It can be the natural continuation of the thing that you did for them. For example, if you’re starting with A/B testing, then obviously continuing to review A/B testing results every month and then sending them a report saying, “Here’s how much money we’ve made in the last month. I have tested these new three things this month. These two got a null result. They failed to create any meaningful value for the business. This last one increased your sales by five percent. Congratulations. BTW, invoice due as usual.” is a big win for them. The consultant reason for doing that is, he amount of time it takes you to implement three new A/B tests, is probably going to be pretty piddling relative to the amount of time it took to win and deliver the engagement in the first place. But you can conceivably get strong amounts of ongoing value for the customer from doing that. Then charge them relative to the strong amounts of ongoing value rather than the marginal amounts of additional work required.  This allows you to crush many conceivable hourly rates.

Keith:  Right. Because you’re charging for an ongoing service and you are charging for an ongoing service that is part creative and part administrative, this is something that is also very good for working within the consultancy. If you’re not a one‑man consultancy, what you do is you have the person or administrator who worked with you, you say, “We have clients A, B, C and D. Please write up the reports for them.” They know how to get the reports. They give you the reports. You look at them. You say, “OK. These are not performing well. These are performing well. We are going to change these A, B, C and D. You go in and change them,” you say, “and then we’ll send the email.”

Patrick:  Right. Typically, in a multi‑person consultancy, you have the A team or the partners winning the engagements. Then you might often have delivery of the engagements being handled by people that have been trained by the A team or the partners, but they’re not necessarily at that level themselves.  [Patrick notes: This is called "leverage" and it is the fundamental economic engine of multiperson consultancies.  Like they say on The Wire: "Buy for $1, sell for $2."]

Keith:  Right.

Patrick:  That is particularly well‑suited to retainer work, because, given that you have created a list of 15 things to try on say on the customer’s home page, actually implementing that within the visual website optimizer, which has already been set up, does not require the partners’ personal attention. They’ve already dictated most of the creative thing. It just needs somebody to actually go in, do the button clicking and then generate a report and send it to the right people at the right time every month.

Keith:  Right. I’ve had a couple of clients balk at this idea. “I’m paying you to do the work, aren’t I?” It’s taking my time from being creative, from coming up with the ideas, from working on ideas and strategies for the company, in order to write the emails or to pull a report. Depending on the report, that can take three to five hours, so that’s three to five hours that I’m spending crunching numbers instead of looking at the report and figuring out what needs to be done. It’s not value added work.

Patrick:  Right. People, who can generate SQL queries or, in pathological cases, people who are capable of downloading Excel spreadsheets and then copy/pasting the numbers into a PowerPoint are probably quite a bit cheaper and just as effective as the founder would be in doing that same amount of grunt work.

Keith:  Right. But someone, who can look at that PowerPoint and say, “Oh crap, here are the trends that we need to fix now” is a much, much different value proposition.

Patrick:  Right, right. It’s making sure that PowerPoint actually gets looked at as opposed to being left on a server somewhere, with no one being assigned to actually look and act on it every month.

Keith:  Correct.

Patrick:  Retainer agreements would have been absolutely transformatively good for my consulting business. Obviously the consulting business was always a part‑time thing for me. I never did more than about 20 percent of my time on it in a year, about 10 weeks of consulting. Say I had 15 consulting clients. I think out of the 15, probably 10 of them would have received enough value in the engagements that they would have happily signed off on having me continuing to keep an eye on things for them over time. Even assuming a fraction of my weekly rate, as the monthly rate for the  retainer agreement, that would probably have had a baseline value for the consultancy of upwards of $20,000 to $30,000 a month in billings. If that had happened, and hypothetically that happened and my consultancy still had the same problem this year with regards to the pipeline going forward, it probably wouldn’t have killed it, because it would be still very worth the time to continue servicing those clients and then build up the forward‑looking pipeline.

But, given that I did not have that, it didn’t have enough residual value for me to justify keeping it around. It’s no skin off my nose, because I have other products in the mix. But if consulting was my primary form of income or my sole source of income, then I would honestly be in quite a pickle at the moment, because I’d be essentially unemployed or unemployed until August.

Keith:  Right.

Patrick:  Then I’d probably be doing things like banging down the bushes to get engagements and not have the amount of pickiness that I can typically generate, typically exercise, with regards to finding engagements, finding a client that I can really do good work for and who is willing to pay the prevailing rate.

Keith:  Right.

Patrick:  Anyhow, other things that you can sell to clients besides retainer agreements?

Keith:  Let’s go into source code or licenses rather, because that’s a really simple one that’s an easy push, from consulting or development work.

Long-term Support As Productized Consulting

Patrick:  OK, then let’s talk about that. A great example of this, by the way, is, if you look at railslts.com, there’s something I suggested a few months ago. I’m still on Rails 2.3. If you’ve been following my blog, you know Rails 2.3 has had some severe security issues in the last six months. It’s also at the end‑of‑life for the product, which means the open source team that supports Rails, Rails core, doesn’t want anything to do with Rails 2.3 anymore. It’s like, if you find a security bug in it, good luck. They don’t want to be in charge of writing patches or managing releases for it anymore. I said that basically any consultancy,which does a significant amount of Rails development and has a lot of clients on 2.3, could get a significant line of business by supporting it in a commercial fashion.

What does that mean? They do the work they are already doing. If a vulnerability is discovered for 2.3, write the patch. Do the work to release the gem for it. But then charge on an ongoing basis for guaranteed access to those gem, to those security releases, in a particular guaranteed timeframe.

Actually, I urgently needed to buy this for my business, because I use Rails 2.3 in Appointment Reminder, which has hospitals as customers. I can’t just tell hospitals, “Yeah, I’m using an old unpatched version of Rails on my server. This technically means that your patient information could be rooted at any time.”

That’s not a very effective sales pitch. [Patrick notes: To say nothing about what Health and Human Services would say if I had a HIPAA-reportable data breach.] I needed to move to a supported version. I talked around with a few people. I found a consultancy called Makandra in Germany. They have a dozen people working for them and they have 50 clients, who are currently on Rails 2.3.

We hammered it out in a way such that I paid them a guaranteed amount of money per year, $10,000 actually. It’s a fair chunk of change, but cheap relative to hiring Rails programmers. They guarantee that, within 24 hours of having a severe vulnerability released for Rails, that they will write a patch for it and incorporate it into their privately distributed fork of Rails 2.3.

Keith:  Here is the difference between this and what we were talking about earlier with the retainer contract. They are not going to patch your software.

Patrick:  Right. They’re not going to patch my software. They didn’t write my software. All they’re doing is taking an extraction from stuff that they have written for other people and selling it to me as a product that I can just basically buy with my credit card.

Keith:  Right.

Patrick:  I think I get something like three hours of guaranteed integration support with it. But it’s not one of their partners will be individually discussing with me about this. It exists. I have access to it. I can buy that. Similarly, you can go to railslts.com and buy that, without having to go through the whole dance of writing a proposal, getting a master services agreement and a statement of work written to wire transfer this over to Germany. It’s just something you can buy on a SaaS model basically.

Keith:  Right. There are two things I want to say about this. First of all, they are not a sponsor. We just love them. [laughs]

Patrick:  Yeah. They are the opposite of a sponsor. They sponsored us for negative $10,000.

Keith:  [laughs]

Patrick:  Ow. By the way, that is the single largest check I have ever written for my business.  [Patrick notes: Good thing I don't have full-time employees, or it would be called "payroll" and be due every two weeks.] I was thrilled to write it, because it means I will not be locked up for losing patient information.

Keith:  Yeah. Yeah. I actually will talk about the big check that I am writing tomorrow in fact. I’ll talk about it in a minute. But what I do want to say on this is that people will think, “They created a product and they are selling it. What’s the difference between that and a productization?” This isn’t a product they created. This is something that they have to do for their day‑to‑day existence as a consulting agency. They are a development consulting agency. They have a lot of clients that they support on this recurring revenue, on these retainer type things, so they have to do the work anyway.

What they are doing is the work that they’ve done overall they’re then reselling.

Selling Licenses To Pre-Written Software To Your Consulting Clients

Keith: I do something very similar to this. I’ve been doing consulting on info products for about two years now. I do a lot of work with things like AWeber, InfusionSoft, OneShoppingCart, all these great or not so great systems, I won’t say which is which, that need coercing.

They don’t work exactly how the customers want. The customers generally want different functions out of them. I have essentially my toolbox. Any one of these can be a licensable piece of software for a client. Not in a SaaS model, because that requires a user interface a lot of the time.

It’s something that I can go to a client and say, “Hey, you know you want to run a contest that interfaces with AWeber and tweets people on their iPhone, when they’re sleeping, etc. I have a great piece of software that does that. We can work out some sort of licensing agreement in addition to the consulting. We do the consulting engagement. We get it all set up, in addition to other stuff. In order to keep using that software, you pay a recurring fee of X.

Patrick:  Or even, depending on the difficulty of the tool, it could be a one‑time downloadable thing with a one‑time license fee.

Keith:  Right, exactly.

Patrick:  There is a great example in the Rails world, about somebody who developed basically a skeleton, bare‑bones app between Rails with the SaaS charging model in place, which obviously a lot of people want to do. It is at RailsKits.com.  You can pay $300 for that and get all of the stupid crafty work of taking credit cards done for you. I happen to know that was greatly successful for his company. That was basically an extraction out of, “Oh God, I’ve written the same code 10 times for 10 different consulting clients, with very slight variations between them.” Given that all the value for the engagement comes for what we layer on top of that code, we could extract that basic user model and the subscribe/unsubscribe pages for the application, extract that, put it into a git  repository somewhere that could be conveniently consumed by people outside the company and then charge for access to that.

Keith:  Exactly.

Patrick:  By the way, that convenient consumption is very important. There are a lot of things that are good enough to do internally, given that it’s only going to be you and people that you know who have used it, which are not good enough to be used externally.

I do a small bit of angel investing. I recently invested in a company called BinPress, which is basically trying to do a dual licensing model for open source projects. If you’ll let me give a little plug for them here: the dual license model for open source is you have one license, which is very permissive, such as GPL or MIT. It’s typically GPL, because GPL plays better with it. You allow anybody to use it. Then you have a different license, which you sell to people, which lets them use the same source code in a less restrictive manner.

For example, the big thing with GPL licenses is, if code is GPL licensed, it is viral and it infects the rest of the application. You can’t have GPL code within an application which is sold on the iPhone App Store, for example. Apple, just blanket, does not allow you to do that.

For example, if you happen to be a mobile developer and you open source any code, if you GPL it, you can sell anyone who actually wants to use it in an application that is put on the App Store, a license that basically un‑GPLs it, with respect to them in particular. It’s a license to distribute it on the Apple App Store.  It doesn’t give them the right to the code. It doesn’t let them sell that code to other people.

They get to see the code. They get to use the code. They get to embed the code in their products on the App Store. But that’s the extent of it. (That was actually a fairly common license for software developers, prior to open source becoming such a big model.)

RedHat also uses a similar variant on that, where you can use the RedHat distribution for free, but there are additional dual license tools and whatnot that you can buy from them. I think they do that. Anyhow, binpress.com makes it easy to facilitate that transaction between people. That’s not a transaction that you have to make in a low-touch model, like buying straight from a website.  (That’s, of course, an option, but then you have to find distribution for it.  cough Binpress cough)

You can just offer that to consulting clients of yours, where, “Rather than paying me two weeks to write something for you from scratch and then you getting the rights to it, under a work for hire arrangement, there is some pre‑existing code I happen to have around that already does this. For a one‑time payment of $1,000, I will write you a two sentence email, which allows you to use it in your product. But you don’t retain rights to the code. I retain rights to the code.”

Keith:  That’s the big one. I’m actually talking with clients now that are like, “Yes, we want to use the code. But we also want to resell it.” That’s where things get really into the sticky situation.

Patrick:  That’s why you should charge them at least 10 times as much, if not more.

Keith:  Exactly, exactly. This is something you need to be careful with, especially if you’re doing dev work as consulting. What is owned by who? I was saying earlier that I write code for interfacing with AWeber. Who owns that code? Do you own that code and the client has a license? Does the client own that code and is it a work for hire, in which case, if it is a work for hire, you cannot use that code for another client. There’s a lot of things that you need to be careful with that I’m looking at that are way out of the scope of this podcast.

Patrick:  Check with your lawyer. If you need to know about this, by default, you will probably be writing things under work for hire. Definitely get a lawyer to look over your standard MSA, master service agreement, which clarifies the assignment of intellectual property. The most consultant‑beneficial thing you could do is to give clients a limited, non‑exclusive license to the code that you write for them, but that doesn’t assign the ownership of it to them. Many clients will push back against that. That’s basically a nonstarter at some larger clients, which will be forcing you to use their MSA and to basically work under work for hire. That’s something where you just have to work out the numbers. Are you charging larger clients enough such that you not getting any capital improvement, as a result of working for them, is a worthwhile thing for you?

Keith:  Right, exactly. You need to keep in mind…and I’ve had a lot of conversations with this. Like Patrick says, get a lawyer. They are worth their weight in gold for things like this. If it is a work for hire and you, for example, have a tool that you’ve been using in the past and you use it for that client, that is no longer your tool.

Patrick:  Right. That can be very, very unfortunate, particularly if that tool is already running on other people’s systems.

Keith:  Exactly.

Patrick:  Oh God, a situation you do not want to be in.

Keith:  Long story short, get a lawyer. [laughs]

Infoproducts: A Word We Hate But A Business Model We Sort Of Like

Patrick:  Anyhow, we were going to talk about info‑products next, right?

Keith:  Yes, I believe so.

Patrick:  Man, that word info‑products, I hate it with a burning passion in my soul.

Keith:  [laughs] I had another description that you hated even more, but I will not say it. I’m not going to rile your anger. [laughs]

Patrick:  OK. The way I always described it is productized consulting, at least in my business, because they were largely outgrowths of the sort of thing that I did for consulting on a routine basis. For example, last October, I released a thing called Hacking Lifecycle emails, which was basically a way to use lifecycle emails and drip marketing campaigns to sell more software for software businesses. It’s obviously a theme that I talk about a lot. That course basically came out of my experience of doing a particular engagement for consulting clients five times and figuring I could continue doing that consulting engagement for five new clients every year or I could distill it into a five‑hour video, teach people how to do it for themselves and then sell it at a fraction of what the price to get me in to do the engagement was.

Keith:  Right, exactly. People will look at this and say, “Oh, but aren’t you just cannibalizing yourself?” You’re taking essentially a $20,000 or $30,000 engagement and you’re compressing it into essentially…I forgot how much you sold it for. Was it $500?

Patrick:  Yeah. It was originally $250 and then $500, after the discount period was over.

Keith:  So you’re essentially cannibalizing your own consulting.

Patrick:  That is the exact opposite of the truth. [laughs]

Keith:  It is, it is. What happens is not only are more people going to get it, but it’s also a gateway drug, in a manner of speaking, because, to be perfectly honest, you do not pull any punches in the video course. You say everything that you do during a consulting engagement with regards to lifecycle emails. You go through every step. You go through everything that you talk about with your clients. The difference is that your clients have not been doing this for three years lifecycle emails. They can get started. They can do a lot with that infoproduct. You can go from zero to quite a bit very quickly. At the same time, it does not hold the same amount of value as hiring Patrick, for example, or hiring you as a consultant to do a week’s worth of work.

Patrick:  Right.

Keith:  That goes back to the conversation we were having earlier. When you have a consultant, they don’t deal with anything but that project.

Patrick:  This is partly a reflection of all clients wanting advice which is exactly specific to their interests. It’s something which Amy Hoy says a lot is that, “If you are starting a new software business, you should probably make it in B2B, because B2B customers are willing to pay a lot more for your software and will have less issues with buying it than B2C customers will.” Amy gets a lot of emails from people saying, “I’m thinking of starting a new business. Should I start it in B2B or B2C?” When she tells them, “You, specifically, Bob, should start it in B2B, because it will allow you to charge a lot more money and have less issues with selling it to customers.” Bob will say, “Wow. Thanks for writing that specific advice to me.”

I often joke that consulting clients really want to buy dramatic blog post ratings as a service.

Keith:  [laughs]

Patrick:  But it definitely seems like they really need to hear, “With respect to your particular business, after looking at all the factors, I will give you the same advice that I give to everybody else, but directly told to you.”

Keith:  Right.

Patrick:  But that’s a risk reducer for a company, because there could be some factor that they’re not aware of that could contravene your advice in the one percent case. They just want to make sure they’re not the one percent case, prior to committing to do something that might be worth six or seven figures to the business.

Keith:  Right, exactly. It’s also a matter of work. I’m having a contractor, right now, redo my yard finally, because it was just overgrown with weeds. He is of the opinion that, “Hey, anyone can do anything.” That’s a great position to be from. For free, he told me essentially what I need to do. He says, “You need to get a backhoe. You need to go here. You need to pour your concrete.” After step three, I’m like, “I understand how to do all this. When am I going to have the time? When am I going to have the inclination to do this? I would rather have you do this for my specific situation.”

Patrick:  The words, “First, you rent a backhoe,” has to be like the, “And then you read two weeks’ worth of free information on the Internet.” of the gardening industry.

Keith:  [laughs]

Patrick:  I had a great line in an email recently. I want to repeat it for everybody, because it’s so true. If clients have internal staff that they could be giving the project to and if the client has to have the internal staff read up on what the information is that they need to start the project and become an expert at the thing that you already have 5+ years of domain expertise in, even if it’s totally free information, they’re going to be writing a $10,000 payroll check with the memo “Reading free information on the Internet.”

Keith:  Right.

Patrick:  Free is not free for them anymore, after it has an actual clock ticking on their employees. That’s a pricing anchor that you can use, both for your consulting services and for infoproducts that put a curation layer on top of the “Wonderful amount of free information that is floating around on the Internet,” if you have the time to search for it and hunt through all the garbage and whatnot.

Keith:  Right. That’s another reason why your infoproduct and other infoproducts in general are so attractive. Yes, I will say, the information that you give on your infoproduct, most of it…I would say maybe 50, 60 percent is available elsewhere on the Internet.

Patrick:  I would say 90%+, if you knew where to look.

Keith:  90? OK, I was being generous. But, if you’re going to say that… [laughs] I think it would take at least three to four months to find it all.

Patrick:  Right. It’s not like I have some über secrets, which I keep from people. If you wanted to, you could probably reproduce most of it from just reading the 350,000 words on my blog, 100,000 words I’ve posted on Hacker News comments and watching approximately 15 hours of conference talks which I’ve given. If you have enough time to do that, mazel tov. You don’t have to pay me any money for anything.

Keith:  Right. But, who has that time? This is something that I think a lot of people miss, before they get into consulting and before they get into real business. When you are an employee, your time to yourself is not that valuable, in many cases, because you have a salary. If you’re sitting there, dicking around on Reddit, if you’re sitting there reading free information on the Internet, you still get paid the same as if you were coding constantly. It’s all a matter of your workload. However, to your employer, that is a very different value proposition.

Patrick:  No employee, anywhere, is free. They are so expensive. People who don’t have employees don’t understand how expensive employees are. I think primarily because people see their own salary and they think the salary is the cost of employing them, whereas employers do the automatic add another 50 to 100 percent to it, because they know that employees cost taxes, benefits, yadda, yadda, yadda, overhead.

Keith:  Space, computers, everything, yeah, free sodas, $10,000 worth of sodas every month. [laughs] My employees drink a lot. [laughs]

Patrick:  Soda, I hate soda as a perk. Soda, as a perk, the message that sends to me is that the company expects you to be a stupid twenty something, who can be convinced to give up tens of thousands of dollars in salary or meaningful amounts of equity in return for lots and lots of free commodity product, which they can purchase for $.60 a can themselves.  [Patrick notes:  And additionally that the company not only does not care about employees' physical health but wants to actively encourage them to compromise it.]

Keith:  Right. [laughs] I hit a sore spot it seems like.

Patrick:  Yeah. OK, let’s make a little less about soda and how tech companies like to screw their young and clueless employees and more on how actually to start from doing info‑products, given that you’re already fairly successful freelancer consultant. What can you make an info‑product about? What’s a good topic for it?

Keith:  Wow. That’s an open‑ended question honestly. If I had the answer, I’d be making a ton of them.

Patrick:  Why don’t we start with particular generalizable tasks, which are needed by a lot of people and that you’ve ended up delivering to a lot of people before?

Keith:  Right.

Patrick:  For example, you’ve said you’ve done lots of work with integrating for various companies that do training as a business, integrating their AWeber and InfusionSoft and yadda, yadda together. Obviously they have API documentation somewhere and that’s something that you could snap together with enough time or with downloading some code to do it for you. But you might be able to produce, for example, a 50 page book on how to integrate X, Y and Z together.

Keith:  Right, exactly. This is one of the problems that, as a domain knowledge expert, you come into. As an expert, you don’t know what other people don’t know. It’s very difficult. This is one of the things. If Patrick was to come to me and say, “What would I do an infoproduct about?” I could give him maybe five or six ideas. But he asked me and I’m like, “I have no idea.” I don’t know what of my knowledge is marketable. I know it, as a consulting style, but not in terms of what I could put in an ebook.

It’s interesting, you mentioned the InfusionSoft. Jermaine Griggs has done just that. He’s been using InfusionSoft pretty much since it started. He has built up a large consultancy just on getting InfusionSoft to perform the way that marketers want. It’s doing very well for him.

No matter what you do, if you have done it over and over again…and what I do, for any client, is have a swipe folder for whenever a client says, “Oh wow, I never would have thought of that. Hey, would it be possible to do this?”

If you have one client saying, “Is this possible?” there’s a chance that other people are saying it is well. This might be something to go back through and look at, when you’re thinking of an info‑product, when you’re thinking of what information you can package up. It’s like here are A, B, C and D, which I think are a 10 minute piece of work, but apparently produced a lot of value to my clients in the past.

Patrick:  Speaking of hitching your star to an existing product or service, many of us have tools, be that a software package or a service that they use, that we really like. Given that the profile for that tool is often larger than our own personal profile, writing the definitive guide on how to use that tool, vis‑à‑vis a particular industry or attempting to do a particular task, can be a very worthwhile way to get started on infoproducts. I don’t do it for consulting clients that often, but I have a legitimate amount of expertise on getting Twilio to work in a production environment, because Appointment Reminder, for example, actually runs in production.  [Patrick notes: To paraphrase Joel Spolsky on using cutting edge technologies, I have "bled all over" using Twilio in pursuit of actual business goals.  Ask me about how you explain answering machine detection to non-technical customers sometime.]

No documentation for a company is ever complete.  I know the missing bits to the Twilio documentation. “After you’ve gotten the quick start, here’s how you get into production without having clients want to break your neck when it’s distributed denial’s of service them.” Or “here’s how to test Twilio applications correctly.”

Keith:  Sorry to break in real quick, but this is something that, for an employer or for someone that wants to use Twilio in a production environment, instead of going through 60 free blogs with information that may or may not be correct or that may be old, or honestly just may be horrible, having it all in one piece of information that is paid…and this is the key. Paid information has a sense of quality about it. It relies on a person selling it to keep that quality, because otherwise, no one is going to buy it. It’s free for someone to post crappy information on the Internet. To get someone to actually be buying your information, it has to be good enough that people are going to buy it, not refund it, and tell their friends.

Patrick:  Right. Just the act of putting a price tag on something increases the perceived value behind it. Again, I’ve done essentially dramatic blog post readings for clients, where they could have read the exact same advice on a blog. In some cases, they had read the identifiable post that I was about to quote them. I just told them that straight to their face. They said, “Wow, we are going to get on that right away.”

Keith:  [laughs]

Patrick:  Yeah, you can look at Twilio and say, “OK. There is no good information on the Internet right now or no good concentrated, curated source of information for how to test a Twilio application, so I’m going to write that book.”

In 2013, even as a fairly accomplished Rails developer, I don’t know how you would go getting someone from the point of, “I have a git repository right now. I want to deploy this Rails application. What is the best practice for that?” Is it to “just use Heroku”? There’s no button on the Internet that says, “Click here to just use Heroku.” It’s a little more difficult. How do you set up a repeatable deploy process for Ruby on Rails? “Just use Capistrano or just use Chef or just use Puppet.” If you wrote the consumable, “Here is a book that you can buy for $75, which is going to save you the next two weeks trying to read blog posts written about Puppet in 2011, which are using command line parameters that don’t currently work anymore,” that would sell decently.

How To Package Products Intelligently

Patrick:  Is that something that you do on a regular basis, you know where the pitfalls are and you know where the pain point is that’s going to drive the developer to look for that, you can certainly package that up. Packaging it up in multiple formats works well. Nathan Barry is totally a genius at this I think. This is a trick that I will be using in my own info‑products in the future. There is a spectrum in how passive and active people want to be with information. The passive approach is just, “I want to buy a book and read it and do all the work myself.”

There is approaches, which are less passive, where the outcome is more guaranteed where, “I don’t want to just buy the book, I want to be able to talk to other people about the implementing the advice in the book or talk to you about implementing the advice in the book.” One level closer to the action or closer to the desired outcome might be, rather than talking to other people directly or hearing advice from you directly with regards to other people, “I want to just get on a phone call with you for an hour and talk about our particular circumstances such that nobody else can hear it.”

That might be a good way to break down three tiers for fundamentally the sale value proposition but three tiers of a product which capture increasing amounts of value from the customers for deliver increasing amounts of value for them, in terms of getting them closer and closer to their goal of getting the application deployed or what have you.

Keith:  Exactly, and that’s a mix of the info product and the consulting package, right? At the lower levels, you’re essentially just selling an ebook and at the higher levels, you’re selling your time, again for consulting. It’s packaged in such a way that it is more repeatable than going out. You don’t have to rainmake for it. It’s work that comes to you instead of work that you have to go out and get.

Patrick:  You don’t even necessarily have to put in your time into the higher‑level packages, by the way. For example, if just the e‑book…If you have the deploying Twilio, or the deploying applications book or whatever, if just the e‑book is the first tier, then you can have a tier that costs twice as much or more for the e‑book plus a git repository of downloadable code samples that they can copy/paste into their own applications and start mangling until it works. Or the e‑book plus your recommended puppet script for getting a bare‑bones Twilio testing environment to put into production, or what have you. Then on top of that, you could have the ebook plus a screencast of you setting up a Twilio application from scratch, plus the Puppet script. Play with the tiers there, but you can have an incredible amount of additional sales driven from customers who are not that price sensitive if you have additional value associated with the more expensive plans.

It gives you an easy, consumable, affordable option at the low end for people who just want to test the waters, and then for the people who have been fans of you for a while, they know you generally produce good work, they have a burning need for this in their organization, it gives them a way to spend more money on you.

Keith:  Right, exactly, exactly.

Patrick:  Nathan Barry has great blog posts (here and here among others) about how he did a three‑tier structure for some of his e‑books like “Designing Web Applications,” which worked out very well. The first tier for just the e‑book was, I think, in the sub $50 region. Then the middle tier was about two times that. The top tier was about five times that. It’s actually something that I heard from the Gumroad folks. Gumroad does fulfillment for info products. They say that A, their most successful merchants do a tiering structure and B, the most successful merchants, be they selling business‑to‑business info products or even things like CDs, generally have a 1X, 2.2X, 5X breakdown into the pricing for the tiers. I don’t think 5X is the ceiling, by the way, especially if you’re getting into a more hybridized consulting offering at the high end.

Keith:  Definitely not.

Patrick:  It’s a start. One of the reasons when I released my first product last year, the email thing, that I didn’t have hybrid structure was because I just didn’t have time to do any sort of delivery in the several months after releasing it.  I thought, “Well OK, I’ll just do a one and done thing, buy it or don’t buy it.” I didn’t have many tiers associated with it. Then I had an idea. “Wait, it’s going to be downloadable and people can watch it at their own speed, but I’ll just put a license on there for corporate use, so that you could download it and share it with your team at the corporation.”

That required virtually no work on my part. It was just adding another thing into the possible checkout basket and writing two sentences of legal copy saying, “Yes, you are allowed to share this with up to 100 members at your organization,” and then putting a price tag on it.

The price tag for that is, I think, $2,000 if you buy it off the shelf right now. Surprise, surprise, people buy it because $2,000 at a software company doesn’t really move the needle. If they’re going to make six figures, plus, off the implementation of the advice, then they’re going to want to cross their I’s and dot their T’s with regard to the licensing of the things that they’re using within the companies.

That’s a fairly hot‑button issue at software companies. You always want to know the license of the code you’re using and you always want to respect the IP rights of people whose products you’re using, because software companies are basically built on that. Yeah, micro tip, use a corporate license, charge 4X or 5X as much as the personal license. It’s free money.

Keith:  You had mentioned writing a Twilio book. I wonder when we’ll see the first, “Learn How to Use Twilio: The Pitfalls” e‑book come out on Hacker News.

Patrick:  Please write that book, seriously.

Keith:  Yeah, it would be great.

Patrick:  You can steal that idea. I’m never going to do it, just because I am interested in Twilio. I do a talk like that every year at the Twilio conference, but that was never the burning enough interest for me to actually sit down and do the work of writing that book. If you’re going to sit down and do the work of writing that book, please.

Building Products For Other Peoples’ Platforms Gets You Access To Their Audience

Patrick: By the way, you might not think I have enough of a profile to do something like this. If you write the definitive book on Twilio, you know who will be happy to get that book into the hands of as many people as possible? That’s right, Twilio, because Twilio makes money when people make phone calls and SMS messages on Twilio. Since your book knocks down the objections within client companies of, “Well, yeah, we could use that Twilio thing, but no one here knows how to use it.”

Twilio would happily send out an announcement about that book to their list of 100,000 developers who are writing about the platform. I don’t know that they would be happy about that, but I rather suspect they would be.

Keith:  Now, this is something interesting. When you’re working with platforms and talking to them, definitely talk to the people that you are writing about. If you’re writing AWeber book, I know the guys at AWeber would be thrilled for someone to write a book like that because it’s free PR on their side and, like you say, it gets people using AWeber. The same with Infusionsoft, actually it’s interesting. If you go to Infusionsoft’s website, you will be retargeted for ads for Jermaine Griggs’ stuff because he is the number one Infusionsoft marketer. They use him. They essentially have a group promotion thing going on, I assume. I don’t know.

Patrick:  Let’s talk about you and I just understood what happened there, but I think some of the folks who don’t understand retargeting technology recognize the importance of what you just said. They basically allowed this consultant who uses their service, to put a tracking pixel on their own website, such that people that view their website are pitched his stuff when they go to other websites, like Facebook or TechCrunch or what have you. They get those lovely little ads that stalk you around the Internet in the top corner.

Keith:  Which are highly obnoxious, once you know what’s going on.

Patrick:  That’s not true.

Keith:  Well, I did not say they were not effective. [laughs]

Patrick:  They’re not obnoxious if the thing you need to do for work this week is to get Infusionsoft integrated. Then those ads are exactly what you want to be seeing.

Keith:  Exactly.

Patrick:  Clearly, he has such a close enough relationship with them, such that they’re placing things on their own web pages at his commercial behest.

Keith:  This is conjecture on our part because I visited the Infusionsoft website and then I started getting those retargeted ads. I do not know any contract between the two, etc. I’m just saying that is a view that is happening. That might be happening.

What you’re doing is you’re saying someone who looked at Infusionsoft, “Oh, I might be interested in Infusionsoft, but I don’t know how to use it.”

Suddenly, you have all of these advertisement. You have all of this information coming to you. It’s like, “Don’t know how to use Infusionsoft? Check out this book, ‘The ABCs of Infusionsoft.’ See how to get the most out of Infusionsoft.”

What this does for Jermaine is it gets him customers for his book and for his consulting. What it gets Infusionsoft is tons of new customers, because they see, “Oh, this is really powerful. Oh, this is really easy to use.”  [Patrick notes: More importantly, it reduces perceived execution risk of using Infusionsoft improperly.  That risk is a core objection to adopting Infusionsoft in the first place.]

Patrick:  Now, in an ideal world, you would expect your technology platforms to be writing all of this documentation and giving it away for the customers for free, but how many technology platforms do you know out there that have ideal documentation written for them?

Keith:  It’s not even ideal documentation for most companies. There was an interesting article on Hacker News that was you don’t know who your API users are.

Patrick:  Oh, yeah. That’s absolutely true. Why don’t we give the brief rundown of that article?

Keith:  Can you give that real quick then?

Patrick:  Sure. The idea with you don’t know who your API consumers are, or that not all API consumers are folks like us, developers that are used to integrating APIs and do this 15 times a week. A lot of them are power users of applications. They’re technical enough to understand, let’s say, Gmail and Basecamp and name your favorite invoicing software, Freckle. Freckle doesn’t do invoicing, so Gmail, Base Camp, Freckle and FreshBooks could together be used to run a web design consultancy. They’re not technical enough to integrate those four APIs together, but they know it has to be able to get done somewhere.

They have some long‑tail need, in terms of, “I want it, when I send an invoice to somebody, to automatically send me an email two weeks later to remind me to follow up with them.” That’s something that they could build in 15 lines of code if they just knew how to use your API. You should build your API such that it is easily consumable by people who are not technically developers, but want to do it to build in the one percent features that you’re not going to build into the actual product.

Keith:  It goes to the same, even if you’re not on an API. I use AWeber a lot because my clients use AWeber. I’ve talked to the guys at AWeber and some of the comments I get is, “No one uses AWeber like this. No one has gone this in depth into AWeber.” There’s always going to be power users. I don’t think that we do that amazing stuff. We do what I consider a bare minimum, but there’s a lot of ways that your customers are probably using your platform that you don’t know about.

Patrick:  That’s totally true, too. A lot of these companies, there is only a certain amount that the people at the company can possibly know about the environment in a given industry or customer or use case. Twilio has north of 100 very smart, dedicated people working for them. Despite this, I’m willing to bet that nobody working at Twilio understands the banking industry like somebody who has worked at a bank for 10 years does. If you routinely grind out two factor authentication apps for the banking industry, I bet you could write a very compelling book about two factor authentication apps for the banking industry that Twilio would never be able to write even in 100 years. Whether you could sell enough of that to make it worth your while is a good question. But considering that you are writing things for banks, you are probably charging them very significant amounts of money. They could also pay very significant amounts of money even for just the description of it.

A lot of the products, even just books and whatnot that are sold on very technical topics to industries that are awash in money cost scads. There is a great book about the microstructure of the financial markets. That’s not the exact title, but it’s something like that. It’s basically how the various pieces of US exchanges talk to each other on a software level. If you need to know that, millions of dollars is riding on you not screwing that up. That book costs…That’s not something you can go and buy from Amazon for nine bucks.

Keith:  It all goes back to what it would cost, if I was to learn this myself, and not only what is the cost if I was going to learn this myself, what it the cost if I was to learn this myself and fuck it up.

Patrick:  Right. What is the risk associated with that? You do not want to be the next team lead in charge of Knight Capital. “Oh, we hooked up a testing system to the real Internet and then blew up our company [laughs] and did $400 million of trades in a day.”

Keith:  Oops.

Patrick:  That sort of oopsie is what is called a “career limiting move.” Given that people can often spend their company’s money on avoiding career limiting moves for themselves, that’s a win all around. Right?

Keith:  Right.

Email People Things That They’ll Find Interesting.

Patrick:  Let’s see. We briefly talked about the productization stuff and how people get started on that. We didn’t talk about email yet. Let’s bang the drum one more time. If you’re going to be selling anything, whether it’s consulting services or whether you’re thinking of productizing, you should really have an email list. You should be publishing something, such that people get on your email list. Then you should do a nice job of watering that email list or keeping it warm by periodically sending them things that they will be interested in.

Keith:  Right, exactly, exactly. I wanted to talk…

Patrick:  Do you have an email list?

Keith:  Yes. Ask me how many emails I send out?

Patrick:  How many emails did you send out today Keith?

Keith:  I think I’ve sent out three in total.

Patrick:  OK. I have an email list. I recently recommitted to emailing it every week, rain or shine. I’m currently on week one of that. It’s going to be week two as of this Friday. [Patrick notes: This is as of several weeks ago due to the time lag in producing podcasts.] If you’re not on my email list by the way, it’s training.kalzumeus.com. I’ll link it up in the show notes. You should be on it. There was an email last week about what product companies can learn from consulting companies. If you are listening this much into the podcast, it would have been very interesting for you. There will be an email in the next couple of days on what consulting companies can learn from product companies, which would also interest you, which you probably won’t get, because you are hearing this podcast later. The next thing you will be interested in, you should be on the email list for. This is the equivalent of a sponsored ad for the podcast, except it’s sponsored by me.

Keith:  [laughs] Listen, subscribe to Patrick’s emails. Don’t subscribe to my emails, because I never send them. That will be coming probably by the next podcast.

Patrick:  Why don’t you send them? We are giving this advice to people. It easier for us to give advice that we don’t actually take. How hard is that actually going to be for you to write an email to that email list? If this was a consulting client, and they said, “Oh God, I’ve got too many things to do. I don’t have enough time to write an email.” Does your consulting client really have enough time to write an email?

Keith:  They have enough time to write an email. I have enough time to write an email. Someone said this. I don’t remember who it was. You need to change the way you phrase things. You don’t phrase things as in, “I don’t have time,” because you always have time. You say, “It is not a priority.” When you choose to not do something, because you “don’t have time,” it’s not that you don’t have time. You could easily move something. It’s a matter of priorities. Right now, where I am in the consultancy and where I am with my productization, it is not a priority to get those emails out, to be 100 percent honest. It should be. It should be. For myself, there are other things I need to be working on. That’s why I say, in a month, those emails will start going out, because that’s part of the product plan.

Patrick:  Right. Figure out the 15 minutes that you need to write that email. Your first email could literally be the difference between not having enough time and priorities as a mindset.

Keith:  Exactly.

Patrick:  You could just write two paragraphs explaining the thing that we just talked about and then three examples of applying it to a business, and boom, done. That’s an email.

Keith:  Right.

Patrick:  That keeps your name in front of people and gives them some sort of value to hang their hat on for getting emails from you.

Keith:  Exactly.

Patrick:  For many, especially the less sophisticated consultancies in the room, that might be a mind blowing mindset shift for them.

Keith:  Yes.

Patrick:  OK. So you will be writing emails. I will write emails.

Keith:  [laughs]

Patrick:  To all the people, who are listening to this, you don’t have to have the infoproduct written yet. Just get the landing page up for it, maybe with a little bit of a description on what the thing you are eventually going to be selling is. Then just ask people if they want to hear about it, giving their email address. Then just keep in touch with them about that.

Two great examples of this which I saw recently, both regarding Rails security: Rails Security and Securing Rails.  They’re worth looking at both if you’re interested in that topic and for the meta-topic of how to do a good pitch for asking for an email address.

Keith:  While you’re doing that, I want to jump in with two things, really quick. I think, after the email conversation, we are going to cut it, because we are already at an hour and a half.

Patrick:  Sure.

Keith:  There are two things. First of all, like you say, before you even have the product, you can have an email list. When Meteor was just becoming a name, what was that? Nine months, a year ago, or something like that, all they had was a five‑minute video, a sales page or an information page that said what they were doing and then an email list that said, “Let me know more.” It was so compelling that so many people signed up. Suddenly they have all these people that they are communicating and reaching out to every month, every week, whatever timeline they decide. Those have two purposes. One is just to keep your name in front of them.

Patrick:  Right.

Keith:  Honestly, if Meteor had never emailed me again, I would never have thought of them twice. But, because they emailed me about once a month I guess with new information, I’m always like, “Oh, I wonder what Meteor is up to.” It gives me an idea that they still exist. The other one is just amazing freaking content. This is a recommendation for everyone. I’m going to ask if you know Wistia, expecting people on the podcast to answer me. [laughs] Wistia does video hosting. They are kind of like Vimeo. They are kind of like YouTube. But they are completely amazing. They probably have the best email marketing campaign that I have ever seen in my life.

Patrick:  I will +1 that opinion. It is totally amazing.

Keith:  They are probably the only email that I will drop whatever I am doing to watch it. It’s generally about a five‑minute or less than five‑minute video that tells you just amazing information on how to take better videos.

Patrick:  Right.

Keith:  They’re well made. They’re very informative, and they’re just a quick little snippets.

Patrick:  Right. They knock down objections to using the product like, “Objection, I can’t take video. I don’t have a good camera.” They have a video how to produce production‑quality video using your iPhone, which is shot on an iPhone. It’s got a funny ha‑ha sensibility to it, but it’s also funny ha‑ha sensibility which also actually teaches you how to shoot production‑quality camera footage on an iPhone. Like, use a stand, lighting is very important, here’s how to do the lighting. Then a few weeks later, they send you a video just on how to do lighting on a $100 budget. You can put together a lighting kit at Home Depot, or Best Buy or wherever.

Keith:  Which was amazing. Honestly, the iPhone video and then the lighting video pretty much sold me on that campaign. I’ve listened to everything ever since.

Patrick:  Right. Who are you going to use the next time a client needs video hosting done?  [Patrick notes: Sorry, the SEO in me wanted to give them a nice anchor for the attribution link.]

Keith:  Wistia.

Patrick:  Yeah, of course.

Keith:  At this point, again, they are not a sponsor. I use Wistia exclusively. I believe you use Wistia as well.

Patrick:  Yeah, my current lifetime value to them $3,200 and counting.

Keith:  Woo‑hoo.

Patrick:  I continue to doing it.  I suppose theoretically I could move some of my videos to YouTube or whatever, but why would I ever do that? Their product works really well and I feel I’m going in debt to them for making my business better every month just by teaching me things.

Keith:  Exactly, exactly. This goes back to the same thing that we were talking about with Twilio is that when they have more people making good video, they are making more money. The more people who are making good video, the more people who are watching the video, the more people who are signing up for their service to make, to produce video and to distribute video, the better their company is.

Patrick:  By the way, if Wistia didn’t already have that lighting video, you could have made that lighting video and sold it. Wistia would be happy to plug you to their email list about it. You could potentially have an arrangement where, “Hey, I noticed that you have a gap in your education/offering, such that people don’t know…” I don’t even know enough about video to know what I don’t know about video.

Keith:  [laughs]

Patrick:  It’s very true about customers, by the way. If you, being a freelance videographer, know enough about video to know what I don’t know about video, you could go to Wistia and say, “Your customers don’t know this thing about video that Patrick doesn’t know.” We’ll make this thing for them. Maybe we’ll let you use that for some flat fee. You can give it away for free to all of your customers. We’ll sell it on a paid basis to other people. That’s a way to underwrite your own content costs, without taking on the market risks yourself.

Wistia presumably has the scale to make it work. You go to a platform company and say, “We’ll produce this” and get $5,000 or $10,000 of guaranteed business from them prior to selling it. Now that you have the production costs covered, you can sell the marginal copies at $50 or $100 or whatever.

If it’s a great hit beyond that, great. If not, well, you’re not out any money.

Keith:  Right, exactly. We’ve said this multiple times during the podcast. You look at things like FreshBooks and whatnot. They are very happy to promote people who are using their API, who are using their system to produce that value to their customers, because in the end, that gets them more customers. Whether that’s an info product, whether that’s an actual developed product, like something that hooks into the system that reduces a pain point, these companies will help you sell your information, your product, because it helps them in the end.

Patrick:  Ooh, micro hint here: You can approach any API company or product that you do business with routinely and offer them a trade like, “I will write something for you, for example, a guest post on your blog with a description of an integration that we did for one particular company. All that I ask in return from this is a little link at the bottom,” to say the landing page where you’re going to ask people to sign up for your email list. It’s a great way to get your name in front of people and start developing your list, which is an asset that you can use to sell your own stuff. Where selling it directly from their blog, that might be more socially awkward to sell to the platform company.

Keith:  Right.

Patrick:  Attribution links, very easy sell and then you can still get a meaningful amount of exposure based on it. Plus, then that gives you something to put in your sales page, “As featured on the blah‑blah‑blah blog…”

Keith:  [laughs] Oh, that social proof. I think that’s a conversation for another time.

Patrick:  Yeah, probably. All right, well, thanks everybody for turning into this edition of the podcast. We’re hopefully going to be doing on them, knock on wood, more consistent schedule going forward, although I think we’ve said that in five out of five podcasts so far.

Keith:  I think we have. We’ve been doing this, what, almost a year now? Over a year, a year and a half.

Patrick:  People tell me closer to two, actually.

Keith:  Wow, that’s mind blowing, and we’ve done five. We will work harder, especially since Patrick is getting out of consulting and he will hopefully have more time in Japan so that we can get these made more.

Patrick:  Yeah, definitely. All right everybody, well, if you are somehow not in our ecosystem already, you can follow my blog at www.kalzumeus.com or, again, sign up for emails at training.kalzumeus.com. Keith, where can people follow you?

Keith:  Right now, they can’t because I have my products under the radar and my consulting web page is all in Japanese. [laughs]

[Patrick notes: He really is a marketing genius guys... just mostly for other people.  Incidentally, for those of you who wonder "How could you possibly run a consulting business without being'Internet famous'?", despite literally not even having an English language website Keith's company has billings in the you-wouldn't-believe-me-if-I-told-you region.]

You can always go to delfi‑net.com. If you can read Japanese, you’re welcome to check out the blog and the company information. If not, I should have something for everyone by next podcast.

Patrick:  A micro tip for everybody, by the way, if you do conference talks or anything, not to grind Keith’s nose in it, but have a better answer to that question than Keith did.  Put a link on the last slide saying “Interested in this topic?  Give me your email address at (PUT A BITLY LINK HERE) and I’ll send you (SOMETHING OF VALUE GOES HERE).”  It always works and takes mere seconds to say.

Keith:  Yes.

Patrick:  Anyhow, we’ll see you next time.

Keith:  All right, take care, guys. Thank you.

And Now A Brief Word From Our Sponsors Me

If you are currently a consultant and are intrigued by some of the ideas we discussed in this podcast, such as

  • how to sell clients on giving you more money, more predictably, for less hours worked, and having them love every minute of it
  • building sustainable revenue to de-risk your consultancy
  • growing your business beyond the inevitable constraint that you only have 24 hours a day

Then you should come to a bootcamp on the subject of building recurring revenue for consultancies.  Brennan Dunn and I are hosting it, on your local Internet, on August 8th.  We’ll be taking a very in-depth look at retainer agreements and other hybridized product/consulting models.

If you’re on the fence, here’s what one consultant had to say about my business advice:

“I’m a consultant that delivers web application software for startups and small businesses. Patrick writes concise, high-impact advice on running consultancies. Putting his strategies and tactics to use at Happy Bear Software has kept my pipeline full, my clients happy, and my bank balance consistently on the rise (via improved cash-flow, negotiating, and raising rates). His writing has single-handedly changed the trajectory of my business. If you run your own consultancy, his advice is the most important thing you’ll implement this year. It will probably make you astonishing amounts of money. I’ll be at the Bootcamp, too.”
Najaf Ali, CEO of Happy Bear Software

Go read about the bootcamp and, if it is appropriate for your business, sign up for it. We’ve got two dozen people committed to attend, and want to keep the class manageable, so we might have to close registration at some point.  If you want to be sure you’ll get in, reserve your spot earlier rather than later.  (Also, if you buy before the 24th, we’ll give you a professionally designed retainer agreement monthly report template.  Good design is one of the ways that you communicate to clients that they’re getting their money’s worth.  Want to hear more ways to do that?  Come to the bootcamp.)

We look forward to seeing you there.

3 Comments

If Your Business Uses Rails 2.3 You Need To Move To A Supported Option ASAP

Executive summary for your CTO: If your company runs Rails 2.3 apps, switch to Rails LTS, a commercially supported fork of Rails.  If you do not do this, and do not take one of the more elaborate mitigation steps as described below, your Rails applications will be compromised, you will lose the servers you run on, and your business will suffer substantial losses.

Two of my businesses run on top of Rails 2.3.X, because they were started when that was the best option for writing production software on Rails.  This is true of many, many commercial Rails applications (loosely defined as “ones which make money for businesses”), both ones which are used only internally and ones which are public-facing, like SaaS sold on the typical pay-for-it-monthly plan.

Rails 2.3.X is, with the release of Rails 4, currently unsupported.   What does that mean?  It means that the Rails Core team has washed their hands of dealing with security problems on the platform.   This means that if, for example, Rails had another bug or series of bugs like the string of Severity: Apocalyptic vulnerabilities disclosed in January, individual users would be responsible for arranging for their own response rather than just waiting for a new release and bumping their gem version.

Why Is Anyone Still on Rails 2.3.X?

I know many folks in the Rails community wonder why anybody could still be using a years-old system.  Suffice it to say that Rails 2.3.X remains a productive, viable way to develop applications.  Some sites which are under active development daily still run on 2.3 — Github, as one prominent example, runs on an internal fork.  (More on them later.)  They’re one of a dozen prominent companies I could name with the main application still on 2.3.  Other companies have software which is more or less done running on 2.3 — for example, many companies run internal HR, accounts receivables, CMSes, etc which were written by boutique Rails consultancies back in 2010 and haven’t been upgraded because HR hasn’t really changed all that much.  Some companies even run across multiple versions of Rails, where the main app might be running on a fairly recent version but the supporting cast of web services, admin dashboards, and internal company tools are at whatever version they were at when they were created.

Much love to Rails Core for continuing to push the state of the art in web development forward, but not every app needs to be on that bus.  Bingo Card Creator, for example, still has several hundred thousand dollars of commercial viability left in it, but Bingo Card Creator is done.  It has achieved everything it ever wants to do in terms of bringing bingo cards into an AJAX-y web application, and doesn’t have any possible upside for moving to the new hotness.  That said, it still needs to avoid losing users’ passwords/credit cards to hackers, and it can’t host a botnet within my firewall.  That would be, ahem, problematic.

[An aside: Let me sketch out "problematic" a bit: Appointment Reminder -- also on 2.3.X -- has patient information from several large hospitals in it.  Leaking this information would be, obviously, severely negative for my customers, their patients, and my business.  In addition, I'd be subject to fines which scale to how many bytes of information I have control over...  yeah, ouch, I know.  I'm insured against that risk, but if I tell my insurance company "Health and Human Services wants $600,000 from me.  I guess you just lost your bet with me that I'd be competent enough to secure my server eh?" one of the first questions they're going to ask is "Did you actually take those security measures you promised you take, like say using all commercially reasonable means to maintain patches on your applications?", and if I answered in the negative they'd say "Wonderful, this loss isn't covered under the policy you bought.  Hope you have $600,000 lying around.  Thanks for your business."  Data security is serious business for many people.]

The Rails Core Team Is Not At Present Interested In Supporting 2.3.X Going Forward

A few people, including myself, have told Rails Core that their businesses use 2.3 apps and that continued support for 2.3 would be a major win for them.  Rails Core is uninterested in supporting 2.3 going forward.  To be totally clear on this point: that’s fine.  Rails is an OSS project which implicitly requires a $X million budget a year in employee salaries to continue running, and those salaries are overwhelmingly paid by for-profit companies.  Those companies graciously allow their employees to contribute their time and IP back to the community.  If 2.3 support isn’t a priority for Rails Core and/or their employers, then obviously they’re free to take the project in directions which are.

One reason why 2.3 support is not a priority is that, as every maintenance programmer knows, supporting old software involves a lot of boring scutwork.  Rails Core felt there wasn’t a manpower or monetary budget for underwriting this scutwork.  Some people expressed the opinion that folks asking for 2.3 support were freeloaders who were prepared to contribute neither patches nor money towards the effort.  That’s a prediction that, in many cases, I would have had a lot of sympathy for.  It’s very easy to criticize people who actually do things for a living on Github/Twitter/etc.  To head this off, when I made feelers about maintaining 2.3 support, I made it explicit that my company would cut a $10,000 check to make it happen.  (Kalzumeus Software is, to put it mildly, not nearly where most of the money is being made in Rails 2.3 apps, but $10,000 is trivially affordable at even our microscopic scales, and I thought this would demonstrate that The Enterprise (TM) would be able to fund this effort, in much the same way that The Enterprise (TM) spends billions of dollars a year on software maintenance.)

I was told, informally, that that was a nice gesture but it wouldn’t sway minds.  So I started looking at other options.

Your Options If You Are Currently On Rails 2.3.X

1)  Do nothing and, with probability of 100%, get your server owned.

Have I beaten this drum enough?  Thump thump thump.  If any server operated by your company is on an unpatched version of 2.3, that server will be compromised by the adversary.  Every Rails 2.3 application is, as of today, unpatched.  (Did you backport the fixes for e.g. the translate helper method XSS bug?  No?  Then you’re running unpatched.  That bug is actually from 2011.  The ones from Q3 2013 are going to be much more interesting.) You cannot afford to remain like this.  You will wake up one day wondering “Why is my web server trying to download and run a rootkit?” … well, if you’re lucky enough to detect it prior to being rooted.  Since covering this subject in depth in January I have heard harrowing tales of, e.g., CTOs at well-regarded companies who will not allow engineers to upgrade from vulnerable versions of Rails because they’re afraid the patched versions will cause regressions in their applications.  That will be a very interesting excuse to trot out to management or the board when asked why you lost 100,000 credit cards or why your entire network has joined a botnet.

2)  Rewrite your applications for Rails 3 or Rails 4, which are currently supported.

You can upgrade an application from Rails 2.3 to Rails 3.  Upgrading point releases is (aspirationally) a fairly painless experience on Rails, but the Rails 2 to Rails 3 transition is a serious engineering project for non-trivial applications.  A short list of issues:

  • Many of the gems/plugins which you might be using with your current application will not be compatible with Rails 3.  You will either have to upgrade them, find a (hopefully compatible) fork for Rails 3/4, or fork them yourself and +1 the number of old projects you’re maintaining.  Some gems/plugins which have variants which are compatible with Rails 3 have had breaking API or behavioral changes in the interim.
  • Rails 3 made a really good decision to enable HTML escaping by default, for preventing XSS attacks.  If you’re coming to this from an old application, you are likely going to have to dig in and either root out or mark harmless every time your views/helpers/model objects/etc return HTML when you expect them to.  That can be an involved project.
  • Most Rails projects of non-trivial size will play with the Rails internals, via calling private methods or monkeypatching core behavior.  For example, Bingo Card Creator takes over the standard way of locating layouts to support more extensive A/B tests.  Since the internal structure of Rails changed dramatically when it absorbed Merb, you’re going to have to rewrite that sort of code from scratch.  (If you’re watching from the sidelines, you might think this is inherently a dangerous practice, but be that as it may it is virtually universal in the community.)
  • You might decide to switch from Ruby 1.8 to Ruby 1.9, depending on how quickly you jump up the Rails version ladder.  That will make it a very, very painful transition for you, because the standard library API has breaking changes and the language syntax itself has breaking changes.  There are also non-breaking changes where the behavior of code will just change overnight — e.g. Date.parse(“5/6/2013″) can be May 6th or June 5th depending on what version of Ruby you are running.  And the encoding issues.  Oh God.

My ballpark estimate for upgrading Bingo Card Creator to Rails 3, assuming market rates for Rails contractors, is approximately $20,000.  It is substantially higher for Appointment Reminder.  Neither of those applications even approach the complexity of some of the commercial Rails 2 applications.  It’s easy to imagine many companies spending six figures or more on the upgrade.  (If this is difficult for you to imagine, consider that the fully-loaded monthly cost of a full-time intermediate Rails programmer is approximately $20,000 in some localities, so if you use more than 5 man-months, there you go.  There are many, many companies for which that would be not nearly enough to complete the upgrade.)

This assumes that your application is in a happy place to begin upgrading today — for example, it has been well-maintained, has very good test coverage, and you have the original programmers on staff.  Unfortunately, many applications in maintenance mode are not in this position.  They might have been ordered back in 2010 for $40,000 from a boutique consultancy that no longer exists, for example.  That doesn’t inhibit a company’s day-to-day use of the application in 2013, because CRUD apps don’t suddenly stop working even if the original programmer dies, but would substantially complicate a very in-depth maintenance project.

3)  Support Rails 2.3 yourself

You can, of course, fork the Rails 2.3 code and improve on it yourself, including by developing and incorporating security patches.  Github took it upon themselves to do this, for example.  It’s viable if you have a team of very capable programmers and the bandwidth to drop everything you are doing at 3 AM in the morning and address new Rails vulnerabilities.  (Again, if you don’t do that, your server gets owned.)

This option is not for the faint of heart.  Some parts of the Rails framework are very ambitious engineering — take ActiveRecord, for example.  As is true with most software projects, even the people who wrote it the first time don’t fully understand what it is doing.  You get to start working on rebuilding their undocumented organic knowledge now, and doing security patches later.  You might think that you have a helpful ally in the test suite but it is not actually deterministic, because many of the tests rely on things like e.g. the ordering of keys in a hash, and this is not guaranteed on Ruby 1.8.

If you’re Github or another large consumer of Rails, you might be able to guarantee sufficient availability of competent, security-focused programmers such that you can both proactively find vulnerabilities in Rails 2.3 and reactively patch announced vulnerabilities before your app servers join their friendly neighborhood botnet.  This is not viable for all companies which use Rails 2.3 in a commercial fashion — for example, if you’re an insurance company which has a line-of-business Rails application, it is highly unlikely that you have the engineering bandwidth to do this.  My company has the equivalent of 0.2 full-time intermediate programmers working for it, and if I were to keep on top of Rails security, I’d probably have no time for improving my applications  or for writing code to support marketing/sales goals.

4)  Pray that someone supports Rails 2.3 for you

Rails Core obviously aren’t the whole of the Rails community.  It is possible that somebody else will take up the challenge of supporting Rails 2.3.  For example, Github has their fork, as mentioned.  It is possible that you can just sit downstream of that fork and have things work for you.  I know a few people who are implicitly dependent on the Github fork, for example.

Why didn’t I go down that route?

  • Github’s fork currently supports Github’s needs, but it isn’t a formal commitment to the community or anything.  They could drop it at any time, without notice.  (I might be outside the loop, but I don’t even remember it being announced as existing.)  This makes it difficult to rely upon for consequential business decisions, like “Can I afford to commit all weeks in October 2013 to other projects or do I need to keep something in reserve for a panic-upgrade from github/rails to whatever my next best option is then?”
  • As an informal project, there is no release process for Github Rails.  You’ll have to build your own gems for it, on your own schedule, without guidance as to where known-good commits are on their work-in-progress branch.  This could be problematic if you slurped down a security patch and got Github-specific code which, e.g., broke Ruby 1.8 compatibility (check their commit history).
  • Github’s fork of Rails 2.3 is, to my cursory view, not designed to be exactly compatible with 2.3 as used by places other than Github.  It is an extraction from their working system.  I can’t be sure that moving my systems to Github Rails isn’t going to cause them to break in all sorts of fun and subtle ways.  (For example, see this commit, which rips out the default YAML processor.  That is, in isolation, a decision that I’m totally on-board with and am reasonably sure won’t break my app.  One commit down, 53 more to audit.)
  • I don’t think “I had no formal relationship with Github but decided to rely on them because they’re good people” is an answer that lawyers at Health and Human Services or my insurance company would tolerate as a commercially reasonable business practice, in the event that a compromise of my site eventually happens.

5)  Pay for a commercial fork of Rails 2.3

So after looking through the other options, and getting turned down by Rails Core on my attempt to essentially buy support for Rails 2.3 from them, I started looking for other people to take my money.  It turns out that there is a consultancy in Germany called Makandra which maintains an internal fork of Rails, because they have ongoing support obligations for 50ish applications currently in commercial use by their customers.  They also have a team of a dozen Rails experts.  This puts them in a pretty good position vis-a-vis new security issues: they’re already committed to fixing them quickly (since they have 50 apps depending on it), and they have sufficient engineers to be able to do that.

So I made them a proposition: If they cleaned up their fork such that it could be consumed outside their company, and contractually promised to maintain that fork against newly discovered vulnerabilities in Rails, I would be willing to pay them a substantial amount of money for that.  This frees me from having to do it myself, and I have high confidence that “We engaged a firm of engineering experts to handle that aspect” will pass muster with customers, regulators, and my insurance company.  This is similar to the Long Term Support option that you could buy from e.g. RedHat if you didn’t want to be on the latest version of their distribution.  The name of the fork is, appropriately, Rails LTS.  You can buy access to it and use it in production today.

It seemed like a bit of a waste for this relationship to only benefit our companies, given that Rails is OSS and we both continue to benefit from the community, so we hashed out a way to make it work well for everybody.  Makandra has substantial ongoing engineering expenses in doing the scutwork that Rails Core correctly observed the community is unwilling to do, and it cost them even more to get it into a state where it was releasable for consumption outside the company.  Accordingly, “I’ll just pay you to do that, and you OSS the code” wasn’t going to work for them.

So we split the difference: we agreed that I would be Customer Zero for Rails LTS, guaranteeing that it was commercially viable for them to do the engineering work necessary to release it.  They will sell it to anybody, for very, very reasonable rates relative to the amount of money Enterprise software companies usually charge for commercial support agreements.  If you buy it, you get support integrating it into your application and, more importantly, guarantees with regards to timelines for them to address new issues.  This means that you can sleep soundly know that it is someone’s contractual obligation to drop everything and address any Priority: The World Is Burning vulnerabilities which get discovered in August.

Normally, when two enterprises get into a support contract with each other, the community doesn’t explicitly benefit.  I wasn’t thrilled with that notion, so after some negotiation we agreed on a model which preserves Makandra’s interests but also benefits from the community: all code produced under this arrangement is OSSed under the MIT license (the Rails standard) 10 days after being produced.  This means that if you need it to keep a commercial service up and running, that is something you can buy, but if you have a hobby project and are OK with a 10-day window for possible exploitation, you can just slurp down patches from their Github account as they become available.  Nothing the community currently has gets taken away as a result of this arrangement: you can still choose to use the Rails Core version of 2.3 on your own recognizance (and get no security patches), or you can buy Rails LTS (and get new patches written in a guaranteed timeframe for new issues), or you can use the community version of Rails LTS (which did not exist but for me bankrolling it) and get your security patches taken care of for free.

The community patches are, naturally, available for Rails Core to backport if they would like to do so.  I approached them about doing that, and they say it is a possibility if Rails LTS turns out to be a sustainable thing.  That was prior to it being funded and released.

You Might Have An Objection To This.  I’d Like To Preemptively Answer It.

“But Patrick, switching to a fork is hard!”

One of the core design goals of Rails LTS was making sure that you can upgrade to it without requiring that you modify your app.  If your Rails app uses Bundler, it’s as simple as changing a line in your Gemfile and running “bundle update”, then redeploying.  If you don’t use Bundler, you can build the gems locally and then deploy them as per these instructions.  I tried doing that for Bingo Card Creator, which didn’t use Bundler, but it turned out to be faster to just migrate to Bundler.  (If you have a 2.3 app that hasn’t done that yet, instructions for switching are here.  This took approximately 45 minutes for me, mostly as a result of not having a clear all-in-one-place view of my app’s dependencies.)

Since Rails LTS is exactly the current version of Rails plus security patches and tests (diff them if you don’t believe me), it is highly unlikely to cause problems for your application.  They’ve promised that featurewise it is frozen in amber and, unless a security issue necessitates it, the API will not change as a result of security releases.  (This is a policy whose adoption would be widely beneficial in the Rails community.  cough)  Both of my applications worked with flying colors.  There’s an optional “hardened mode” you can activate (one line in your environment file) to disable some features of Rails which are often unused and have recently been demonstrated problematic, like the “Rails can take XML requests and create objects from them then insert them directly into the params hash, including perhaps deserializing embedded YAML in the XML, which can result in arbitrary code execution” (a feature which, to put it mildly, is not required by much of the community).

“Can we trust this to actually, you know, work?”

Great question.  They’re sufficiently credible to me that I cut them a check for $10,000 and have essentially delegated to them a portion of the application security burden for my business, which is a bet-the-business issue for me if I can’t get it right.  They have a strong record of bringing client projects in, including ones which are technically ambitious.  They have a demonstrated commitment to open source and to Rails 2.3′s ongoing viability as a platform.  I think that’s the best testimonial I can give them, but feel free to spend a few hours spelunking in their code if you want to feel more secure about making the decision.  (If you want to look at the Rails LTS code in particular, can I draw your attention to the now-actually-working test suite which newly includes tests for the security patches released this year?)

“Why would we pay money for OSS code?”

You’re not really paying money for OSS code which already exists, you’re buying the guarantee that new code gets written at non-deterministic times in the future before the lack of it causes an emergency for your business.  It’s closer to an insurance policy than it is to source code.

You’d pay money for this for the same reason you pay engineer salaries: because the code provides business value to you.  If you’re a CTO, you should understand that there is definite value in not having to bring your applications down because their servers have been rooted.  You should also understand that drop-everything-hair-on-fire vulnerability resolution is not something your engineers are particularly good at and not something which you want periodically disrupting them from shipping applications to your paying customers.  You can either pay your engineers to continue monitoring and patching Rails for you, or you can buy Rails LTS.  Your call.  Their entry-level plan costs ~$200 a month, which is approximately the cost of one or two engineer-hours.  (Are you a Rails dev?  If you think you’re capable of identifying and fixing Rails framework issues and you don’t charge that much, raise your rates.  Are you a CTO?  If you think your engineers are capable of this and they don’t charge that much, prohibit them from emailing me, so that I don’t introduce them to more rational firms.)

If you don’t have $200 in the budget, and you at a real business, you either need a) a reality check about your business or b) a heart-to-heart discussion about what will happen when your servers join a botnet.  If you’re running a hobby project or are still in the first few weeks of running your business, then you should switch to the community version of Rails LTS, which is a substantial improvement to your security at no monetary cost.  Or you can just wait until your server gets owned, because that reliably makes people discover budget for security.  (It also could very well result in firings, so I wouldn’t rush to this option.)

“The Rails LTS plans are too expensive!  I would pay for this but only if it cost, like, $5 a month!”

Horsepuckey.  The hypothetical person saying this is a textbook pathological customer: they’re both deeply irrational (if the app’s security was worth $5 a month then the right answer is probably to shut it off and save the server cost) and likely to be far, far, far too much headache for professional Rails engineers to have to deal with.  I’m glad their mail is not going to be in the same inbox as mine when I ask questions about new security issues.

“I could totally duplicate all that work for free!  And I’m going to do that!  Nyaa nyaa!”

In the immortal words of OSS passive-aggressivity, patches welcome.  It would be an awesome thing for everybody if you did a lot of free work.  After finishing your free dev work, you also need to be a dab hand at working the politics of a successful open source project, again for free.  They won’t necessarily be actively hostile to your pull requests, but keep in mind that Rails Core does not consider 2.3 a priority and signaled strong distaste for the notion of having to do any release management for 2.3 patches even if the code were given to them on a silver platter.

(But horsepuckey, you’re not going to write free patches for Rails 2.3, or you’d have commits you could point to demonstrating your willingness to do this over the last 6 months.)

“You’re using your evil marketer wiles on me in pursuit of your selfish interests!”

I am, indeed, attempting to get you onto Rails LTS rather than unpatched 2.3.  Why?  Because as a fan of Rails and long-time member of the community, whose business has benefited enormously from it being available, I do not want to see other community members get rooted.

I have no direct financial interest in you deciding to buy a support contract for Rails LTS.  I don’t get a commission and I’m not an investor, I’m just the anchor customer.  My $10,000 is where my mouth is.  Well, no, my $10,000 is presumably sitting in a German bank account, but you get the general idea.

How Do We Switch?

It’s all on their website.  Switching to the community edition (free) is a one-line change in your Gemfile, and you can and should do that today if you’re already on 2.3.18.  (If not, upgrade to 2.3.18 first.  Then, have a frank discussion about security priorities, since you should have been on 2.3.18.)  To get a support contract and your username/password to access their private git repository (which gets the patches immediately on release rather than 10 days later), get in touch with them via the website.  When I did it it required a paper contract and a wire transfer to Germany, so it won’t complete as quickly as git clone will, but you’ll be on the way to getting this resolved before the next round of patches drop.

P.S. Remember, you need to have all of your Rails apps patched continuously, not just “the main one.”  If you miss e.g. a staging server, a simple service which hooks into the main app, an analytics side-project knocked up by an intern, or an old installation of Redmine, then that box will be rooted, and if that box is inside your firewall you can basically assume you will lose ever box attached to it.

16 Comments

Selling Your Software To Businesses [TwilioCon 2012 presentation]

I presented on selling your software to businesses at last year’s Twilio conference.  (I’ll let you in on a little secret: while this presentation is applicable to Twilio-powered applications, it’s 99.95% applicable to B2B SaaS companies which don’t have anything to do with Twilio.)  Alexis Finch did a Sketchnote on it, which inspired me to get the whole speech transcribed.  (n.b. I received permission to post it here, and by “received” I mean “paid for” because I feel very strongly that professionals should not work for businesses for free.)

Video, sketchnote, slides, and transcript below.

You’ll want to read/watch this if you’re interested in:

  • Ways to transition customers from paying $X00 a month from your four-column-SaaS-pricing-grid to paying $X,000 or $X0,000 for Enterprise software contracts.
  • Ways to optimize that four-column-SaaS-pricing-grid to increase your revenue without meaningfully decreasing conversions.
  • A few tricks for using email to sell software. (Yeah, I write about that a lot these days. Why? A combination of “It’s easy to do, easy to describe, and high-impact advice for people attending a conference” and “It’s just been an automatic I-win button every time I try it, for consulting clients, friends, and myself.” If you’d like to hear me delve into it in a lot more detail, that’s something you can buy.)

Video

Sketchnote

Click to enlarge (but note: 14 MB).

Patrick McKenzie Sell Your Software To Businesses Sketchnote

Slides

Transcript

Selling Your Twilio‑powered Products to Businesses

Patrick McKenzie:  Hi, everybody. I’m Patrick McKenzie. We’re going to do a little bit of audience participation in this, so just to give me a feel for who’s out here. Can you raise your hand if, like me, you’re a developer? OK. Folks who are in marketing, sales, business, et cetera?

Audience member:  Yeah.

Patrick:  One more show of hands. Who here has a Twilio app that’s in production that you’re selling to customers right now? Last year, I talked mostly to developers. This year, it’s mostly going to be to the business stuff, although developers can make the things we’re going to talk about in this presentation to generate the sales.

Brief background of the business that I run these days. My business is called “Appointment Reminder.” It makes appointment‑reminding phone calls to the customers of professional‑services businesses, like, say, a doctor’s office or an HVAC installer, to tell them, “Hey, your appointment is at 2:00. Please remember to come to it. Press 1 if you can come in. Press 5 if you can’t.”

Then, if they can’t come in, rather than that person just disappearing off the schedule and the doctor losing the revenue for that slot, we can quickly rebook a different person into the slot and save them revenue.

This is not really a presentation about me. It’s a presentation about you and your businesses, how you can make more money with them by learning how to do sales a little better.

Low-Touch, High-Touch, And Hybrid Sales Models

There’s two prevailing models of sales. One is called low‑touch sales ‑‑ you have a website, people come to it, they sign up, they use the free trial, they pay you on their credit card a month later, largely without talking to you. Then there’s the high‑touch sales, where we’re dealing with big freaking enterprises, steak and various entertainment budgets, and then a chicken gets sacrificed and six months later, a PO gets issued.

I’ve actually done both of these. I’m an engineer, I’m, by default, not really great at either of them, but I’ve learned a few things over the years. We’re going to talk about how you can improve both your low‑touch sales and your high‑touch sales.

One interesting thing in the software industry these days is that there is a hybrid model. One of the most important things that happened with the SaaS model for software is that because you can get up to $500 a month of revenue from a SaaS service ‑‑ and customers will frequently be on your service for a year, two years, four years ‑‑ that brings in four‑figure to low five‑figure lifetime values into the zone that you could possibly attack with the low‑touch sales model, where that was never possible before.

The canonical essay on this is Joel Spolsky’s “Camels and Rubber Duckies.” Just Google that. [Patrick notes: I'll save you two seconds.] It’s great. When he wrote it, he said, “There’s no software that’s priced between $400 and $75,000, because $400 is about the most you can budget on a credit card and 75,000 is about the least that it takes to send somebody to a location with the account manager and sales engineer, have the steak dinners at various high‑end restaurants and sacrifice the chickens and have the high‑touch sales work.”  [Patrick notes: Hmm, it seems Joel actually quoted $1k as the minimum price.  My memory is swiss-cheese, sorry.]

Hybrid sales is one of the very interesting spaces, and I don’t think that we’re taking enough advantage of it, so much of this presentation is going to be showing you how you can make hybrid sales work better. You can also use the hybrid sales approach to have the customer start out with the low‑touch sales, like many of you might’ve started out with Twilio ‑‑ just sign up on their website, give them a credit card, you get $30 of free credit.

Then that person becomes an infection vector into their enterprise ‑‑ that’s a bad way to put it, maybe a “brand advocate” into their enterprise ‑‑ so that when the enterprise says, “Hey, we have needs. We need a service‑level agreement and you need to have HIPAA compliance,” that’s an excellent opportunity for them to talk to the sales team and maybe we can get a steak ordered.

A Brief Primer On Pricing SaaS

Price based on customer perceived value. Don’t price based on cost. This is a severe temptation for people who are building Twilio apps because we know that, OK, a phone call costs me two cents a minute, so if I bill it out to my customer at three cents a minute, that’s a great outcome. That is a terrible outcome for you.

Great outcome for your customers, because you are ridiculously undercharging your software that way. Your customers do not perceive the value of your applications as being dumb telephone pipes. If they wanted dumb telephone pipes, they could get them from AT&T for like $14 a month. They value the business logic and the business results that your applications can provide.

Let me give you an example from one of my customers. He runs an HVAC company. He sends out a van of three guys to somebody’s house. If they can’t get into the house because the homeowner forgot that they needed their water heater replaced today, then they lose about $300 worth of salary upfront. Because your home water heater being broken is typically an emergency for the customer, the customer will often get home from work, realize that water heater is still broken and call somebody else from the phone book, so they lose a $2,000 to $5,000 sale.

This customer has emailed me and said that I’m putting his daughter through Harvard because of the amount of money just automated phone calls are saving him every month. Now, he doesn’t know this, but I’ll tell all you guys. It cost me $1.96 to make those phone calls for him for last month, but I’m putting his daughter through Harvard.

Clearly, an equitable arrangement is not charging him four dollars a month, based on cost plus pricing. It’s charging him a portion of the value his business is generating. I charge him about $200 a month, and he tells me he would pay 10 times as much.

Segment to capture customer value. You will have customer who have things about them, either their use of the software or particular features that they need, which describe that you are creating much more value for their business than other customers might be receiving.

One way to segment is ‑‑ you’ve all used SaaS before and it has that lovely little four‑column chart? The four‑column chart is becoming a standard in the SaaS industry because it’s widely superior to a lot of other methods. If you just had one monthly price for the software, I will tell you, 99‑percent probability, I could write out three columns, knowing almost nothing of your business, and your revenue would go up the next month.

Similarly, if you have an overly complicated pricing grid, sales tend to go down. This is something that I’ve tested out with a bunch of my consulting clients.

Another thing. For low‑touch SaaS, metered billing is an anti‑pattern ‑‑ metered billing being when you are charged linearly with respect to usage. Why? Your customers’ usage is typically very low, like the guy who needs a buck‑96 a month worth of usage. Customers have a high perceived cost associated with uncertainty.

If they don’t know whether it’s going to be $25 a month or $55 a month, as a small business that might matter. It might be worthwhile to them paying 40 bucks a month, and always 40 bucks a month, just so they never get a month that’s 55, even if 40 bucks a month for a year costs them more than metered billing for a year.  [Patrick notes:  Want to blow your mind?  There are many, many businesses which have an easier time paying $99 a month than they have paying rand($40 ~$55) per month.  This is partially because there is a time-cost associated with doing the bookkeeping/requisitions/etc monthly and partly because people hate uncertainty so much that they will overpay to never have to worry about it.]

Give the customer what they ask for, which is predictability and being able to buy a solution that works for their needs, and then charge them for that.

Also, for selling to businesses, always remember this. You are not taking your customer’s money. You are taking the business’s money. No customer feels a pain in their life. They don’t have to hold out on going on a date with their wife just because they paid you $20 more or $100 more. Typically, they’re not compensated based on shaving of $100 a month from their business expenses, because on business scales, $100 a month, it doesn’t move the needle for most businesses.

Don’t aggressively price your products. Price them according to value, such that you have a nice business and they have nice value created by using your stuff.

Let’s do a pricing‑page tear‑down. Here’s the pricing page for Appointment Reminder. I could show you some consulting clients and the various changes I made to their things, but that gets into NDA territory, and I can spill on my own stuff. Let’s show you the important things.

This thing at the top, the headline, “Pays for itself in one saved appointment,” that’s called an anchor. We’re anchoring the price of this solution to the business value that the customer is receiving from it. Notice that we’re not using the anchor, “A phone call costs two cents. You can make 100 phone calls for only two dollars.” No, we anchor it to the business value.

The way I chose these numbers for ‑‑ you might not be able to read it. It’s Professional, Small Business, Office. 29, 79, and 199. It turns out that there’s industries in which $29 is a common price point for an appointment, like, say, mid‑end hair salon. $79 might be a common price point at a, say, high‑end spa. Then 199 is a common price point for something where people drive to your house, like an exterminator.

One of the things that customers do is they auto‑select into, “My appointments are worth about $100 bucks, so I should be going into the $79 plan,” even if their usage ‑‑ which was way lower on the thing ‑‑ would only put them in the $29 plan.

Also, take a look at plan names. Many SaaS businesses go for fanciful plan names, like, “You should buy Bronze. You should buy Silver.” That’s typically not optimal. You want plan names which convince your customers to upgrade themselves into the higher plans because they feel that they need them.

True story. I used to work at a big freaking mega‑corp, and I needed to use a SaaS. I think it was Crazy Egg. I wrote out the requisition request for my boss, said, “I’ve run the numbers, boss. We need a hobbyist plan that’s nine dollars a month.” He opens up their pricing page, scratches out “hobbyist” in red ink, writes “enterprise,” scratches out nine dollars, writes 4.99, sends it back to me for approval.

I’m like, “Wait, boss. No, I’ve run the numbers. We only need the nine‑dollar hobbyist plan.” He said ‑‑ quotable ‑‑ “If I’m going to submit this to my boss and it says ‘hobbyist,’ we’re an enterprise. We need the enterprise plan.”

Crazy Egg got $490 of extra enterprise revenue. Sadly, my boss would not pay me my enterprise salary.

Most actionable tip you’re going to hear today. If you don’t already offer annual billing, you’re going to start. This tip is going to pay for your trip to Twilio because there’s a specific way that you can offer annual billing that your customers will massively uptake, and it will make you ungodly amounts of money.

Why do we like annual billing? Because getting money upfront is better than getting money over time, all of the time. Because doing annual billing will decrease the turn rate for your customers and turn kills SaaS businesses. If you want the full math on that, ask me later. I’m a math geek.

And because this often solves pain points for your customers. They have to fill out a requisition every month when that credit card charge comes in, and they’re a little annoyed by that. It’s not their money, but it’s their time every month filling out that requisition form. Solve a problem for your customer by getting all that money in one little itty bitty requisition form upfront.

How are you going to offer annual billing? You’re going to offer annual billing in an email sent to your established customers, people who have already been using the monthly plan for a month or three months or six months. So they know, “Yeah. This software is valuable. I’m getting value out of it.”

You’re going to say, “Hey, thank you for being a loyal customer. In return for you being a loyal customer, I will give you an exclusive deal. If you switch to annual billing, I will give you the next month of the software free. So you only pay 11 months rather than 12 months. It cost $200 a month. Rather than being 2,400 for the year it’s 2,200.”

The combination of that discount plus the exclusivity plus the perceived risk that the offer will go away, because you’re only offering it to them once, will mean that instead of like one or two percent of your customers upgrading 10 percent, or in one of my client’s cases 25 percent of customers upgrade, 25 percent times 11 months of revenue upfront is a big whack of cash flow when you send this email.

I have done this at several customers. The first time we send the email to a list of…say there are hundreds of thousands of customers, we ended up receiving hundreds of thousands of dollars of revenue the same day the email was sent. Seriously, implementing this will take you less than 30 minutes. It should be the first thing you do when you get back to your businesses.

Other low‑touch stuff that works. You all have websites, and you use AdWords, SEO, OneUp. Those are very deep topics, and I’ve talked about them 100 times. I won’t be talking about them now. Here’s a quick win for you. If you don’t already have Olark or some sort of live chat widget on your website, put it there.

Have people be in it during common business hours. That has doubled sales at some of my customers just by doing that because some people just feel that they need to talk to a real person behind the counter to actually trust a business. This is particularly common in less‑techy niches.

Fully functional free trials, many of you probably already have that, or you have first month free with a credit card sign up. We’re going to be talking about specific ways to optimize them in a few minutes. Email, email, email. We’re going to talk about that a lot, too.

Let’s talk about product tours. What is a product tour? A product tour is a first‑use experience, so we take someone through either their first time using the software or early in their life with the software to expose them to the richness of the software and to make them feel awesome.

Why do we do this? Because if you just have the common free trial that someone gets into, sees their dashboard, 40 to 60 percent of those users will close out of that application, and they will never come back. If you’re spending $10,000 a month on Google AdWords ads, you’re setting $5,000 or so on fire because they see the app once and never come back.

We have to make that first‑use experience of the software totally rock. Dropping people in dashboards doesn’t rock. Giving people customization screens doesn’t rock, so we’re going to show them the fun bits and make them feel the experience of becoming awesome through using your software immediately. How are we going to do that?

First, we are going to demonstrate one awesome improvement that the app has already made in their life in the first five minutes of using the software. Second, we’re going to establish a reason why they should come back to it later. Third, if there’s any social component, like if any of you do productivity apps where the entire team has to be in the application, we’re going to request that they invite the rest of the team into the application.

That is a major, major win. Literally increased sales by about 30 percent at one customer of mine when we just started asking them explicitly to invite your team in at the end of a three‑minute trial.

Appointment Reminder. I didn’t launch with a product tour. I started it about two months after launch when I realized that there was this problem. My typical customer behavior was that people were signing up for the free trial of the service. But they scheduled appointments about four to six weeks before the appointment was actually supposed to take place. The free trial is 30 days.

At the time where they’re making the go or no‑go decision on Appointment Reminder, it hadn’t actually called anybody, and why would you pay for something that calls people if it never actually calls people? Many people made the decision, “I’m not really getting value out of it. I don’t want my card charged for 200 bucks. I’m gone.” Similarly, 60 percent of people were abandoning the product on the first day and never coming back.

I changed up the application to give people the experience of this app being awesome on the first day. How did I do it? First, when customers get into the application, I ask them for their phone number and say, “We’re going to give you a quick little demo call.” Make a semi demo call just like they were getting a call like their customers would get a call.

They see, “This is real. It’s not just some scam on the Internet. The software does actually work.” Then we teach them how to schedule appointments in under 30 seconds, then teach them how to manipulate [laughs] appointments in under 30 seconds. Then we tell them what they should do next.

This would be a great opportunity for selling the benefits that’s going to make for their organization, but I just haven’t implemented that yet because I’m stupid.

This is actually ugly as sin. It’s just JavaScript and elbow grease. It took me about two weeks to code, but it is the highest ROI on any code I have ever written for my own business. Similarly, I did a two‑week project at a consulting client of mine to implement a tour like this. Again, JavaScript and elbow grease increased sales by 30 percent. That’s a company with millions of dollars of revenue. Two weeks is worth 30 percent extra in sales.

Best thing that you can do in the tour. There are features in your app that are especially sticky. If you look in your old data, there’s something or if you have a feel of what the happy customers look like, you can identify certain features as being positively correlated with the happiest customers, the ones that are getting the most value out of it.

Introduce those features right away. Don’t hide them in the third screen after customization. You will see a major uptake in those features and hopefully an uptake in your customer metrics after that.

How many people sent less than, say, five emails a month to customers in their first month of the software? Raise your hand. Yeah, hands up? You all should be emailing people more than you do. Ask them for their permission to do it, but many of your customers will receive a lot of value from you if they trusted you enough to give you their credit card or to sign up for a free trial.

Wlk them through that free trial. Make them have the successful first experience with that trial. How can we do that? Why would we want to do this? Conversion to paying sign‑ups straight off a website is very low. One percent. If you optimize it like heck, you can get it at two percent. But if you offer people a free incentive in exchange for their email address, you can get 20 to 40 percent conversion rates to that.

Having their email address gives you the opportunity to sell them over time, and then you will get vastly higher than one percent to two percent conversions off sales to that email list. One way you can do this is by setting up a drip campaign, a sequence of six to eight emails delivered over the course of a month. The pitch to the customer might be, “We’re going to give you a free one‑month course on this topic that you’re interested in written by our experts.”

Many people can’t say no to that. In the course of that drip campaign, you first educate them on things in your problem space. You persuade them that you are an expert on this problem space and that you are a credible individual and a credible company. Only then you try selling them. When you try selling them, many of them will be happy to buy at price points which they would never have considered two weeks ago before they knew you.

I’ll show you an example of something I did for a client, and the client told me I could talk about this. This is WPension. They give you a little free inspection of your website that will tell you, “Hey, it’s loading at 4.6 seconds. It could load faster if you do some things. Here’s how to do that.” They’re a hosting company.

It offers on the page where you get this free inspection, “Hey, click this box. We’ll give you a free one‑month course on improving the security uptime, et cetera, of your WordPress site. Many people opt into this box.” Then what we do, we hit them with a sequence of emails over the month to demonstrate credibility.

It starts. They were interested in a diagnostic on their website’s performance, so we send them the next day, “Here are three action tips for improving your website’s performance,” and a lot of people open that. A few days later, “Let’s talk about scalability. Scalability is a little different than the performance for any one user. Here are some tips for improving it.”

Obviously, WPension are experts at this, so they have very compelling educational content in these emails. They have almost no sales message whatsoever. Next time, they talk about the WordPress security background. “WordPress security is kind of iffy. You can do stuff with files permissions that will make it less likely that your site gets owned.”

Then the fourth email is, “How hosting matters for your business,” and this is where they start selling. They say, “Look. If your website goes down in the middle of you being on the Oprah Winfrey show, you’re going to lose tens of thousands of dollars. That five‑dollar‑a‑month WordPress hosting that you’re on that goes down and gets virus infected every month doesn’t look so cheap anymore, does it?

“We have an option managed by the WordPress experts, and it only costs $200 a month, which is honestly nothing next to the business value created by your website.” That email and the subsequent emails in this sequence absolutely prints money.

More advanced uses of email. So you can use someone’s interaction with your applications to drive targeted emails specific to that person and to their situation. One example is when they start using the software, obviously they sign up instantly and get a thing from the website with a link to log in and their email and password. Well, don’t put their password in there, but tell them they can reset it if they go to this page.

Maybe you want to just automatically send an email delayed a little bit and say, “Hey, this is just a personal welcome from the CEO.” This is something that we don’t do nearly enough as small businesses. We’re afraid of being compared to Oracle and IBM and need to seem bigger than we are. Why don’t we use the smallness as a strength?

Say, “Hey, I’m the CEO. I built this product. If you have a problem with it, I want to hear from you. I will to fix it.” We should throw our little itty bitty weight around. If the customer looks like they’re going to cancel because they signed in for Appointment Reminder three weeks ago and they haven’t sent a single appointment, they’re probably not getting much value out of it.

Send them a rescue email. Say, “Hey, the computer said that you haven’t scheduled an appointment yet. I want to know what went wrong. Was it too hard to get started on it?” Or “I run a small business myself. I know people get busy. If you just need more time and the trial is out, send me an email. I can extend your trial by a month.”

Trials that expire without giving you money are worth absolutely nothing to your business. So giving them a trial extension is almost free to you. Maybe it costs a buck a month extra to provision that folio thing will print money for the business. If the client doesn’t use one of those sticky features that you know is a sticky feature, send them a getting started guide or a case study on how some other customer of yours used that feature to a great extent in their business.

Then maybe at the bottom of that say, “Do you want to get started with this but don’t know how? Send me an email. I love talking to my customers.” As the client is getting to a decision point about the software, like are they going to make that renewal decision or do they need to upgrade with a credit card? Provide them the ROI calculation for that.

Here’s something that somebody else does. Planscope is software for freelancers. It helps people make more money like most business applications. They will literally send you every week an email which said, “This week you made $2,000 in your freelancing business. Congrats! By the way, did you know that Planscope has these extra features you aren’t using yet?”

People love getting this email every week because who doesn’t like hearing, “Yeah, I made $6,000, which is 4,000 more than last week.” They love getting this email. It creates actual value for them, and it creates another touch point for him. Say, “Hey, you want to keep getting these emails from Planscope? We need your credit card details.” That works out great for all involved.

Transitioning from low‑touch sales, where you’re not really talking to the customer so much, into high‑touch sales. The biggest problem that many engineers like myself have with getting ready to do high‑touch sales is they think, “I’m an engineer. I’m a bit of an introvert. I’m not a sales guy. I don’t even know what kind of steak to order.” You can do sales. Let me tell you about…

There is an eight billion pound gorilla in the room for appointment reminding services and they and nine other similar firms plus myself were selected by a particular American hospital. It wasn’t St. Jude, but let’s call it St. Jude anyhow just for the sake of illustration. St. Jude needed a wee little itty bitty project done. They needed appointment reminding for it.

They came up with a list of 10 people after searching for them on Google, and then they went out to each of the 10 of them and said, “We’ve got some questions.” A sales guy looking at his calculation from a sale that might only be $100 or $200 is like, “Well, that won’t buy me a cup of coffee.” They sent out a brochure, and then they go working  on their more important accounts.

But I really wanted to have St. Jude as a client, so I hopped on a phone call with them. I talked for an hour with their decision‑maker. Then after the phone call, I sent about three‑page email recapping everything we had said on the phone call and said, “Could you please forward this to anyone else who’s involved in this decision?”

They had a down-select, which means they got rid of many of the people who were in the first run of the competition and it came down to the 800‑pound gorilla and myself. Then they had a little debate about it internally, and the debate went something like this.

One of the guys said, “It’s either the 800‑pound gorilla, which we know is the safe choice. Or we could go with this one‑man operation headquartered out of Japan, which has been in business less than six months.” The nurse I had been talking to for this whole time said, “You don’t understand. It’s his baby. You take care of your baby. If we ever have a problem with it, we know who we’re going to be talking to.”

I won that sale, and I parlayed that sale into 8 of the top 10 hospitals in the United States [Patrick notes: I used to quote this a lot but I'm unsure whether it is literally accurate given that I have a fuzzy definition of who constitutes the Top 10.] from Bumble in Japan. So you totally can do sales. Let’s talk about some ways to do it. Remember. You are not being bought by the person who is using the software. There are other people in the organization whose opinions you need to influence, so make that a priority for yourself.

Customers can request a high‑touch sales process when they start in a low‑touch thing, like saying, “Hey, I’m on the $29‑a‑month plan, but what’s your auditing story? I need full access to server logs.” “That’s totally something we can do. Talk to the sales team right now” The expectation for things are very different. We’ll talk about how to manage those expectations and use them to transition people into more valuable relationships with your business.

I don’t even love this slide, so I’m going to skip it. You will eventually be passed over to a purchasing department after you have agreement in principle with someone in the organization that they should be using you. Purchasing departments and their users have an adversarial relationship. The user wants to get their work done. They know you’re the guy to do it.

The purchasing department theoretically needs to get that bought. They get scored on buying it for the lowest price possible. They don’t want to have the blowback from saying, “You can’t buy that.” But they don’t really have an incentive to getting this deal done because it doesn’t make their life better either way.

This is the little sales cycle at the bottom. The real places that you can hack it are at the formal quote stage and invoicing. Let’s talk about how.

Purchasing has a checklist of things that they must have to be able to OK a deal. You need to offer this, and you need to make it obvious that you offer this. Service level agreements, SLAs, support maintenance contracts, which can automatically cost 10 percent of the price of the software. It doesn’t even have to be anything other than “we have active developers working on this.” You might think, “We already had that, so why charge 10 percent extra?”

But they need to buy that. They need to be able to buy that to be able to buy your thing, so sell them that. Industry‑specific buzz words. “What’s your HIPAA compliance story?” You can charge through the nose for these because they are a large business, top eight hospitals in the United States. Figure out how much health care they sell. Health care is really expensive. They have money.

These are various things that you can offer a large business in the sales cycle, which will increase the size of the account to you without meaningfully causing more resistance from the purchasing department.

Things that you can anchor your prices against when you’re charging to enterprises. By the way, when you’re charging enterprises, it’s like four to five figures a month. You’re no longer talking about a couple hundred bucks that you can put on a credit card.

The fully loaded cost of one employee is a good anchor.  The fully loaded cost of a developer in Silicon Valley is $20,000 a month. You save him 20 minutes a day. Do the math and it turns out into a real amount of money. If they’ve got 50 developers at the organization, hoo ha. Cut off something in them in that so that they feel like they got a win out of it, and then it’s a big win.

Truck rolls are an incredibly good anchor for pricing, if you can decrease them. The guy who I put his daughter through Harvard was primarily concerned about the number of wasted truck rolls he had where he sent three guys out in a van to a house. Had to pay their salary, but they weren’t actually able to get into the house. Truck rolls have a huge cost which is known in industries that actually have fleets of trucks.

High value employees. It’s easy to calculate the value for your time. Low value employees not so much. If they don’t measure the cost of, say, the office manager, then they’ll discount your value to the company. But if they do measure the cost, like in a call center environment, then 80 low‑value employees who save X amount of time that they know that they track, that produces a lot of value that you can take to the business and sell it on.

Lost business, missing revenues, et cetera, also things that you can sell against.

Let’s have a quick role‑playing exercise for how you answer any question that you don’t know how to answer about pricing. The answer is, “I can do that with a one‑year commitment.” Everybody repeat after me, “I can do that with a one‑year commitment.” Everybody?

Audience member:  I can do that with a one‑year commitment.

Patrick:  ”Do you have Google Calendar integration?” I can do that with a one‑year commitment. “I need 60‑day net pricing terms. Can you do that?” I can do that with a one‑year commitment. “My legal department has some custom language that they need to run past you. Can you do that?” I can do that with a one‑year commitment. “We need you to fly out to Omaha and give an in‑service training activity for our team. Can you do that?” I can do that with a one‑year commitment.

This greatly increases customer lifetime value, it provides massive value to their business, and it will make your sales conversations easier.

The one question that you cannot answer with “I can do that with a one‑year commitment” is “Can you give me a break on the price?” No. Never give people a break on the unit price, because the purchasing department is only scored against whether they get the purchase in at lower than the best unit price that they have ever seen or gotten from you.  [Patrick notes: This is why Enterprise software companies don't put pricing on the website, typically.]

If you ever give them a break on the price per call, like if you say, “It’s usually five cents a call. For you, I like you. I can do it four cents this one time,” you will never get that penny back, and next year, they will ask for three.

Rather than giving them a break on per‑unit prices, the thing to offer in exchange for a one‑year commitment is something like, “Look, we can give you a five percent of the deal pre‑pay discount or something like that,” or “It’s normally 10,000 bucks to ship me out to Omaha to do an in‑service presentation, but because we like you, it’s only $8,000 for you, and still five cents a call.”

You’ll make most of your money on the call, but the purchasing guy will be able to get his next promotion because he shaved $2,000 off that thing he wasn’t really going to buy anyhow.

Finally, unfortunate fact of life. If you’re selling to big freaking enterprises, you absolutely need to have the corporate structure to shield your own house from something blowing up at a company. You should probably have insurance. Talk to your insurance agency about it. It’s usually called errors‑and‑omissions insurance in the United States. You want a lawyer to go through all of these contracts.

Final stuff. I talked a little about email earlier. I can actually talk about it substantially more. If you go to lifecycleemails.com, there’s a little five‑hour course from me that you can do about that. Customers tell me that it’s produced a lot of value for them. I have a blog with six years of posts, mostly talking about low‑touch sales. [Patrick notes: You are reading it].  I encourage you to try it out.

My email is patrick@ any domain I own (including this one) and I’m @patio11 on Twitter. I love talking about this stuff. Feel free to talk to me at any time.

We have a second for questions.

Audience member:  Are these slides anywhere?

Patrick:  They’re not yet, but I’m going to be putting them up on my blog later.  [Patrick notes: Yep!  Scroll up.] Thanks very much for your attention, guys.

5 Comments

Marketing Software, For People Who Would Rather Be Building It

One of my favorite conferences every year is Microconf , because it focuses on small software businesses, which is where my heart and soul is businesswise.  I know a lot of folks can’t justify a trip out to Vegas (though you should really come in 2014 if you possibly can — 2013 is only a few days from me posting this and already quite sold out), so I always ask Rob and Mike (the organizers) for a copy of my video so I can produce a transcript and put it online.  My 2012 talk focuses on building systems to achieve marketing objectives at a software company.  I’ve been successful at doing things at a variety of scales, from my own one-man software business to consulting clients with 8 figures a year of revenue.  A lot of the tactics covered are wildly actionable if you run a SaaS business.

[Patrick notes: As always, I include inline notes in my transcripts, called out like so.  If you'd like to see my 2011 talk, see here.  It focused on how to run a software business in 5 hours a week, including scalable marketing strategies like SEO/AdWords/etc.

Video & Slides (Transcript follows)

Transcript: Marketing, For People Who Would Rather Be Building Stuff

Patrick McKenzie:  Hideho everybody, my name is Patrick McKenzie, perhaps better known as "Patio11" on the Internet.

I sometimes get asked what I do, and I'm kind of confused at it myself. I was going to Town Hall recently to file my taxes, and I was across the street from Town Hall, the light was preventing me from getting across the street. By the way, I live in Japan. A guy comes up to me on a cycle, stops right next to me and says, "Psst!  日雇い労働ですか?" [Patrick notes:  I corrected the Japanese here with reference to a dictionary, but don't remember this as being his phrasing.]  My brain started to flip through all the possible things that could be, and a high probability for those characters, hiyatoi roudou is day labor, “Are you a day laborer?”

I was like, “Wow, there’s only one way I can answer that. ‘Yeah, but my rates are probably a little high for you.’”  [Patrick notes: Unstated background knowledge here: I live in Ogaki, where roughly 90% of foreigners -- who are rather scarce -- are blue collar Brazilian Japanese who largely work in electronics/car parts factories.  Unemployment among these folks has been rather high for the last couple of years, so if you were doing things purely on a statistical basis, "Day laborer" is a much less insane guess for a foreigner standing outside city hall than "Owner of a software company."]

[laughter]

If you were here last year, you heard the grand arc of my transition from really overworked Japanese salary man to totally‑not‑working‑all‑that‑much Bingo Card empire guy. It’s really not all that great shakes compared to some of the things that people have done up here, but it’s the little website that could. It has over 200,000 users and 6,056 paying customers.  [Patrick notes: Current counts as of posting are ~300,000 and 8,249.  The last twelve months have been pretty good.] I’m pretty happy with where it got me to, and just for a little update on this story for last year, if you weren’t here for last year, it’s on the blog somewhere.

I’m sure people will tweet out the link to that video if they’re very, very nice and kind to me. [Patrick notes: The Microconf 2011 writeup is here.] Just an update. The blue bars here are the 12 months before attending Microconf, and the red bars are the last 12 months, so after attending Microconf. Since my business is crazily seasonal, if the red bar is above the blue bar, I’m doing something right. As you can see, in the last six months, the red bar is routinely exceeding the blue bar, so I was doing something very right. The thing that I was doing was stopping working on Bingo Card Creator.

So my first actionable tip is, “If you have me in charge of your marketing,” like say Jason Cohen does, “you need to fire me, and your sales will go up by 50 percent.” We’re not going to talk too much about Bingo Card Creator today, we’re instead going to talk about systems. You heard earlier about building the flywheel, being a growth hacker. This is probably one of the most important things I’ve ever come across, but a job is a system that turns time into money, and a business is a system that turns systems into money.

I was once talking to a Japanese guy at a large automobile manufacturer in central Japan that you might know of, and I said, “T‑Corp is known in America as a company that makes cars, and Ford, or whatever, is a company that sells cars.” He patted me on the head like, “Oh, nice. Silly American. Ford might well be a company that sells cars, but T‑Corp is a company that builds organizations that builds cars.”

Why Engineers Get A Cheat Code For Starting Businesses

I thought that was a very profound distinction. All of us are in the business of building things that help us sell things that we build. I think we are ideally situated to this, because, as engineers, we build systems. You heard earlier about the term “growth hack,” which is just on the cusp of becoming a meme, by the way. You’re going to hear a lot about that over the next coming days, because there are huge platforms these days, everything from Pinterest to Twitter, to Google, to the App Store, that give you ready access to hundreds of millions of users, billions of users, many of whom have credit cards and will actually pay money for things.  [Patrick notes: I'm stealing this from 500 Startups' investment thesis, but I think it is equally applicable regardless of whether one is doing a high-growth startup or a one-man bootstrapped software company.  Again, the most niche app you could think of, run by an unknown guy living in Central Japan, just added 100,000 users last year while in maintenance mode due to effective use of Google as a platform.]

As engineers, we have the capability of exploiting those platforms in a scalable manner. Some of the ways to do it I talked about last year, and I don’t want to give all old content, so if you want to hear about SEO, which is the main reason my sales went up for this year, just watch the thing from last year. [Patrick notes: Or you can read my copious writeups of it in the Greatest Hits section under SEO or Content Creation.] We’re going to talk about new stuff. Oh, totally stealing a slide from last year. In addition to Bingo Card Creator, there were three really big things going on, and I just want to give you updates on them.

The most important one, down in the bottom there. Last year I said something out of school, it wasn’t planned for the talk or anything, it just slipped out of my mouth. I said, “The most important thing in my life right now is I’ve recently met a beautiful young lady, Miss Ruriko Shimada over there, and she is going to be the future Mrs. McKenzie.” That was the first time that thought ever got verbalized, even in the deepest recesses of my mind, so luckily it was not simulcast or anything. That’s official now, it’s happening June 26.  [Patrick notes: Ruriko's only comment on the presentation was "The 23rd, dear.  Be there."]

[applause]

Thanks very much. I don’t have a picture of kids, for obvious reasons, but can I just make a note about this? Everyone has shown a picture of their children or significant other. At a less charitable conference, people might be, “Oh, that’s the boring stuff, skip that, get to the good stuff.” All those other pictures, that is the good stuff. There’s a word in Japanese called mono no aware (もののあわれ), meaning “an awareness of the impermanence of things.” All this conversion rates and equity grants and profits and all this… Vegas?

[laughter]

This will all be dust and memories. The important part of our lives is our families, our friends, that is what we will be known for. If you have a successful business, and your family isn’t feeling it, something is going terribly, terribly wrong. I can’t just stand up in here and say, “My fiancee is the nicest, smartest, most wonderful, beautiful woman in the world,” for the entire hour.

[laughter]

#include <platitudes.h>… wait, the word I wanted is not platitudes, it’s compliments, drats. I don’t speak the Engrish. Anyhow, updates on other things that are going on. I got a slide up from Fog Creek, which was one of my favorite clients I can publicly talk about, but I don’t really have much content in this presentation about running a high‑priced consulting business. Is that something you guys are interested in? Let’s have a show of hands.

I’m a marketing guy, so let me give you the quick elevator pitch, and if you want to hear about this, we can talk about it at the question‑and‑answer session. Is it interesting to you how I turned down $700,000 a year to do conversion optimization for big software companies? Just raise a show of hands. Would that be fun? Oh, OK. We might talk about that before questions. We’re going to talk a little about “Appointment Reminder” stuff that I learned the second time I tried to make a software business from the ground up, and how you can apply it to your businesses.

This is my new thing, which is, by the way, in almost direct competition to somebody who was in the first session of tear‑downs. You might compare and contrast to the way I do it and the way he does it. I actually went up to him afterwards and tried to teach him what I know about this, because people helping people is what this event is all about. We all get better, even if we’re competitors, sharing knowledge. Anyhow, it makes “Appointment Reminder”, phone calls, text messages and email messages to the clients of professional services businesses.

Don’t Make My Mistakes In Picking A Software Business

This is a wee bit more sophisticated than my bingo thingy. Why did I pick this problem? This is the slide in which I give bad advice. The way you should actually pick a problem, skip back to your notes from Amy Hoy’s presentation. That’s the way you should pick a problem. This is not the way you should pick a problem, but it’s true, so I’ll tell you it anyhow. You see this jacket that I wear in all of my presentations, because the color red looks good on me, and I love this company, Twilio?

Twilio came out with this product that let Web developers basically script up phone calls and SMS messages. I thought, “Ooh, that’s kind of awesome.” I like to view the market, “The market” in the sense of the broad, capital‑C Capitalism sense of the market, as a placid lake, which incorporates everything we know about the world right now. When new information gets added to that, it’s like dropping a rock in the lake. Ripples in the lake are change, and the larger the ripple is, the more change there is, the more possibility there is to get outsized profits over the course of the world right now.

Because we learned from microeconomics 101, the natural state of profits in the system is zero. The steady state. Twilio was dropping a big F‑ing rock into the software world, because you can finally interface with the plain old telephone system without having to understand what an Asterix server is, and if anyone here has ever tried to hack Asterix, I’m sorry for you. What could I do with a telephone that I couldn’t do before? I made a list of 400 ideas and just sat on it, because I was still at the day job at the time. Since I spend 16 hours a day in front of a computer screen, my shoulders ache like crazy, so I sometimes go to massage therapists.

This one day I went into a massage therapist, and asked, “Hey, can I get a shoulder massage, because I’m an engineer, my shoulder aches like crazy.” She said, “It’s going to be about two hours,” and I’m like, “Oh, well I’m gainfully unemployed, so that’s no problem. I’ll just take my iPad, browse Hacker News in the corner here for a little while, then we’ll get the massage when you can do it.”

15 minutes later, she comes back to me and said, “Hey, I know I told you it would take two hours, but it would be really, really helpful for me if I could massage your shoulders right now.” I said, “Sure, no problem, can I ask why?” She said, “I had this slot booked up with somebody else, but he didn’t come in, and now he’s 15 minutes late. If I don’t start massaging your shoulders now, that’s going to throw off the schedule for the rest of the day, and I’ll never get the revenue from these next 45 minutes back.”

I’m like, “That’s interesting. Why don’t you call him?” Notable and quotable line from her, she says, “I’m a massage therapist. If my hands are on a telephone, they’re not on someone’s back, and if my hands aren’t on someone’s back, I’m not making money,” and I thought, “That’s interesting.” I asked, “If I had a system that could call someone automatically before their appointment with you, would that be motivational to you?” and she said, “Yeah.” I went through my list of 400 things, and thought, “This is the first one I’ve had an actual customer need for.”

How did I know it would sell, though? That’s one person. I did two things. One thing I did was just whipped up the MVP, Minimum Viable Product, read Eric Ries’s book “The Lean Startup.” Everyone should read that book, it’s amazing. I whipped up the MVP, which is a website, you can get to it, I’ll show you the link later. You give in your phone number, and it calls you, just like you had an appointment, and says, “Hey, you’ve got an appointment. Click ‘One’ to confirm.”

If you confirm it shows right on the schedule here, “This person confirmed.” If you cancel, it says, “This person canceled.” We would email you right now so you can re‑book the slot and save the money. I just threw this up on the Internet, and waited. People signed up for my pre‑launch list, and said, “That is exactly what my problem is.” The other way I did, was I went home to Chicago, which is where my family is from, and took out $400 from an ATM, and walked around downtown Chicago and looked for salons and other massage therapists, that sort of thing.

I walked in and said, “Hey, do you take walk‑ins?” “Yeah.” “Are you free right now?” “Yeah.” “Are you the business owner?” “Yeah.” “OK, I’ve got a weird proposition for you,” and no, not that kind of weird.

[laughter]

“What’s the rate on a 30‑minute shoulder massage?” She would tell me. It’s almost always a she. I would say, “OK, I’m going to pay you the rate for a 30‑minute shoulder massage, but what I’m really interested in, I’m a small businessman, I live in Japan, I’m interested in the business of massage therapy. How about we just skip to that post‑massage cup of tea that you’re going to offer me,” I have learned this over the years. “Skip to the cup of tea, I’m going to pick your brains about how you run your business, and then I’ll go, no massage needed, and you get your money?” Almost everybody took me up on that, and nobody called the police. Yay.

[laughter]

I would ask questions, like, “What do you use for your appointment scheduling right now?” “Pen and paper version 1.0.” “How many people cancel?” “Lots.” “Do you not like when people cancel?” “Yes.” “Do you phone call people every day?” “Well, yeah, I kind of do, but I sometimes forget,” yadda yadda yadda.

Then the money question. “If I had something that I could show you right now that would call, would you pay for it?” “Yes.” “Would you pay $30 a month for it, because $30 a month is close to your rate for just saving one appointment?” “Yes.” “Can I get your email address right now? As soon as this is ready, I’m going to come back to you and say, ‘It’s ready. Let’s get that $30 a month,’” and I just collected those.

I actually didn’t end up selling any one of those people, but the need was clearly demonstrated to me there. I’ve got a better way for doing it these days, because as I mentioned, I am in the talking‑to‑people‑about‑wedding‑things, and I’m learning stuff about selling wedding dresses, because I am the unwitting victim of that. There’s this thing called the iPad, and every salesman at a wedding venue or a wedding dress shop, or whatever, in Japan, is using the iPad. I predict within five years, that every salesman in the entire world will consider that their key sales tool.

The reason is, when you have a sales discussion with someone with the iPad, you’re sitting next to them, standing next to them, hunched over the shoulder in a very intimate, psychologically‑reassuring way, while they drive the iPad and flip through. “Oh, that’s a lovely dress. Oh, that’s lovely, I really like that one.” “You like that one? I’ll show you more like that.” When they get confused, you can just take over for them, do the little slide‑y slide‑y thing, and it is a very, very persuasive technique.

If you don’t know whether a software will sell or not, go to WooThemes, or go to ThemeForest, pay $15 or $70, or whatever it is, mock up three screens from it, or even mock up two screens plus the final output. Put them in a photo gallery on your iPad, and take it directly to people in real life. Stand out and then listen over the shoulder, it’s like, “Do you really have a wedding dress problem? We got these.” If you’re solving a problem people actually have, they will say at this point, “Shut up and take my money.”

[laughter]

If someone says, “That’s kind of interesting, tell me when that exists,” you have not successfully identified a problem that people actually have. Fail to identify problems prior to spending six months of your life building the solution to those problems that no actual human being, aside from you, actually experiences in their life. You will have much better success that way. Brief interlude on pricing. This was brought up in a few things, and we treated it at a high level, so I thought I would dig into the nuts and bolts, considering many of you are in the software‑as‑a‑service business.

How To Read A SaaS Pricing Grid (And Why You Should Charge More)

I thought I’d read a pricing grid. This one’s from Wufoo. You have seen similar things all over the Internets. I can’t tell you about exact results I’ve gotten from customers, but I talk to a lot of people about this sort of things, so if we’re just kind of anonymizing, here’s how you read it. Find the largest dollar‑amount plan. That plan generates 33 percent to 50 percent of gross revenue. Why? Because it’s sold to people who are not spending their own money, they’re spending a corporate budget. Spending your own money hurts, but spending a corporate budget is kind of the happy thing for a lot of people.

[laughter]

Because, check this out, if you don’t spend your budget, it gets taken away from you. If you’re trying to protect your home position at a company, you want to spend as close to the top of that budget as possible, so help people out. They’re trying to protect their status and job security, by helping them spend their budgets. $200 a month is nothing to a company that has actual employees. The cheapest possible fully‑loaded cost for a college graduate is about $4,000 a month.

$200 a month is five percent of that, so if you’re only spending one or two hours of employee time a month, $200 is a total no‑brainer. So’s $250. Anyhow, the one that has the most users. Nobody likes to be a cheapskate, boom, it’s this one. The one that has the highest support costs. Wufoo has a free plan, I’ll guarantee you they get more annoying emails from people on the free plan than anything else put together, probably squared.

[laughter]

The worst customers, I call them pathological customers, are attracted to things that don’t have a lot of money. It’s amazing how many people have told me this. You raise prices, and you deal with less crazy people. At 99 cents, people have very unreasonable expectations. “What? This flashlight app didn’t do my taxes! One stars!”

[laughter]

When you’re charging people tens of thousands of dollars a month for an enterprise‑level service, they say, “Hey, our business really needs this feature.” “Oh, thanks for the email. I would really love to implement that feature, but we are kind of constrained on time right now. Can I get back to you in the indefinite future, if we get time to do that?” You’ll get a one‑line email back, “Sure, that sounds great.”

Would you rather deal with the no stress and get the tens of thousands of dollars, or “One stars!” for 99 cents? It’s almost self‑explanatory. By the way, I’ve sold a semi‑B2C product for most of my life. I really do love teachers, even when they’re kind of exasperating, and can’t tell the difference between the blue Googles and the green Googles, and don’t understand why they can’t get a CD of the Internet. It actually happened to me today.

[laughter]

In terms of, if I had known then what I know now, I would never go into B2C. Charge businesses, charge them a price appropriate to the value you’re providing. By the way, big surprise about software‑as‑a‑service companies, almost every one has enterprise pricing available. Some of them don’t put it on your things, but I guarantee you there’s a way to go up to Wufoo, go up to almost any software‑as‑a‑service company, and pay arbitrary amounts of money for their product. For example, if you have a $500,000 budget, and you talk to somebody at Wufoo, I will guarantee you that they will find an option to spend $500,000.

Maybe it’s we send a trainer and teach everyone how to use their drag and drop form‑building interface, and then the cost of the trainer’s time is $500 an hour, and the business will say, “Oh sure, yeah, whatever.” By the way, you need to purchase a service level agreement with them, and the service level agreement runs $20,000 a month, and there are businesses that will happily pay that.

Software‑as‑a‑service economics 101, why do you want to charge closer to the top of these pricing points, instead of the bottom of the pricing points? Because you have to get a lot less customers to generate the revenue that you want, to either replace the day job, or to meet whatever your own personal goal is. How do you segment plans? First, align it with customer success.

Getting based‑on features can work, but if there’s a numeric thing that allows you to discriminate between customer classes, such that the more value they get out of the product, the more X number that they need, segment primarily based on that X number.

It doesn’t have to be linear segmentation, because the ability of Fortune 500 companies to pay is not linear, with respect to the size of the company. A 1,000 person company is not the same as collecting 1,000 one‑man companies and putting them all in a room together. They have orders of magnitude more money, so you should probably be charging them orders of magnitude more money.

“Names matter.” Back in my time as a Japanese salary man, I was given a project to run by my boss, and I was trying to buy, I think, “Crazy Egg” for it. I did the projection, I wrote up the proposal for my boss, and said, “By the way, we need the $9.99 hobbyist Crazy Egg plan, and could you please approve the purchase for that?”

Boss takes my printed out proposal for the project, looks down at “Hobbyist,” goes over to crazyegg.com, strikes it out in red, writes “Enterprise,” picks the top plan, which was $250 or $500 or something a month at the time, something like a quarter of my salary, and says, “OK, here’s the new proposal. Sign off on it, and then I’ll sign to my boss.”

I said, “Boss, boss, we don’t need the enterprise plan, our projected traffic is clearly under the hobbyist plan.” He says, “F if I’m going to tell my boss that I want a reimbursement request for the hobbyist plan, so we are under the enterprise plan.” I was like, “Can I get the enterprise salary?”

[laughter]

That did not work out so well. That’s why I no longer work there. Anyhow, feature segmentation can work, particularly if you have features where there’s a hard requirement among some customers, that they must have a particular feature. That segments people into, “Has a little money” vs. “Has a lot of money.”

For example, healthcare in the United States has more money than God, and something that a lot of healthcare customers are going to be very particular about is, “Is this HIPAA‑compliant?” Talk to me later if you want the full story on that one, but the magic words, “Is this HIPAA‑compliant?” means you can charge them as much money as you want.  [Patrick notes: The one-sentence explanation: Healthcare providers in the US are obligated to follow the Health Information Privacy and Availability Act to safeguard patient health information, which imposes some technical and process safeguards on anyone who handles most data for them.]

By the way, you can have a system where all accounts are actually HIPAA‑compliant, but you only tell people that the most expensive plan is HIPAA‑compliant. Because they’re not actually caring about HIPAA‑compliance, they’re caring about being able to sign off on the fact of HIPAA‑compliance. If you simply refuse to sign off on that fact for anything that costs less than $1,000 a month, all of your healthcare clients are going to go for the $1,000 a month plan. Which is, by the way, nothing in healthcare.

The Most Important Pricing Advice Ever: Charge.  More.

Charge more, charge more, charge more, charge more, charge more. Anyone have a question about pricing? You should charge more. You’re probably ridiculously underpricing. $4,000 a month is the cost of the cheapest possible employee, you are less than a tenth of that. You are probably creating a lot more value than many employees in the organization, so charge for the value you are creating.

I was doing tear‑downs earlier. Here’s what I put up for my pricing grid about a year ago, and since I haven’t had all that much time to work on “Appointment Reminder,” I made a lot of mistakes. I haven’t fixed them yet, so I’m going to tear‑downs some of my own pricing grid.  [Patrick notes: Compare and contrast this slide with the current version.]

I have a $9 a month plan.  That was a mistake. I actually have a lot of customers on the $9 a month plan. They account for about 80 percent of my customer support requests, and approximately 95 percent of my headaches, and they pay me approximately nothing, and don’t stick with the service for very long.  [Patrick notes: When I did the math recently, customers on the Personal ($9) plan had a churn rate which was literally double that of the Professional ($29) plan, meaning a single signup on Professional was worth more than 6 Personal signups.]

I have an enterprise plan that’s coming soon, any day now, a year later.  [Patrick notes: Appointment Reminder closed its first Enterprise account a few weeks after Microconf.  If you want to hear about this topic in a lot of detail, I talked about it at a presentation for Twilio several months later -- I'll post it in a week or two.]  There’s actually a plan that isn’t even on here. It’s $200 a month, I call it “Small Business 2,” because I’m very creative like that. It’s just small business, and I bumped this number up a little. Small Business 2, plus Small Business, create over half my revenues that are based on this plan. Oh, quick update on “Appointment Reminder,” it quadrupled in a year without me doing much work on it at all. Thanks. End story, just make systems that really help. A tactic you should all probably steal.

The Tactic All The Savviest Software Companies Use: Automated Marketing Email

Can you raise your hands, everybody? Just get a little stretching. Put your hands down if you have not emailed a lot of customers all at once this month. If you look around the room and you’re looking for speakers, you will find almost all of the speakers still have their hands up, and this is one of the things that consistently segregates the really savvy people from people who are not quite at that level of savviness yet, so of course I didn’t really seriously start collecting emails for six years.

This guy Ramit Sethi, one of the smartest people on the Internet in terms of marketing, he says “The one d’oh moment is that I was not building up an email list.” You heard earlier about an email list is creating your own recurring stream of earned media, because they are people who want to hear what you have to say. They trust you on a subject, and they are begging you to sell them on your solution, so you should be getting those emails. Let’s talk about how.

Why does email rock? Some people, because we’re all techies, might say, “If I want to get in touch with someone about a new blog post that I wrote, there’s RSS feeds for that, right?” Email is like RSS, except better in every possible way. Email is actually read. RSS is not read. Quick show of hands, who here is over 10,000 unread items in their Google Reader?  [Patrick notes: Dramatically less people than when I delivered this talk, I would expect. </rimshot>] I rest my case.

Email is actually read by real people too, and by “real people,” I mean folks who don’t come to conferences like this, and who have authority to sign off on $500 a month purchases without breaking a single sweat.

Email is a necessary time, whereas RSS reading is, “I don’t have anything important to do today. If I don’t have anything important to do I might read some RSS stuff,” whereas emails, if you’re an information worker like all of us, email is your job. You live in your inbox. Many, many things in the inbox get read, particularly when they sound interesting.

The psychology of email is really important. If I put a diamond in a trash store, you’re probably going to think that diamond is not worth so much. Think of the things that will be around your message in somebody’s inbox. It will be a lot of important work. If that’s all important, your message is probably important as well. Think of the things that are probably going to be around your blog post or content in someone’s RSS feed, or someone’s bookmark manager.

It’s probably going to be a lot of commoditized Internet dreck that they’re going to get to the first day after never. [Patrick notes: The following is a little brusque for my typical humor, but was an in-joke for attendees of Microconf from the previous year, where Hiten Shah and I had done live analysis of websites of several attendees.  One had a bookmark manager system with a bovine theme.] If you do free association for, say, “What’s the spirit animal of email?” It’s Thunderbird. It’s fast, it’s powerful, it does important shit. If you do free association with, “What’s an animal we can associate with bookmark systems?” What would it be, a cow? It’s fat, it’s stupid… it shits.

[laughter]

Do email instead. When I say “do email,” what do I mean? Really simple. Collect their email addresses, educate them over the email, and then sell them stuff. Let’s go into detail on that. For a successful landing page, you really only need a few things. Just ask for the minimum possible information from them.

Probably their email address and their name, because everyone likes hearing their name, and you should probably put it in subject lines, because that’ll increase open rates on your emails quite a bit. Give them a nice, attractive button that promises value, not pain. Get something cool. Does anyone here run a website for sadomasochists?

[laughter]

There are no hands up in the room, which means that nobody should have “Submit” as the text on their email button.  [Patrick notes: I use this line because it is punchy and inevitably gets a laugh, but seriously, you can pick up totally free double digit improvements by switching to [Get My Free Guide] or similar benefits-focused copy.  Try it in an A/B test if you don’t believe me.]

[laughter]

Minimize distractions on that page. You generally don’t want to be collecting email from your home page. Why? Because your home page has to serve many masters. You’re probably trying to get people into the trial, get them into the pricing grid. You should generally be collecting email on dedicated landing pages. What will you have on your dedicated landing pages? A sweetener. Because people don’t really care about you, they care about themselves, so tell them that giving you their email will accomplish something for them. Let’s go into ways to do that.

The simplest possible way to get permission from someone to send them email is when they’re signing up for the trial, say, “Hey! In addition to that trial, can I send you email?” Just takes adding one box. Downside, it’s going to minorly decrease your conversion rate to a free trial. Upside, you’ll get crazy conversion rates on this. By the way, who here hates email, and thinks, “Man, I hate getting email. I would never click on ‘Yes, I want to get email from you.’” Yeah, hands up. Real people don’t hate email. Some people like email a lot.

I have a newsletter that goes out to the bingo card people, and it goes out about monthly. I sent it out for October and said, “Hey, Halloween bingo cards! You make them by going to Bingo Card Creator and typing about Halloween stuff!” Then the November email is, predictably, Thanksgiving bingo cards. “You make them by going to Bingo Card Creator and typing about Thanksgiving stuff.”

I didn’t hit the “Send” button on the November email, because I just got busy that month. I got three messages from teachers in America, all of them saying, “Hey, I didn’t get the email from you in November. I must have missed it or something, or it got eaten by the Googles.”

[laughter]

“Can you please send me the email for November?” I wrote back, and I said, “There just wasn’t an email for November, because I got busy, but it was just going to be about Thanksgiving stuff.” They’re like, “That’s sad! I want to read about the Thanksgiving stuff?” Whoa! Missed opportunity. A better way to do things than collecting emails with your trials is to create some specific incentive. For example, Ruben from Bidsketch uses beautifully designed templates of proposals, and says, “OK, I will give you a beautifully designed template of your proposal.

You can turn around and make this into money, and all you need to do for that is to give me your email address, so I can email you a link to it.” Works very, very well. You can see incredibly high conversion rates to this, and the people who convert to, “I care enough about beautifully designed templates to give an email address, just to get a link for a download link for them” are not the kind of folks who hang out in Hacker News like it’s their job. It’s the people who really care about this. They make really great prospects for selling to. Third way…

Male audience member:  [Paraphrased] That doesn’t mention that he’s going to send you an email, though.  Isn’t that a no-no, permission marketing wise?

Patrick:  I think it actually does, I just cut it off with the screen grab.

Male audience member:  OK.

Patrick:  A different way, and this has vastly higher development costs, but you should consider doing it. Make a one‑off tool, gate access to the one‑off tool based on giving your email address. For example, WP Engine does this kind of well. [Patrick notes: See here.  Disclaimer: client.] They have a tool that will tell you if your website is slow, and it takes a few seconds to run and whatnot, so rather than just doing Ajax refresh, they’ll say, “Hey, we’ll send you a link to your report when it’s ready,” and they give you a little option there. “Hey, in addition to hearing whether if my website is slow, I’d also like to hear a one‑month course about how to fix that, and make it more scalable, make it more secure, and whatnot.” Get Jason drunk later, and ask if this works or not. This sort of thing can provide very focused, valuable leads for you, and it’s like a great transition moment into the first couple of emails from you. Let’s talk about that.

There’s a cycle here, of how sales‑y you get. Someone’s coming off the Internet, they don’t trust you, they don’t know you from Adam. For your first couple of emails over the course of a month, and you might send six emails or eight emails over the course of the month, depending on how much of a high‑touch complex sales process your service requires. For the first couple of emails you focus on trust building and education, and that’s it.

If you were just talking about someone’s website is slow, say, “Hey, thanks for signing up for the WP Engine one‑month course on improving your WordPress site. Here’s three ways you can make your website faster.” Very focused on value for the customer. Minimal, if any, sales content for WP Engine.

Then, over time, as you have built up credibility with the customer over three emails, they’ve seen your name in their inbox, they’re starting to associate it with your problem domain, and they’re getting value out of it, you start getting a little more sales‑y, and you push up that sales‑y to the maximum point. Then if they don’t buy it by the maximum point, they’re probably not ready for your offering. Back down a little bit, go more on the education again, and then try it again, but sell a different product offering. For example, a different plan.

I just threw up a random thing here for a template for an email that educates someone about something. It’s not really rocket science, it’s the three‑paragraph hamburger essay that you all learned to write in sixth grade. I hesitate to say this, but don’t be afraid of dumbing it down too much. You all live in your problem domain many, many hours a day, for months, weeks at a time.

Most of your customers are not super‑awesome ninja rock star experts at your problem domain, so teach them the basic stuff, because most people in your problem domain are beginners or intermediate, not super experts. Feel free to share of your knowledge, and answer basic questions that they have, and then at the end, just say, “Hey, do you have a question about this? Send me an email. I read all of them.”

Almost none of you have less than hundreds of thousands of customers, would feel any burden from getting email back from this, because most people think, “Oh, he doesn’t really mean that.” In fact, you will get emails saying, “Do you actually read this?” and then you fire back, “Yes! Signed, CEO.” I guarantee you if they have money, you’ve just got a customer for life. Even if you have hundreds of thousands of customers, like this for “Bingo Card Creator,” the email load is manageable, and you can give options for more and more things to do to convert.

When you’re getting into sales‑y hump on the graph, what do you do? First, you eliminate all decision making that they need to do, aside from, “Do I accept the offer, or no?” which means, if you have four plans, you don’t say, “OK, go to the pricing page and pick which of the four plans is worth it for you.” No, give them a recommendation.

Say, “Most of our customers find that this is the best value, you should buy this. Here’s the reasons why you should buy this. It will solve your problems, it will solve your problems, it will solve your problems, your life will get better, your problem’s solved. You, you, you, you, you, you, you, you.” Offer them a time‑limited bonus. “Yeah, you could have gotten to that pricing page at any time over the last 365 days, but if you take me up on this offer in the next seven days, I will give you something cool.”

It’s up to you what that something cool can be. For many of you, assistance directly from the CEO in integration is a really compelling offer, because wow, you can’t get that anywhere else. Wow, their perceived value for that is very high, and it immediately addresses one of the objections that they have for using your software. It’s like, “Oh god, I have to integrate that. I have to copy‑paste scripts into my web page.”

We’ll do the copy‑pasting for you, and thereby earn your loyalty for the next several years, and several thousand dollars of customer lifetime value, and it will actually be done by a freelancer that we’ve hired and told them how to FTP stuff. I think I stole that one from Rob, works pretty well. Pre‑answer all of their objections in the email, and on any page that you link them to. This is what we were talking about earlier in the tear‑downs.

When you’re talking to customers, you’re hearing their objections, “The price is too high.” Find the customer testimonial that says, “Oh yeah, I winced, but man, it’s so worth it,” and put that right on the page about answering the pricing objection with, “OK, here’s how you calculate the value for this. It’s a screamingly good deal for you. It will save you hundreds of hours of employee time, for only tens of thousands of dollars.” How do you learn about writing email and copy‑writing better? I suggest signing up for a lot of email and getting it from people, because they will convince you to buy all sorts of stuff.

Seriously, Ramit Sethi, did a call out to him earlier, he is a genius at this. He’s a friend of mine, I know he sells info courses for a living, and I’ve never bought an info course on anything. I was reading his email, I sent him an email at the end of it, because he says, “I respond to all of my emails.” I’m like, “Hey, Ramit, this is Patrick. I would crawl over broken glass right now to hand you my credit card. Wow.” Seriously, get his emails. They’re good stuff.

In addition to teaching you how to write email better, they are genuinely worth your time if you’re concerned with increasing your career and/or freelancing business. The Motley Fool does investment advice. It’s bad investment advice, but they sell it really, really well. For any sort of scummy market, like online nursing degrees or anything, people who are paying $100 plus just to get an email for that, probably know what they’re doing or they would be bankrupt already. See what works and use your powers for good, not evil.

Improving The First Run Experience Of Your Software

[Patrick notes: If you'd like to hear me talk about this in a lot more detail, go to training.kalzumeus.com and give me your email address.  I'll give you a 45 minute deep dive into this topic, totally free.]

More specific to software people, let’s talk about the first‑run experience of your software. Hands up, who here knows how many people come back to using their software after the first time, like that is something we check? OK, there’s a few hands going up here. Almost everyone should check that.

For those of you who aren’t checking it, I’m just going to tell you the numbers right now. It is between 40 and 60 percent of people come back after using it the first time. Which, subtract from 100, 60 to 40 percent of people never use the software a second time, because they did not perceive much value in the first‑time use of your software.

They got bored of it after 10 seconds, or within five minutes, so you should make that first five minutes of the software F‑ing sing. It is the most important five minutes in your lifetime, because every subsequent use of the software is gated based on surviving that first five minutes that most of your users are not surviving right now.

Can you just show your software here? Who here thinks that this is a fun first five minutes for software? Microsoft can get away with this, because your first five minutes with using Microsoft Word were probably in 1992, and you had to do it to pass a class, and Microsoft is Microsoft, and you absolutely have to use this if you want to work in the information economy, but it’s kinda sucky.

There’s just so many options here, it starts you with a blank screen, and you have no clue. If this was a free trial product, what do I do to get value out of Microsoft Word, to make the decision on the go or no‑go for buying this? Microsoft, that isn’t really a problem, because you’ve already bought this if you’re seeing this screen. If this reminds you of your software at all, if you drop people into a blank screen, that is a huge failure mode. You’re going to fix that. How?

You script their first five minutes like it is the invasion of Normandy. “You are going to do this, and then you are going to do this, and then you are going to do this, and then you are going to do this, and then you are going to be F‑ing happy.” Can I give you a great example of that? Who here has played “World of Warcraft?” OK, a few hands. Who here managed a raid guild in “World of Warcraft” for a few years? OK.

The first five minutes of “World of Warcraft” is literally, you talk to this guy, there’s a big exclamation point on his head, and it says, “Right click the guy with the big exclamation point.” You right click him, and he says, “You need to save the world from a wolf. There’s a wolf behind you, you can kill it with Z. Z! Z! Z! Z! Z! Z! Z!” So you Z, Z, Z, Z, Z, you kill the wolf, you go back to the guy, he’s got another big exclamation point, you right‑click, because you’ve learned that that works in the world.

He says, “Great job! Save the world, there’s 10 wolves, kill them! You get Z and X this time. ZX! ZX! ZX!” So you ZX, ZX, ZX, and you have a feedback loop where it’s both teaching you on how to use the software, and you feel like, “Yeah, I’m the powerful level one gnome mage that’s has got to spend the next 3,000 hours of my life playing this game,” but it’s a great, awesome experience for you.

At the end of five minutes, you’ve accomplished something, and you’ve learned how to use the software. All of your software should be that addicting. Sign up for the free trial of “World of Warcraft,” play the first five minutes, then stop!

[laughter]

You measure their activity, then you use A/B testing, like we talked about last year to change their activity. This is where the growth hacking comes in, and making sure the designing of their first user experience with the software is actually motivational. Here’s the, “If you’re going to do this, then you’re going to do this, then you’re going to do this, then you’re going to do this” funnel for “Bingo Card Creator,” instrumented out in KISSmetrics, which is, by the way, the way I would go if I had any budget at all to spend on it.

I don’t know what I spend on it, it’s probably like $150 a month, or, you know, nothing. [Patrick notes: I literally was unsure of this until I checked with my bookkeeping software a moment ago.  It was indeed $149.  Relevantly to other SaaS businesses: what does this suggest about the resistance to spending any figure between $50 and $500 at my business?  Right, I don't care in the slightest. So charge me closer to $500 than you do to $50.  If you provided as much value as KissMetrics does I'd pay without a second thought.] You can write arbitrary code to do something like this, and just throw it into a file if you need to. You can see here where people are falling out of the funnel, if you’re into Bingo Cards, like that’s your life, and you can try things to get them to actually work.

I don’t really have enough time to talk about what really worked here, but the punchline here is that a particular intervention increases the amount of people who successfully get through to printing a bingo card with “Bingo Card Creator” by 10 percent. From 60 percent to 70 percent, which is really powerful for me.

If you read my blog, I’ve blogged about what exactly this was. It actually didn’t increase sales, weirdly enough, but similar things that I did with only two hours of work increased sales by 16 percent for two hours of work, durably. About tens of thousands of dollars for two hours of work, very motivational, you should probably do it. You fix the weak spots in the funnel that you’ve identified, once you have the funnel‑analytics in.

Here’s just some examples of things that work for Bingo Card Creator. Probably not too motivational for you, but they paid for my wedding, so motivational to me. Dan gave a great example earlier in the Growth Hacking talk [Patrick notes: Dan Martell's talk is available here], about people that have just signed up, and they can tweet something, but they weren’t really planning on tweeting something, and they don’t know what to tweet so they don’t tweet, and then they go away and never use the app again.

You say, “Hey, you should tweet something right now. Let me give you 10 suggestions. Pick which one you like.” From six percent of the people went through and actually tweeted something, to 70‑plus percent of people tweeted something, which is a huge, epic win in activation. “Activations” means happy use of the software. I guarantee you if you haven’t optimized this at all, you can achieve extraordinary gains in activation for not all that much work.

The thing that worked for Appointment Reminder was implementing a tour mode. What’s a tour mode? Appointment Reminder has sub‑optimal things about the way the market uses it, in terms of getting people through their 30 day free trial. I actually collect credit card at the start, and then they get 30 days to decide whether they want to cancel or not. The problem is that people typically make their appointments for the customers well in advance.

By the time the 30‑day mark rolls around, Appointment Reminder might not have actually reminded a single customer about appointments, because they were scheduled that far in advance, so that’s sucky. They get to the last day, they get to the email, it’s like, “Hey, we’re charging your credit card in 24 hours. If you don’t want that, cancel.” They think, “Oh, this hasn’t really done anything for me, cancel.”

Rather than making it take six weeks for them to perceive value from Appointment Reminder, and to have people come in to their massage therapy practice, or whatever their business is, I wanted to expose that value to them in the first five minutes. So I dragged them by the nose through using the software. Instead of calling their customer, I made a special little mode that would call them instead, and say, “Hey, this is your fake appointment reminder. If you actually had an appointment, it would be five minutes from now. Click ’1′ to confirm it.”

Bing, they click ’1′. “Great. That’s the experience your customer gets, now let me show you how to do that generally.” It walks them through this crazy, obtuse interface, because I’m not an interface designer. Says, “Yeah, put in (555) 555-5555 for one of the clients, and we’ll schedule an appointment for them.

It walks through every step of the work flow, and tells them, “OK, and this is where someone might actually cancel your appointment. Normally that sucks, but we’re going to send you an email, and that’s going to make you money. Isn’t that great? You’re having fun now.” Tell people they’re having fun now. That’s a big secret in Vegas. I bet there’s people running around in skimpy dresses with a lot of alcohol in their hands, trying to tell you all the time, “Hey, you’re having fun! Hey, you’re having fun! Hey, you’re having fun!”

Because if you tell people they are having fun and getting value from the software, they will tend to believe you. Create value, but also tell them that you are creating that value. If there is a social or viral component in your software, if you tweet about using the software, if you invite your friends, if there’s some sort of friends‑list management, first you should probably pre‑populate that friends list using anything that you can possibly do, because people hate managing friends lists.

Make sure that that goes in in the first five minutes, because it will greatly increase your viral factor, and that literally makes or breaks businesses. Zynga obsesses about this. Not a win for the world. Dropbox obsesses about this, that was a win for the world. If, on the other hand, your software requires a lot of data entry, like you’re mocking up things, or creating documents, or making bingo cards for people, figure out a way to eliminate the data entry as a prerequisite for actually getting the fun use of the software.

Maybe give them sample templates that they can use, or just put in fake data, and give them a “Blow away the fake data” button. This is a very deep topic. I have a 45‑minute deep dive available at training.kalzumeus.com. I’ll tweet a link to that later. If you give me your email address, you can download the video at any time. I’m actually not trying to sell you stuff. In fact, when I actually have something to sell you, send me an email and say, “I was at Microconf,” I’ll give it to you for free.

A Brief Digression Into The Scintillating World Of Running A Software Marketing Consultancy

Patrick:  [After consulting briefly with the audience, I decided to talk about consulting for a moment.] What do I do? We talked about this earlier, the way to extract money from any company is to promise them one of two things. Either you’re going to increase their revenue, or you’re going to reduce their costs. I’m kind of terrible with firing people, and that’s the best way to reduce costs for most software companies. But I’m kind of good at scalably increasing revenue, so that’s what I do. By trade, I am a programmer. If I was less savvy about this, I might describe myself as, “I’m a Ruby on Rails developer who knows a few things about a few things.”  Ruby on Rails developers might be hard to hire right now, but they’re hireable. If you have $200 an hour, you can find Ruby on Rails developers. But don’t compete with all the Ruby on Rails developers in the world, because Github is lousy with them.

Instead, say that you are giving an offering that will increase their revenue by a lot.  I can point to particular customers of mine, that they will find very credible within their space, and say, “We worked with Patrick and then our revenue durably did a stair‑step function.” I said, “What is stair‑step 100 percent increase in sales of your software as a service product worth to your company, if you have $10 million of sales right now?” “Oh, that would make our sales $20 million.”

“Oh, great. Then I’m pretty cheap compared to the $10 million marginal revenue you’ll get,” and you get very little push back on prices, no matter how much you bump it up. Scarily low. Yeah?

Male audience member:  When you make that sale, how do you guarantee it, or say, “If I don’t reach this, you don’t pay more than that,” do you know what I mean?

Patrick:  No. [laughter]

I’m sufficiently credible about this thing. I think most of my customers actually succeed, because most of them invite me back. Let’s say a week of my consulting rate is similar to the fully‑loaded cost of hiring an engineer for a month. [Patrick notes: That was a good ballpark figure a year ago.  My consulting rate tends to increase over time as I get more successful engagements to use as references, get pickier about what clients I take on, and just start writing higher numbers on proposals.] If you have an engineer work for you for a month and the product fails, like most products do, the engineer doesn’t give his salary back, right?

Plus the pricing structure would be very radically different if there was downside to me, if it didn’t work out. If there’s downside to me if it doesn’t work out, there should be substantial upside to me if it works out, so if I double the sales for the company, I think as a close approximation I should own half the company afterwards. I’ve actually used that line on people before [Patrick notes: In case it is not obvious, no well-run company anywhere would even consider that payout structure], and they’ve been like, “Oh, that’s cheeky! But we’ll go with the cheap option.”

[laughter]

Where the cheap option is $20,000 a week, or whatever. That is just a representative number, that is not a quote.

[laughter]

How did turning down $700,000 work out? I went to a company in a far‑off land, which is not the United States, because the United States is a far‑off land for me, but a different far‑off land, and I did some stuff. Can I talk to you about what the stuff I did? Hmm. I can’t talk about specifically what the stuff I did, but if you’ve listened to my conference presentations or read my blog, you know that I really like A/B testing, and I really like Search Engine Optimization.  I really like, say, designing the first five minutes of software, and I really like, I don’t know, redesigning purchasing pages to extract more money from businesses that don’t care about how much money that gets extracted from them.

I did some combination of those things for a particular software company, and made them a lot of money. A company that was making X, so say eight figures of revenue, went to a different eight figures of revenue. But there’s a lot of play in the eight figures range.

[laughter]

That was after working for them for two weeks. The CEO said, “Hey, at the rate…” It’s kind of embarrassing for me, but the rate I quoted them was $20,000 a week. Why am I embarrassed? Because part of me has always thought that I’m really not worth that, and I’m just good at bamboozling people.  [Patrick notes: Nagging doubt monster!]

[laughter]

This engagement was the one that turned it around, because one of the things I generally insist on is, “OK, I like this metrics stuff, I’m going to get metrics for the before and after. We’re going re‑test, and we’ll see if this actually worked.” We came back two weeks later and we looked at the metrics, and I’m like, “Oh, I must have mis‑implemented that,” and he says, “The bank account disagrees with you.” I’m like, “Oh, oh, wow. Oh, wow. Oh, wow. Oh, wow.”

He said, “So, what was it? $20,000 a week, or whatever we’re paying you?” A CEO doesn’t even know, that’s not a motivational amount of money to a CEO at an eight figure‑a‑year company, despite the fact that it’s kind of a motivational number for me. He said, “What was it, $20,000 a week? So if you consult 50 weeks a year, that’s a cool million.

“But you can’t actually consult 50 weeks a year, so there’s overhead and whatnot, and you have downtime, and you have to go to conferences to meet people like me, so let’s call it a 30 percent haircut to that, so that would be what, $700,000? Is $700,00 a motivational amount of money to you?” [exhales loudly] I’m like, “Wow, wow, is that on the table?” It’s like, “I’m the CEO, we’re sitting at a table, bam!”

[laughter]

My life flashed before my eyes, and I’m like, “Wow! Wow! Wow! Wow! No, Wow!” I guess the follow‑up question to that is, “Why did I say no to that?” Consulting is the right thing for me right now. I have a wedding to plan for, I have two weddings to plan for, one in Japan, one in the US. People with iPads are successfully convincing me that I’m probably still in your position, but for the consulting business.

I’d love to help you by coming here and spreading knowledge, and talking to you, and taking your emails any time my email is up on the screen. Doing it as a day job again is not something that’s motivational for me, even for more tea than there is in China, I think is the expression. $700,000 is a lot of tea!

[laughter]

Patrick:  Sorry, not meaning to brag there. OK, questions?

Rob Walling:  Can we get a round of applause first? [applause]

[Patrick notes:

My recollection is that I said something here which unfortunately did not make it on the video, but it is more important than the rest of the speech put together, and since this is my blog I think I'll take a moment to say it again.  All the speakers at Microconf, and many of the attendees, receive substantial support from their spouses and families, both in the sense of "Hey honey, can I fly to Vegas to talk with some quirky software people?" and in the day-in-and-day-out support for the entrepreneurship career choice.  That's sometimes risky and sometimes involves annoyances to families that people don't generally have to deal with when their spouse is in 9-to-5 employment, in everything from quirky hours to weird comments from friends/family to the inconsistency relative to biweekly paychecks.  We should recognize the support of our families as being instrumental to our business/careers, and also keep in mind that they are, ultimately, stakeholders in the business, with a claim superior to even employees/investors/customers, because at the end of the day they'll be with us when the business is, as mentioned earlier, but dust and memories.

The attendees at Microconf joined me in giving a standing ovation to the (numerous) family members who had made it out for the conference, and also for the folks who were supporting attendees from home.]

11 Comments

Kalzumeus Podcast 4: Apps That Matter, Angel Investing, and B2B Sales with Matt Wensing of Stormpulse

Matt Wensing from Stormpulse (disclaimer: I’m an investor, long story below) generously took some time off of managing the nation’s severe weather risks to appear on our podcast.  (Keith Perhac couldn’t be with us when we taped this, as he was celebrating the birth of his second daughter.)  It’s been about six months since our last episode but I think this probably makes up for it, as it’s a cracker of an episode.

I apologize in advance for my audio quality — I was calling internationally from an iPhone.  If you’re an audiophile, we have a transcript below, as per the usual.  As always, the transcript includes notes from me [Patrick notes: called out like this.]

What you’ll learn in this podcast:

  • The long arc of Stormpulse’s transition from a bootstrapped freemium weather site to being one of the four links on Obama’s dashboard
  • Why Stormpulse had a difficult time raising funding early, and how they eventually overcame this
  • Some actionable tips on how you can avoid Valley pathologies if raising is in your future
  • How to think about pricing and selling a critical B2B application, and how to move from scalable low-touch sales to high-touch Big Freaking Enterprise sales

If You Want To Listen To It

MP3 Download (~96 minutes, ~88MB) : Right-click here and click Save As.

Podcast format: either subscribe to http://www.kalzumeus.com/category/podcasts/feed in your podcast reader of choice or you can search for Kalzumeus Podcast in the iTunes Store.

Transcript: Growing Stormpulse From Humble Beginnings To The White House And Beyond

Patrick McKenzie:  Hi, this is Patrick McKenzie for the the Kalzumeus Podcast. Keith Perhac can’t be with us today, because he’s celebrating the birth of his second daughter. I’m here with Matt Wensing, who’s the founder and CEO of Stormpulse.

Matt Wensing:  Hey, how you doing, Patrick?

Patrick:  I’m doing great, Matt. Thank you so much for taking the time to have a podcast with us today. I was just looking back at Hacker News today, because I gave it up for Lent, but now that I’m back and can check [on the thread we met on], I realized I have known you for exactly 1,300 days.

Matt:  [laughs]

Patrick:  You had your first HN post of Stormpulse about three years ago or so, give or take, and it was a like, “Rate my brief elevator pitch,” and I gave you some advice on that.  We started our email correspondence after that. For those of us who have not been following you obsessively for the last 1,300 days, what is Stormpulse?

Matt:  [laughs] Yeah, first of all, thanks. The HN connection is definitely fun. Stormpulse, it started out really just as a project and an idea that I couldn’t get out of my head, because a bunch of hurricanes had hit south Florida, which is where I was born and raised. It ended up growing up from just being a project that I worked on in nights and weekends, into a fully fledged organic startup idea, as Paul Graham would say. What it is today is for business, particularly those that have a lot of assets all over the United States. We do real time weather monitoring for them. You think of it for this crowd, maybe as server monitoring, where obviously, you want to watch and see how your servers are doing. Well obviously big companies, especially those in logistics and supply chain spaces, want to watch over their infrastructure and physical goods.

We created a tool which is what Stormpulse evolved into that lets them add all their assets to a home grown, we built it from scratch, weather map, and monitor how the weather is going to potentially impact those locations over the next three to five days in particular. That could be anything from hurricanes to tornadoes to flash floods, or even just a lot of rainfall on some afternoon that delays a shipment.

Patrick:  The first time I heard this idea, I was really, really taken with it because I lived in Japan throughout my adult life. We have a very particular understanding of the dangers of severe weather here, but I know some folks from the US did not connect to it as strongly as I do. Can you just briefly give me a description of “why would somebody who has billions of dollars of capital in the path of a hurricane care?”  [Patrick notes: I am paraphrasing a few comments Matt received earlier.]

[laughter]

Patrick:  What are the decisions they are going to make happen based on the information Stormpulse give them?

Matt:  Yeah. Obviously the knee jerk reaction is, “Well, of course they care.” To get into a little bit more depth, there’s really three phases to it you can think, was really the before, during and after phases. Before an event like that, you want to take every precaution you can to not only put things into safety and out of harm’s way, but also optimally position things that you’re going to need during the event or after the event. Then, of course, during the event you need information so you can make decisions about who is doing what right now, how bad really is it, what are the effects, and should I really be worried about what’s going on under that red or purple cyclone over there? Then after the fact there’s businesses who, entire businesses only after one of these events goes through, you have everything from rebuilding to restoration to optimally moving in disaster relief efforts, and frankly even just plain old capitalism.

You have people like Wal‑Mart who come in after a disaster and say, “If we come in there with a boatload of chainsaws and a stockpile of cash, we can do business with a bunch of people who need chainsaws and don’t have electricity.” There’s just a lot of economic implications for these kinds of events, and we just love digging into all of them.

Patrick:  Mm‑hmm, yeah, and that totally tracks with my experience. I’ve blogged previously about my very minor experience with Japanese disaster management before.  I worked in back end systems for a Japanese university. We’re largely concerned about getting the information to people before the tsunami makes landfall, is pretty much priority number one. Weather risk management is software that obviously makes a huge difference, both for protecting people’s lives and property. Because we have lots of tech folks who listen to this podcast, let me just talk to you briefly about the technology behind it. I loved the idea when I heard about it, and the moment that this really dropped my jaw about the technological aspect of it was when you said you wrote your own JavaScript mapping engine.

Matt:  [laughs] Yeah, yeah. We approached this as a labor of love, which meant that we wanted to do everything the quote/unquote “right way.” We took a look when we started out at Google Maps, and Google Maps really did not cut it for us because we wanted to create a weather map. While Google Maps is a fantastic map for everything from bike tours to self‑driving cars and all that stuff, it really isn’t the best cartography for displaying the weather. That left us with two choices. Either compromise on the initial vision, which we were just starting out, so why would you ever do that? Or create our own mapping, so that’s what we did. I spent a fair amount of time just getting my head around…

I’m not one of those math comp sci major, so I’m not super fluent in a lot of mathematics, geometry, trigonometry, but I got up to speed really quick. Spent a lot of time on Wolfram Alpha and learned how to get my head around map projections, and got the imagery from NASA and compiled it with some clouds that I found from a guy at Cal Tech. Yeah, we actually built an entire mapping stack from nothing.

I still remember sitting there staring at my editor, which was basically blank, going, [laughs] “This is the start of a very large application, and it’s totally blank.” But I was fueled by passion and got up really early, and the rest is relatively recent history.

Patrick:  Yeah, you’ve been doing this for, what is it now? It’s almost as old as Bingo Card Creator so seven or eight years‑ish, I think?

Matt:  Yeah. I had the idea in…Those storms were going through Florida in October of 2004, and that meant that I was…Yeah. I had the idea in October 2004. I still have the blog post actually on Blogspot, where I was mulling this over and just had this idea of, “Yeah, I’m going to work on this thing.” October 2004, coming up to in a few months October 2013, which will be nine years since I had the idea.

Patrick:  Oh, wow, so actually even older than my business.

Matt:  [laughs]

Patrick:  It’s funny that I am comparing our two businesses, because yours saves people’s lives, and mine makes bingo cards for elementary schoolteachers.

Matt:  [laughs]

Patrick:  The Internet is a funny, funny thing.

Matt:  It is.

The Best Startup Customer Acquisition Anecdote You’ll Hear In 2013

Patrick:  I’ve got to admit, every time I hear about your business I have the, “I wish I was working on a bigger problem,” pangs of envy, something I’ve heard from other people. Then, of course, there’s the other pangs of envy inducing story. You have a very famous customer of Stormpulse, right?

Matt:  Yeah.

Patrick:  Every time I tell this story to people they don’t even believe it, so let’s get it on the record, so I can refer people to it in the future.

Matt:  Yeah.

Patrick:  The way I remember the story, and like my father I often embellish on stories I’ve heard once, so feel free to tell me if I’m lying about this. You were sitting at the kitchen table with your son one day doing the bootstrapper dream of sales call with one hand and a bowl of cereal in the other, and you got a phone call from somebody, and called him back. That was Dan.  Where did Dan work at?

Matt:  Yeah. I got a voicemail. I read the voicemail and I could hardly believe it. I told my child that I had got this phone call, and they said they never heard that before. That sounded pretty outrageous to even them, and I think they were probably six or seven at the time. Then before I could even call them back they called me back, and so I ran upstairs to my home office so that I could have some peace and quiet and sound professional. Sure enough it was the White House Situation Room, which meant that it was literally the basement of the White House. [laughs]

Patrick:  Yeah. For folks who are not the American audience, the White House Situation Room is the nerve center of the White House when they’re doing something that is breaking real time related generally to national security. That’s where President Obama and the team were when they caught Osama Bin Laden. It’s where they command disaster relief efforts and what not, so it is a big deal.

Matt:  Yeah, and the amazing part, Patrick, was that they left me their phone number as if it was my neighbor next door, I guess, with all the confidence in the world that if I abused that phone number there would be easy tracing and repercussions. But I called them back, because actually, when they called me back, I didn’t get to ask them if I could somehow capture an image or something that proved that they used it. Then I’m spending all afternoon here, I remember sitting at the lunch table with my wife and telling her this story. Her thought was, “Well, you should have figured out some way to get their name or get proof that they used it.” I built up the gumption to call them back, and sure enough, it rang. I was expecting them to say, “Thank you for calling the White House. For gift shop, press 1. For tours, press 2.”

But sure enough it just rang and rang. I think it was one and a half rings and somebody picks up the phone and says, “Situation room.” [laughs] At that point I thought maybe I had called the red phone. The very first thought I had was black helicopters. The second thought I had was “This is not urgent, so please don’t…”

I wanted to somehow explain that I’m not really trying to prank you by calling you from my bootstrap SaaS business, I just have a genuine question. The person I was calling wasn’t there, but he said she could call me back. Sure enough, she did.

But between the time between the time I hung up with him and she called me back, I found out on the White House blog, at WhiteHouse.gov, there is indeed a tour of the situation room that they have recorded in public domain mpeg, and I was able to capture a screen shot of that tour, and put it on our website. Since it’s public domain, I think I can have free conscience and liberties to use it as much as we want.

You can actually see our product being used in the basement of the White House. Which, yeah, it’s hard to explain, really. [laughs]

Patrick:  For those of you keeping track at home, not only has Matt bootstrapped a company with the rest of his team which protects life and property using a SaaS application, but they bootstrapped it to the point where rather than going to NOAA, National Ocean and Aeronautics Administration, getting data directly from them, the folks at the White House preferred to consume that and make consequence and decisions affecting millions of Americans directly through Stormpulse.  [Patrick notes: Stormpulse owns no satellites or weather monitoring stations.  They consume NOAA data which is available in the public domain, and transform it from GBs of opaque CSV files into predictions like "The factory which makes the widget that you're running low on has a high probability of closure three days from now as a result of this hurricane", which lets the user take consequential actions like "Put in a rush order at our alternate supplier so our main production line doesn't block on lack of input 6 days from now."  When factory lines go down that can cost in the $X00,000 region an hour.]

Matt:  [laughs]

Patrick:  Man, it’s like I’m doing a sales pitch.

Matt:  [laughs]

Patrick:  If I wasn’t totally convinced that Stormpulse was going to take over the world when I first met Matt and was talking to him the last couple of years, when I heard the White House story, didn’t the White House initially send you a feature request?

Matt:  Well, what they did was they just really had a question about…Oh, that’s right. I did see them come into our database as, what was it, it was somebody’s name at NSC.EOP.GOV, which went right over my head at first, but when, when I was trolling through our records, sure enough. I figured out what those acronyms mean, which was National Security Council, dot Executive Office of the President, dot gov. Then I believe it. [laughs]

Patrick:  Let’s see, so there’s again, feed you the stories. The one I heard from you is that there’s a particular user of the Stormpulse application that has to remember a lot of passwords and didn’t like having to remember one more, so there was a feature request made with regards to that user.  Can you tell us the story?

Matt:  Yeah.  We had just done a new release of the software which bumped the price, and a customer called to ask if they could get a feature request as part of the upgrade.  They wanted to know if we could make sure that it did not automatically sign the user out. They wanted the login cookie to persist indefinitely. I said, “Well, good news is our application already works that way because we have a lot of people in enterprises that don’t want to have to remember all these passwords, and it’s up to them to sign out.” He said, “Well that’s good because, if the guy goes to use it and it signs him out and he has to remember a password, that would not be good.”

I dug into this about the guy and I learned that it’s outside a conference room in the White House, and so I said, “Well, I’m imaging there’s quite a lot of conference rooms.” He said, “No, this is the only conference room that he uses. There’s a kiosk outside, and Stormpulse is one of the three or four short quick link applications on that, and they just want to make sure that it’s always signed in for *cough* Mr. Sir.” [laughs]

Patrick:  You heard it here first, guys. This is Traction with a capital T even if you don’t have two hundred million free users, which we’ll talk about later. Every time I tell this Stormpulse story to people, they can’t believe it. I’ve been called a liar to my face by people, so hah, there you go. In addition to various highly-placed users in the United States government and folks all over a bunch of industries that really care about stuff not being destroyed, Stormpulse is a B2B application right now, so anyone can sign up on the website to start using it in their business.

You’re doing really well in that since last year, right? We’ll talk a little in the call maybe about the difference between premium and the pricing model, but up until last year, you had a premium model where the vast majority of people paid you nothing and then you were trying to sell it to business. You switched completely to a business model and how’s that been working out for you?

Matt:  Yeah, we put up a paywall very quickly last April. Quickly because it was two guys and things were under crunch. We put up this paywall not knowing what would happen. We had about 6.5 million unique visitors in 2011, and out of those 6.5 million, we had almost 1,000 customers sign up. So, 6.5 million freebies was nice and all, but having a customer base is even more exciting, I’ll say. Certainly a different phase, there’s lot of stories that come from the free, and there’s actually lots of benefits in terms of distribution, so I won’t say it doesn’t have its benefits, but there does come a time where you should make money, and that’s the phase we’re in now.

It’s definitely turned a good corner, you might even say pivot, and yeah, here we are now in this pay‑only model. We have a free trial, but the freemium product has been retired.

Patrick:  Great. Because this is largely targeted to large businesses, government organizations that, again, lives and property are on the line, so this isn’t exactly like a project management application that you sign up with your credit card and pay $20 a month for it. Your price point start at the high hundreds a year region and go up drastically from there for the enterprise stuff, right?

Matt:  Our single‑seed price this year is $750 for the year for the year, for one user, which is like a mid‑grade SalesForce subscription if you wanted to do it monthly, although we bill annually which is good for cashflow. Our pricing goes all the way up into five figures depending on how many seats you want to get and now we’re starting to think and talk about enterprise which is even bigger than that. That’s all of our whole breadth.

Patrick:  Switching gears a little moment: I keep wanting to claim credit for something about Stormpulse so I’ll claim credit on the prognostication that I knew you guys were going to take over the world a few years ago.

Matt:  [laughs]

How Stormpulse Got Angel Investing After Having A Bit Of Difficulty Raising It

Patrick:  Apparently, the rest of the world did not, and it sucks to be them. [Patrick notes: I let a bit of anger in here, as there's a long, long story about Matt and company getting treated shabbily in their first fundraising attempts, and I view their subsequent success as a rich comeuppance.] Sorry, maybe that’s a little negative. Let’s talk about angel investing. I think this is a time to put a disclaimer. I’ve never been an angel investor before, but we talked quite a bit about angel investing last year, and in the process you eventually letting me put money into the company. Thanks.

You had been bootstrapping this for quite a while now and tried raising a few years ago and I think largely it’s because you were not in the Valley that did not exactly go over as wonderfully as you would expect given the success of Stormpulse.

Many of the folks who are listening on the call aren’t as up on angel investing as the two of us are. Why don’t we talk a little about what it is? Why you would want to take it for your business? What your experience was trying to raise outside of the Valley and what your experience is now. Also let’s talk about how the mechanics work.

Matt:  Sure. Yeah, sounds great.

Patrick:  Basically, angel investing is typically people investing on an individual basis, largely, wealthier individuals, called accredited investors usually, who are independently wealthy, often in the tech industry as a result of running their own tech businesses, who give money in return for equity in growth‑oriented businesses.  Angel investors have the expectation that that business is eventually going to exit, either by selling to a larger enterprise or either by IPOing on the stock market and they hope that they’ll get their money back when that happens. This is more of what Paul Graham would describe as a startup where you’re aiming for growth, and going to get very big rather than aiming for a consistent return over…like so many compounded returns over the long term and returning dividends. We talked extensively over the last couple of years prior to you making the decision to seek angel funding over like what it would do for you personally and what it would do for the business. But from your point of view, why did you think taking angel investing was a great choice for Stormpulse?

Matt:  Yeah, just to clarify and make sure I understood in there, why do I think it was or was not originally or…?

Patrick:  Both of those, I guess.

Matt:  [laughs] Sure.

Patrick:  Why did you bootstrap when you started it and what changed?

Matt:  We did bootstrap initially. I guess it wasn’t for total lack of trying to raise some money. We went to friends and family first and we actually raised about $100,000 from friends and family who you could also call accredited.  [Patrick notes: For the very persnickety people who would claim that this makes them not "bootstrapped", your objection is noted but I have very little desire to argue about the peripheral meanings of words.] But those friends and families supported us in the early years of bootstrapping where we had no business model whatsoever. We were just two guys with a product and no distribution. Then we ended up getting the distribution. Like I said we had the six and a half million visitors and we started seeking our first round of real angel funding. I know that there’s a lot of people who are bootstrap only, bootstrap forever.

I think that’s fine. I think it can become this religious war over who’s right. Which way is the right path? I do think there is a time when you sit there and you look at a business and you say, there’s no reason this couldn’t grow faster other than I need capital upfront to fund faster growth. In that case, raising money makes a lot of sense rather than looking for that linear growth to come through charging more customers more money and watching it grow.

It just grows much slowly that way. Of course, obviously, raising money at the same time implies that you’re going to grow fast, so if that’s not for you, if you don’t like the thought of growing 50%+ year over year, and by growing I mean, so you take last year and you double it, or so, then it’s not really for you. But if you have a huge market and a product people love, it makes a lot of sense. I always believed in Stormpulse certainly had a big market.

Took me a while to figure out exactly what corners of the massive world’s enterprises I wanted to go after but once we started figuring that out, then it made sense for us to go and try and to raise some money. We did a couple rounds of seeking. The first one didn’t work out too well but the second one did.  There are different reasons for that which we could get into but I’ll pause there and you can ask the next question if you want.

Patrick:  I’ll give you some of the thoughts on the bootstrapping thing.  Most of the folks listening on the call know this but I’ve bootstrapped all my businesses for the last seven or eight years now since 2006. If feel old. I perpetually have like one toe in the water of the funded startup world, which 99.95 percent is a result of Hacker News, if you spend all of your time talking to people who talked about it a lot, it will eventually pull you in.

Matt:  [laughs]

Patrick:  But, yeah… I love bootstrapping.  It iswhere my heart is. I always think that in the future, it’s possible that I continue bootstrapping forever and it’s possible that I can eventually choose to take funding for either Appointment Reminder or one of my other, perhaps future, businesses. We’ll see where the road takes me but again, it’s a decision most based on where you business is, where you want it to go, and what your personal goals are. In particular,one of the reasons that I’ve never taken it, despite several compelling offers to, is that there’s a lot of freedom associated with bootstrapping in that you are in control of roadmaps for the business both in terms of the technical roadmap, the marketing roadmap, etc.

Obviously, you have to satisfy your customers and if you have employees, you have to satisfy your employees but there aren’t other major stakeholders that you really have to keep happy. After you have any sort of professional money involved, folks can theoretically call you up and say, hey, what has my money being doing lately.

Matt:  Sure.

Patrick:  Investors might push you towards options that you might not have otherwise gone for. Not that I would call Matt up in the middle of the night and say, “Hey Matt, where’s my money at?”

Just generic advise for people trying to get money from people: attempt to raise from people who understand the business you are in. Not always an option for friends and family but if you were going to take money for investing in a tech business, from angels, like, all flowers are not created equal, it’s probably better to get money from somebody who’s in tech themselves, because they understand it, and to the extent, possible from somebody who brings knowledge to the table about your market or your industry or particular topics of interest for you.

If somebody had made their millions on Facebook games or whatever, they might not be the ideal investors for Stormpulse, simply because they don’t really have all that much to tell you about the distribution story for getting into more places like the White House Situation Room.  Come to think of it, scratch my head a little bit, I wonder how much I had to add to that equation. But I do hope that I give good advice every once in a while.

Matt:  Yes. I think you’re absolutely right. One thing about investing that people who haven’t, well, I say fundraising, because really we’re on this side of the table, that people might not have thought about before if this is their first time around is, there’s genuine value ad and there’s a fellow by the name of Patrick Vlaskovits who wrote a great post on this about what is real value ad, you can find him on Twitter @PV. But value add can actually be genuine, helpful advice or insight or rolling‑up‑the‑sleeves help. Or, there is a value ad which is the total absence of any involvement.  The derogatory way of saying it is “dumb money”, but really that means that that’s money that gets involved, that tries the meddle and mess things up.

It’s really laissez‑faire money which can also be very valuable if you just need money and a bank isn’t the answer and you’re just looking to fund something if the person is just willing to make an investment and not make a lot of demands or get involved which is to say, pretty much be silent if that’s the way they like to invest and manage things, that can also be really good for the entrepreneur. I would say you really want to be on either side of the spectrum. Either somebody who’s genuinely helpful, or somebody who just completely stays out of the way.

The worst thing is obviously people who think they’re adding value but really aren’t. Then they’re just wasting your time and theirs and adding stress. None of those are going to help you.

Patrick:  We talked from your perspective as the entrepreneur of what you wanted to do about getting angel investing.  From my perspective as the angel investor, here’s what I get out of this relationship. Primarily for me, it’s not an opportunity to make a lot of money because I have a fairly successful software business and that’s the  numbers would work out for me. My software business is going to dwarf returns from any investing I do. I really believe in the vision of Stormpulse. I’ve lived in Japan my entire adult life. There has to be better technological approaches to severe weather risk management and also we’ve been corresponding for the last three years and when I heard you were raising an angel round I wanted to do anything possible to accelerate the success of the business.  I thought in my little, sometimes accurate, sometimes perhaps not so much estimation, that the most credible statement I could make to Silicon Valley investors when I was trying to introduce you to was “By the way guys, my money is already in this.”

That’s my endorsement. You can do it too. Would you mind us saying publicly who I introduced you to?

Matt:  Yes. No, that’s completely fine. Yeah, that’s a good story.

Patrick:  I’m peripherally involved in 500 Startups which is a well regarded super angel… actually they’re closer to a mini-VC fund mini‑VC funds these days, but it’s a fund in Silicon Valley run byDave McClure, Paul Singh, and a group of other partners including  Christine [Tsai] and some folks who I haven’t met yet. Anyhow, they’re a good people. Paul Singh knew me over the Internet, and so you would be amazed how many people I could say, “Oh yeah, I’m Internet buddies with him these days,” far too much time on Hacker News, what can I say. We had swapped some thoughts about selling software which is something he used to do and something that I do on a fairly regular basis.

I went there to just say hi one time when I was in the Valley, for whatever reason. I think probably to a conference or something. He asked if I wanted to be a mentor at 500 Startups, which is all the fun of being a consultant without the complication of actually taking money for anything. [Patrick notes: If it isn't obvious from the context, that's a joke. Obviously I was happy to do it or I would have politely declined.] You just talk to people that they are invested in, or incubating, and I give them advice.

That sounded like a pretty fun thing for me, because give me a text area, and I’m physically incapable of not typing in it. Talking to startups is like having a text area with less HTML involved.

One of the nice things about having social connections like that is that, Silicon Valley is a place I have a complicated relationship with, because there’s wonderful things about it, and not so wonderful things about it.

One which straddles the line of those two, is that it’s a very relationship oriented place. It’s very difficult to raise money in Silicon Valley, if you don’t know anybody. On the other end of the ledger is, if you happen to know lots of people, you can raise money in Silicon Valley, perhaps, independent of the quality of the thing you are raising money for.

The nice part is that since I have a social “in” with 500 Startups, and with other folks in the Valley, I can do one of the Valley’s little social rituals, which is called “an introduction”, which is basically, “You, person X, should know this other person Y, I vouch for Y, ergo you should rub off some of your trust for me onto them.”

Which is pretty much the only way to get investments from most VC funds, and savvy angel investors, because otherwise they’d have 5,000 people coming out of the woodwork, talking about their new Facebook for dogs. I introduced Matt to 500 Startups, and told them that if they didn’t come to terms I would come over to the office and pound their faces in if they did not invest in you.  [Patrick notes: I didn't actually threaten anybody... but I was mentally when choosing very, very strong language in my recommendation.] Obviously you had the numbers, and the story to support it. So they did, which is awesome.

Matt:  Yeah. I think it’s worth highlighting just how important that introduction is, or is to their mechanics of 500 Startups. Dave McClure said, “If you can’t get an intro to us, you’re not really trying hard enough,” to paraphrase. In other words, it shouldn’t be that hard. It’s a test of the entrepreneur, of whether or not you can make these kinds of connections. At first, especially if you’ve never raised money before, and you’re totally outside of the Silicon Valley world, I don’t live there, so I can’t speak from direct exposure experience, but it can definitely feel, obviously, insulated, and nepotistic, and there’s all these pejoratives for it obviously. At the same time, like you said, with all the quantity of people with ideas, and napkins. Social proof in that sense goes back a long, long time, in terms of trust, and referrals.

I was just going to say, what 500 Startups is doing, by and large, is scaling social proof behind the scenes, and actually quantifying it, and using it in investment decisions much more quantitatively than say, a traditional VC, or angel. [Patrick notes: See especially the increasing use of AngelList, which does a lot of social proof based on essentially graph algorithms and some secret sauce.] Getting a hat tip from someone like Patio here is a really big deal, getting other ones from other people. Having that social network, work for you as an entrepreneur, is probably the best way to get their attention. Yes. I am greatly indebted to you Patrick, for that introduction, and I appreciate it.

Paul Singh ended up being the partner I spoke to, and just to give you the dramatic ending to that story, obviously he really liked our numbers, he thought we were, in one sense, undervalued for the amount of traction that we had, similar to you.

Patrick: I so strongly agree with that.

Matt:  Stormpulse, the reaction has been very polarized. Maybe polarized isn’t the right word, because I don’t get anybody that is strongly negative, but it’s either no reaction whatsoever, or just a dead stare, or somebody’s just foaming at the mouth excited, so if you can take that as a compliment. [laughs] You, and the other 12, or 13 angel investors in the last round, were obviously on that side. Some of them took a little bit more cajoling, convincing, proof, but they were just all really excited about the business. I find it really interesting, because what it tells me, is that when you combine that element of social proof, or trust, and you combine great traction, it just goes a really long way to making it a decision where the investor does not feel like they’re taking a huge risk. From the entrepreneurs stand point you think, “Well, I want to get investors because I want to have some risk takers on my side.” [laughs]

Then you talk to them, and the first thing you realize is, hopefully it’s not the first thing realize, hopefully you’ve listen to this podcast, and you realize it, but they don’t really want to take risks if at all possible. That’s not why they’re investing, is too take risks. They are engaging in the worlds riskiest form of investment, so that they can make some of the world’s best returns [Patrick notes: An overstatement, see below!], but taking risks is not what they’re all about.

Your job as an entrepreneur is to remove every possible risk from the equation, before you ever present it to them. Getting referrals, and thumbs up from people that they already have credibility in their network, and then having great traction, I think those are the most important. I honestly believe that once you do those, you still may find yourself in a lurch, so for us, say in 2012, before we put up the paywall, actually that was 2011, before we put up the paywall, we talked to VCs, and it was just really hard to get them to that “yes.”

They’re always looking for ways to say no. No is the default, it has to be. [Patrick notes: The default is even more insidious: it's just not getting an email in your inbox when you have been lead to expect one.] To get a yes, you have to get those referrals, so we get introductions, but our traction, because we weren’t charging money of everybody, left something to be desired, and because of that, I don’t think we were able to transition into the realm of yes.

I think the realm of yes, is that stage where the person allows themselves to get excited about the business, to the point that they, I might even say, “overlook some of the flaws of the start‑up,” because they just believe so much in what they see, in the positive trends they see. It’s obviously a very nuanced thing, and for the entrepreneur who’s going through it, I can totally identify with just how difficult, and frustrating it can be.

In order to raise just over half a million dollars in convertible debt, I think I ended up speaking to almost 80 people. I’d say out of those first 50, 49 were no, and there was maybe one yes. Then out of the other 30, we got a increasing frequency of yes’s, and toward the end it was all yes’s. [Patrick notes: This is an incredibly important point about the nature of social proof, by the way.  Matt has previously described his funding round in a single tweet: "Our seed round in 65 characters: NNNNNNNNNNNNNNNNNNNNNNNNNNNNYNNNNNNNNNNNNNNNNYNNNNYNNYYYYYYYYYYY"]

For the entrepreneur that can be a incredibly emotionally, trying experience, so part of what I offer, and if anybody wants to reach out to me after this Podcast, is [laughs] I would love to help anyone navigate that a little bit, because it is very emotional. I think the key is, the key I had inside was, how do you get the investor as well to the point, where they are emotionally excited about your business?

That’s where they fall in love with the girl, so to speak, and they say, “Yes, she doesn’t know how to cook, and yes, she also has a really annoying way that she laughs, but I don’t care, because I love her, because of this, this, this, and this.” Until you get to that point, what you find is, all the investors want to do is point out your flaws, and say, “Well, that’s why I’m not investing.”

I think that’s a little bit of a red herring, because if an entrepreneur can get investors to the point that they’re genuinely excited about your business, I think that actually atones for a multitude of problems, because no start‑up is perfect, right?

Patrick:  Almost like selling a product, right? In that, if you totally nail the emotional connection of the user to your product, the fact that it doesn’t have a sexy UI or isn’t the cheapest in the market, or what not, will be details to the customer.

Matt:  Exactly.

Patrick:  There’s so many interesting things that we just brought up there. Why don’t we start with this commentary on the Valley, and the Valley’s little peculiarities, by two people who are very outside of the Valley. Like you said, it’s a pretty insular place. Where are you currently physically located right now when you’re doing this call?

Matt:  I’m in my office in Austin, Texas. Yes.

Patrick:  Matt’s coming from Austin, I’m physically in Osaka right now which is a nice big city in Japan, which is not the usual small town in Japan [Ogaki, Gifu] that I’m broadcasting from. Clearly it’s possible to make connections to the Valley, and not physically being in the Valley. Intent by the way, there are people on the Twitters don’t dislike talking to small entrepreneur’s, hint, hint… anyhow. I could go back, and forth on how much of a barrier I think that necessarily creating a connection in the Valley is to a determined entrepreneur. My personal experience, having done sales to enterprises, and having made a bit of a name for myself over the years in the Valley is that selling to enterprises is so much harder than getting someone to make a coffee date with you. If you think you’re going to be successful in business. Getting on the radar of people in Silicon Valley, not quite as hard as you would think.

If you write three blog posts of a particular topic of interest to a start‑ups with money is enough to get you on the right peoples radar screens. Suddenly you get some sort of distribution through those blog posts, which can be an entire podcast by itself.

What Is This “Traction” Which Silicon Valley Seems So Beholden To?

I mentioned the magic of Silicon Valley where no one ever defines. I want to dig into it a little bit. “Traction.” You have traction. “We can’t invest in you, because you don’t have enough traction.” “Call us back when you have more traction”, or the most insidious form of a VC “no”, which is just, “We’d love to see a little more traction, before deciding on looking at the start‑up again.”

I will link it in the notes, but there’s a great talk between Naval [Ravikant]  and Dave McClure on what counts as traction in the Valley.  We’ll talk about it from our biased and narrower perspectives on the matter.  [Patrick notes: Much of the talk between Naval and Dave focused on B2C startups aiming at truly massive distribution via mobile apps rather than B2B SaaS companies like Matt and I run, where your user numbers are at a thousandth of the scale and your revenues are infinity percent higher.] I think folks might be intimated a bit by the “6.5 million visits a year” stats from earlier, but that is totally an achievable number.

Bingo Card Creator craters the approach to 6.5 million a year [Patrick notes: the main site is at 1.X million a year, give or take], but Bingo Card reader doesn’t have traction, because it’s not going very fast, and the market is not ginormous, and because unfortunately Bingo Card Creator has revenue, and after you have revenue, the salience of large visitor numbers drops a little bit, and then people will look at the revenue.  [Patrick notes: Also, if you tried to look at metrics of high interest to e.g. broad B2C apps, the "new normal" is 10 million monthly active users and BCC has only 10,000 or so.]

For revenue based traction, for recurring SaaS-model businesses, if you’re bootstrapping a business, and you get up to $8,000 a month, you’re in a wonderful place to be in life. $8,000 a month craters the approach of where you start getting angel investment, as long as it’s growing.

After you start to get into the low to high five figures a month, of your recurring revenue, you will start to get on progressively larger angel/VC firms radar screens. If you need a number to shoot at, that’s your number. Low five figures, and then that will quickly get you into the right place.

It can even be lower than that, if it’s growing very fast, or you have a particularly good story about the market. Like, “Everybody will be using this technology in five years.” “We grew revenues from $2,000 to $3,000 over the last month. We don’t see it slowing down.” Does that match your understanding of it?

Matt:  Yeah. It’s interesting. I agree with that, and yet obviously I would add to it, first of all, probably in the world you’re looking at, you have more experience in the month to month revenue business than I do. We charge yearly, and our business is very yearly, just because we’re B2B. I tend to think in more yearly numbers, than monthly numbers, but you’re probably right on the quantities.

My definition of traction, if I can throw it out there, is evidence that you can capture value at a rate that moves the business forward. Then the next question is, moving forward into what? Are you about to max out at $100,000 a year, or is this a $10 million a year business?

That is also proving this feedback loop, where the more traction you get, the more evidence you have that the market may be bigger than you originally thought. It’s a virtuous cycle, or spiral if it’s working out. If it’s not working out, or if it’s flat, you may say, “Well, we have six and a half million users” “Yeah, but they’re all free.”

You don’t have evidence that, that’s a business. You have evidence that you have a much smaller version of the Weather channel. [Patrick notes: I love that line.] For us traction was not until we had strong evidence that we could collect money at a rate, that let us move the business forward, which meant pursuing enterprise, hiring more people, growing a business that was on course to do in the millions of revenue, rather than in the hundreds of thousands forever, and ever.

I say captured value, because really what you’re also doing is, if you had enough free traffic, then you can make the, “Ye olde advertising argument”, which is, “We’re going to place a tax on the attention that we’re capturing, so the value you’re capturing thereand, “We’re going to tax it with these advertisements”, or “We’re not going to tax it very much with these AdWords, and make a ton of money.”

It’s shifting. Sometimes it’s eyeballs, sometimes it’s dollars, but like you said, sometimes eyeballs are better than dollars, because when we were a $195,000 per year business, people gave us the blank stare. [laughs]

Patrick:  The reason, by the way, for that, for folks playing along at home, is for an individual person, $195,000 is a wonderful, wonderful outcome, but if you’re an investor in Silicon Valley, you know that $195,000 does not even cover a single engineer. [Patrick notes: Ballpark $20,000 per month, fully loaded.] If you do not see that growing explosively, then it doesn’t have any potential, in terms of, strategic value leading towards an exit, which again is what people are aiming for at the end of the day.

Matt:  Exactly, so in our case, traction with a capital T. In hindsight we can apply the narrative, and say, “Look the President was using it, isn’t that awesome?” VC’s, believe it or not, not so excited about the President using it, as much as, “Well, how much did he pay you?” because now you’re in the post‑revenue zone. [Patrick notes: I respectfully disagree with Matt and strongly suggest that if you have the line "if @current_user.is_president_obama? {...}" anywhere in your codebase you mention that early and often in pitches. It got quite a lot of attention when I was talking Stormpulse up to people.]  If you’re going to do it on eyeballs, then I suggest you stay in the pre‑revenue zone, or be prepared to quickly accelerate the revenue aspects. We basically poured six and a half million people through a very large funnel, and 1,000 customers came out the other end. Then when you have a conversation with somebody, and you say, “Yes, we have 195 customers”, or you say, “We have close to 1,000 customers,” totally different order of magnitude.

Speaking of which, Gabriel Weinberg wrote a recent blog post on, “Orders of Magnitude”, and I think that’s really, in many ways, what getting VC’s excited is about, is proving that you hit that next order of magnitude, and the next order of magnitude is just around the corner, so this 195,000 is about to become 1.95 million, and soon after that, in two years, we can see it being 19.5 million. If you can keep moving the decimal points, on any metric, than you’re probably in good shape. [laughs]

Patrick:  Right, we should talk a little bit about the difference between angels, and VCs. Angels are typically people who are investing their own personal money. A VC, Venture Capitalists have what’s called, “limited partners” (LPs) in the Venture Capital funds. Which are typically extraordinary wealthy families like, Bill Gates wealthy, or institutional investors like, pension funds, or Harvard Endowment, which has billions, and billions of dollars of assets. They take a small portion of those assets, like the majority are in more traditional investments, like stocks and bonds, like that you and I could buy.

A small portion of that is their risk capital, that they allocate to quickly growing businesses. The Harvard Endowment does not want to be dealing with entrepreneurs themselves, they write a check for for $10 million or $20 million to a venture capital fund. The venture capital fund takes four of those checks put together, collects $50 million dollars, and then attempts to dribble it out to entrepreneurs in investments in the single-digit millions range.

The incentives in the structure of angels, and VC’s are different, in particular, with regards to scale. Paul Graham has a great essay or two that will teach you the basics [Patrick notes: "basics" relative to what he knows, rather than relative to what I know, since he's forgotten more than I know.  Most relevantly for people listening to this conversation, the scale of exit that can be a win for an angel is orders of magnitude lower than the scale of exit that could be a win for a VC.

Not talking about Stormpulse here, but hypothetically assume I had a second angel investment, which I don't currently.

If I invested at a hypothetical valuation of a million dollars, and it sold for $10 million dollars, then plus or minus some rounding error due to dilution that 10Xes my investment in the company.  That would be a happy result for me, as an angel.  For a VC fund, if a company exits for $10 million, that goes into their books as a loss, because they did not hit the multiple hundreds of millions of dollars exit, that they need to make the numbers in their business model to work out. If they collect a lot of losses like that, they will not be able to close their next fund. It would really suck to be them. [Patrick notes: Important corollary to this: VC firms do not win on acqu-hires, where e.g. a 5-man engineering team gets bought out for $5 million and their project gets scrapped.]

Angels can be pretty happy with exits in millions of dollars to tens of millions of dollars range. The super angels, which are the angels investing other people’s money, like I think 500 Startups themselves might self-identify as one, can be pretty happy with exits in the $10 million, $30 million, $50 million, on up from there, and then once you get into VC land, and have reached that serious investment, you’re shooting for in the hundreds of millions of dollars range.

After you get Series B / Series C / etc VC, and what not, God help you, you better IPO or no soup for you.  Those are for exit valuations, by the way. The interplay between a company’s revenue, and a company’s exit valuation is complicated, depending on who’s doing the buying. For example, if you were Google, and you had strategic reasons to control the Internet, you might pay a heft premium on the revenue of a company like e.g. Youtube.  [Patrick notes: Or Facebook and Instagram, etc etc.]

As a rule of thumb: if you’re trying to meet the victory condition for your investors of the exit in the mid tens of millions range, you should be thinking of having millions of dollars to low tens of millions of dollars in revenue.  Revenue requirements scale up linearly from there with exit requirements. All that sounds fairly on point to you?

Matt:  Yeah, I would say so. [laughs] If I were going out and raising money again for the first time, what I wish I had really understood is very much what you just said. One thing that can help you is, if you’re looking at a VC firm, not all VC firms are the same in terms of fund size. How much money they got from those LPs can vary anywhere from as “tiny” as say $20 million, all the way up to $1 billion or more. That size of their fund is going to greatly influence how much money it takes to, as they say in VC and entrepreneur parlance, “move the needle.”

The needle on the dashboard of the VC’s car does not move if they have a $500 million fund, and they got, let’s see, let’s say you sold your company for $50 million, and they owned 33 percent, then they get their $16.6 million.  That doesn’t really do anything for them whatsoever, like you said.

For that $500 million fund, they want to own a larger stake in a company that sells for $500 million plus. As a rule of thumb which might be controversial: you should aim to sell for more than their fund size.

If you’re approaching a $500 million fund, and you’re thinking your company is a $50 million exit, you are probably are wasting your time. Unless, they get so excited that they convince you that it could be sold for $500 million instead, or there’s just something you don’t know. A $50 million VC fund, which would be a micro VC, could be extremely excited about that, $10, $20, $30, $40 million exit, $50 million even better. Obviously, no VC is going to turn down more than that.

If Sequoia sells a company for a billion dollars, and their fund size is $1.5 billion, they’re pretty happy about that, obviously. You got to know who you’re partnering up with.

Patrick:  Yes, all true advice. Just as a rough rule of thumb for people playing along at home. In VC fund typically invests for a period of 10 years, within that 10 years they want to have experts that approach a particular internal rate of return. It works out to be that, as a rule of thumb, they want to triple their money. If it’s a $50 million funds, then they have to achieve $150 million of return, which, if they own 10 percent of typical company at exit, actually, they have to sell $1.5 billion worth of companies. Do the math there. It doesn’t support many $2 million exits.  [Patrick notes: Especially because the number of investments they can make is limited by the number of board seats they can take up.  Paul Graham can explain why that matters.]

Matt:  One thing to mention as well, which, maybe this fund raising 201, instead of 101, but it’s important when you’re talking about angels and VCs, is that, many angels will often get the opportunity to exit earlier. If the company, you don’t have to go IPO, for example, and many angels won’t. When the company that took an angel investments ends up raising money at triple the valuation of that angel round, some of that money that comes in could very well go into the pockets of angels, so that that VC can buy them out, and own their share of the company. If a VC comes in and says, “I want to own 40 percent of this,” and on the books, there’s 10 percent equity in angels’ pockets, those angels will often be bought out completely, and get their three X, and then take it, and play with again, and the VC is now in for the longer haul.

Of course, some VCs that get in very early in companies that end up going huge, could also do that, if you end up raising a series B, C, or D. Yeah, there’s multiple ways for folks to make money. Angels are, generally not in it for the IPO.

That’s where 500 Startups is really interesting, right, because they’ll put in a very small angel sized check. They’ll wait for the cream to rise. They’ll invest again, in those companies that are winning. They will hold on for a long time. Obviously, it’s a great hybrid model, I think, part of the reason I’m excited to have them involved.

Why You Probably Shouldn’t Be An Angel Investor, via Crowdfunding Or Otherwise

Patrick:  Right, I really liked how 500 Startups and YC are both doing excellent things to bring a  bit more rationality and efficiency, and to the VC markets, so yay capitalism . Some folks listening along to this and might think, “Wow, this is wonderful, I want to be an angel investor.”

Matt:  [laughs]

Patrick:  I want to disabuse you from that notion, right now.  For the vast majority of people listening to this, angel investment is not a good idea.

Matt:  [laughs]

Patrick:  First, there’s a requirement, which might be eased with the crowdfunding legislation coming down the pipe. At the moment, you largely can’t invest in companies unless you are an accredited investor.  You can look up the requirements for being an accredited investor online, but I think it requires $1 million in assets, outside of the value of your primary residence, or $250,000 in income for each of the last two years.

(People might be wondering: “Wait, if this is true, then Patrick must be an accredited investor. How in the heck did he get to one of those [given that it doesn't appear on my yearly reports]?” The answer to that is, well, that gives you one data point on how Appointment Reminder is doing.)

Yeah. Even for people who are clearly in a fairly decent financial position, angel investing is incredibly risky. Most people will get wiped out totally. I don’t expect getting wiped out in Stormpulse obviously, but if a meteor struck Dallas [Patrick notes: Dallas, Austin, whatever, if you can't find Gifu on a map cut me some slack] and was not predicted by the Stormpulse software, it would not compromise the ability of my wife and I to make the rent.

Matt:  Right. [laughs] Thank goodness. [laughs]

Patrick:  Yeah. The vast majority of my investment assets are in nice traditional Roth IRA investing in index funds. Many angels, by the way, are doing it for I’d say primarily non‑economic reasons. Again, structurally you have to be fairly wealthy to invest as an angel investor. The expected returns are terrible. It takes a lot of time to make investments, relative to say an index fund. Since you can only safely invest a small portion of your net worth in it, it’s not likely to really move the needle on your personal portfolio, so “Why do it?” is an interesting question. One of the reasons that there’s lots and lots of angels doing it is it’s a hobby/lifestyle choice of some people.

Particularly in Silicon Valley, there’s lots of angel investors who might have a bit of money because they were in large companies in the Valley that do social networking or search engines at the right time. They have a bit of money, and the culture in the Valley doesn’t really let you blow money on super deluxe sports cars or anything, but blowing money on angel investments is considered a wonderful thing to talk about with your friends. That’s one reason why people might do it.

Again, for me, it’s partly wanting to support Stormpulse. I want it to win.  I’m a capitalist: companies live, companies die, that happens. I liked the guy’s vision for the future, and supporting this guy is my main objective.

Matt:  Yeah.

Patrick:  Obviously I’m not saying the same about Zynga.  Zynga’s vision for the future is humanity enslaved to dopamine treadmills.

Matt:  [laughs] Yes, scary. I was going to add, my one cent on that would be you’re absolutely right. Angel investing, I’m not [laughs] nowhere near being an angel investor. Even though I’m an entrepreneur and I love the risk taking parts, I don’t know that I would ever be interested in angel investing. Simply because in order for it to work economically, you’d have to do it at such a scale, so I guess maybe rephrase that. I don’t think I’d ever be interested for economic reasons either, even just looking forward. Because in order for the economics to work, you would have to invest in so many companies that you would have to take a…Not spray and pray, because that’s negative way to look at it, but a making a lot of bets method.

Yeah, the angel investing that seems to work emotionally, even though it might not economically, would be the, “I’m investing in these guys because I love what they’re doing and I think I can help them.” That’s the more popular choice, like you said. The no man’s land in between is the, “Oh, great, I can invest $20,000,” and you hand it to three people or one person, and there went $20,000.

Hopefully it’s not that. Yeah, we’ll see that whole piece works out on AngelList, where people can invest even if they’re not accredited or down to $1,000.  [Patrick notes: There are a few crowdfunding platforms coming which have this basic business model.] For that really to work economically for somebody, they would need to make a lot of $1,000 investments I think.

Patrick:  Right. I don’t know that crowdfunding is a very wonderful idea to be honest.  The model is that sometimes the business would like money which comes with no involvement with the angels whatsoever, like we were talking about earlier . For a $1,000 investment to be attractive to the firm, you would have to raise that much from each of 200 people, and your service level agreement (SLA) with respect to each of them would be “You should follow our twitter feed, but we’ll never actually talk to you about this”. Otherwise the economics of raising the marginal $1,000 just don’t make sense. [Patrick notes: In particular, the angels would not have any expectation of being able to talk to the founders on a regular basis and would not be given updates which include material non-public information.  Both of those are routine features of angel/startup relationships in the status quo.]

Matt:  Right. There’s a little bit of a, I don’t know, a selection bias that happens though, or availability bias because if you think about it a lot of the best start ups aren’t looking for those dollars. They’re not necessarily desperate for another $1,000 investment or are looking for that kind of crowdsourced funding.

Patrick:  You called it an availability bias, but I might call it a…oh shoot, my English capacity is failing me.

Matt:  Just say it in Japanese. [laughs]

Patrick:  Adverse selection process.

Matt:  Yeah.

Patrick:  The people who have the most compelling businesses can get professional investments by the experts into those most compelling businesses, and people who don’t have quite so compelling businesses, but might still want to raise some money, might go to folks who are wealthy but amateurish with respect to their investment decisions. Again, this isn’t a pronouncement from on high because I am also an amateur here, but one would hope I know a bit more about it than, say, any random software engineer at a company that pays a lot of money.

Matt:  Yeah. [laughs]

Patrick:  If the cream of the crop gets picked by the professional investors and the professional investors don’t do really wonderfully numerically investing, the median return in “VC land” is probably negative.

Matt:  Yeah.

Patrick:  If professional investors who can convince people to give them $20,000,000 checks have a return which is median negative, then amateur investors investing in the non cream of the crop companies are probably not going to do well virtually for themselves.

Matt:  Probably not.

Patrick:  Don’t go angel investing with money you can’t afford to lose. The one positive thing that I’ll say about angel investing is at least it’s better than Bitcoin.  [Patrick notes: I might write a post on that someday.  Long story short: don't buy Bitcoin.]

Matt:  [laughs] Sounds like.

Patrick:  Let’s talk like the mechanics of it because we’ve been talking about investing in high level terms. I think a lot of people will understand it as like me buying stock in your company, but that isn’t really what happens.

Matt:  No. It can be but [laughs] it really depends on the type of raise, right? What you do…Go ahead.

Patrick:  For angel investing these days for decreasing the paper work burden and getting away from needing to price around the, I don’t know if I would call it a standard, but very popular action is called a convertible note. Do you want to explain to the audience what a convertible note is?

Matt:  Yeah, sure. A convertible not is basically a loan with a fancy name and some fancy options, which are the angel investor or the investor loans the start up money, and there’s a maturity date on the loan just like all loans, but prior to that maturity date, since this investor does not just want to get his money back with a per annum interest rate return, before that happens there is what’s called a trigger event or a fund raise that happens, which triggers the conversion, hence the word convertible, of that money into some stock equivalent. What it basically means is, for example somebody gives somebody $25,000 on a convertible note basis, that entrepreneur then will see that $25,000 on their books as a liability [Patrick notes: And, naturally, an asset of $25,000 cash] until the time that, that entrepreneur raises a qualified financing, which could be any amount. Let’s just say it’s $750,000. Once he raises that $750,000 from a VC or from more angels, however it works out for him, then that $25,000 will turn into shares.

Now that investor actually has stock in that company. Until then he really just had a loan against them. Like you said, it definitely decreases the paper work. It also has, for the entrepreneurs benefit, you could have what’s called a rolling close.

Back in the selling-equity world you had more like closing on a house where this is the day they hand over the keys, everything’s done, this is my closing date. In the convertible note world you can have multiple closing dates. You can take money from, if you have a line of 15 angel investors and somebody wants to give you money today, you can take the money from them. If the other people aren’t quite ready yet, or if you’re still warming up some people, you can get them in the door later.

You might end up spending 30 days or 60 days collecting checks, which frees you up from having to have one massive convergence point, which is really hard to do because angels as opposed to VCs often have real lives and jobs and their own things to deal with so it’s not their entire job to make sure they have the bank wire all teed up for the exact day that it’s supposed to be. A lot of things just come easier when go with that method, but obviously it can have its downsides but I think if you understand it well enough the downsides are not shockers.

Patrick:  Right. If you want to hear this subject in a lot more detail, there’s a Paul Graham essay called High Resolution Fundraising, which assesses the benefits in a lot of detail. One of the main benefits is again, investors are “herd creatures”, and what you’ll frequently hear is “I’m willing to invest if everybody else is willing to invest.” Given that angels include a lot of different people on varying levels of enthusiasm and sophistication and ability to access funds quickly, this can cause an unpleasant deadlock situation where “A is willing to invest if B is willing to invest, and B is willing to invest if C is willing to invest, and C is willing to invest if D is willing to invest, and D is currently on vacation to Europe, but then he’s willing to invest if A is willing to invest.”  Then nothing goes forward and you, the entrepreneur, tear your hair out.

Whereas with convertible note, literally the only thing Matt needed to do to raise money from me was we agreed on an amount, he sent over the docs, I signed them, and then I wired money to the Stormpulse account. No collusion with other investors was necessary.  I didn’t even explicitly knew who the other investors were. I was sold, so I didn’t know how many other investors were there at the time and I didn’t really have need of them.

Matt:  Yeah.

Patrick:  Obviously after you have money in the bank you can say, “I have money in the bank from people, so if you want in on this you should move quickly.”

Matt:  Yep.

Patrick:  Which again is a wonderful thing from the entrepreneur’s perspective.

We mentioned the figure $25,000 a few times. Typically, historically in angel investing, like $25,000 is the minimum size of the checks that can get a company interested in you just because of the amount of overhead it takes to bring on an initial investor and the amount of overhead that that entails going forward. That’s kind of like the baseline these days, unless you have something else that can interest the company besides just the dollar value of your investment. Are you OK with putting the number of what our investment was? I’m happy mentioning it, but I don’t know if that’s public or not.

Matt:  I would say this, it’s under the $25,000 number for precisely that reason, because I believe you have incredible value add for us. You made the introduction to 500 Startups and it turns out that you know a thing or two about SEO, SEM and all things Internet marketing. This is one of those cases where the dollar value isn’t the primary concern.

Patrick:  When I told Matt that I wanted to invest with him I said, “I want to invest somewhere between $5,000 and $25,000 with you and after you talk to my wife a bit.” In the process of talking to my wife about it, I got the bill for my wedding and eventually decided to, well, there’s a Macbook with my name on it somewhere.

Matt:  [laughs]

Patrick:  I don’t know. OK, let’s see, so we talked about convertible debt and talked about risk management for angels. I would be negligent in my duties as an investor if I didn’t mention you were trying to close another round, right?  There’s the sales pitch, guys. There is availability. Those of you who can make use of that information, please do.

Matt:  Thanks, Patrick.

Patrick:  You’re also all over AngelList. We could devote an entire podcast to the wonderfulness of angel list, but it’s the emerging standard for people raising early rounds, it helps to get a lot of the necessity of meeting social proof and whatnot. But you have a wonderfully active profile on AngelList and people can easily reach out directly to you if they want to talk about this in more detail, assuming they have a checkbook with lots of zeros in it.

Matt:  Sure. Or know somebody that does.

How To Price Software Which Is Mission Critical For Business Customers

Patrick:  Awesome. I gave a little mini‑sales pitch. Why don’t we talk for folks who might or might not be interested in the whole funded start‑up amusement game, just in terms of running a business, and running a SaaS business at emerging levels of scale? Why don’t we talk about what was learned for pricing for your business and premium versus premium distinction, and maybe some advice on doing high‑touch sales and what many folks listening are doing, which is currently just, “I hope people click over to /pricing and then put in their details into my credit card sign up form.”

Matt:  Sure. [laughs]

Patrick:  Let’s see, how did you pick $750 per user, per year?

Matt:  How about “We are growing the price and that is its current height”. Like I have an adolescent son and he’s getting taller and taller. Seven‑fifty is his current height. I think it can go higher from there. Definitely can go higher from there as we get into more editions, that just ended up being the price that we are experimenting with currently. We actually started out with a business that was $3.95 per month. [laughs] Now we are asking for $749 upfront. Yes, that’s a 200X price increase, more or less, since we started.

Patrick:  One takeaway from this podcast, for anybody attempting to run a business on $3.95 a month, don’t. It won’t work out. It is impossible to make the math work out like that, for any desired scale of the business. Actually, I won’t want to say impossible, there’s people who can do it. [Patrick notes: Backblaze?  Evernote?  That's all I can think of off the top of my head.] But what would be the main challenge for you in your business? You’re providing, again saving people’s lives and property value or even adding a level of value to a business you can justify to people picking that $20 to $30 entrance at the low end and then it goes up from there in a very dramatic direction as you create more value.

Matt:  Yeah, I mean what…

Patrick:  Oh, sorry. You go.

Matt:  Yeah, I was going to add one little psychological touch. As soon as you start running your own business, and I’m sure you’ve experienced this, too, is when you get to something and in your business, you want it or need it, and it says that it’s $100 or $200, I don’t think that’s ever stopped you in your tracks and made you think, “Oh, that’s too expensive. I don’t want that.” Especially in B2B, in other words, B2C, obviously your mileage will vary greatly, but in B2B, there aren’t many business who can’t justify a $500 expense on something they just want or need.

It can be very hard for an entrepreneur who’s only been either employed by BitCo and hasn’t had a budget that they can just spend money willy‑nilly or hasn’t run their own business to get out of that impoverished mindset of “Well, gee, with my bootstrap company, I would never spend $500 on this.” It’s like, “Yes, but you are not your own customer in this case.” [laughs]

Patrick:  I have every love for bootstraped companies in the world. They’re my heart and soul business‑wise, but oh, boy. When we talk about this kind of stuff on Hacker News, people come out of the woodwork, “Oh man, you’re doing this thing for professional programmers that costs as much as $20 a month.” Or, $150. “Who on God’s green earth will pay that?” Yadda, yadda, yadda.

Matt:  [laughs]

Patrick:  Compared to like the budget available to the White House for protecting against hurricanes, Bingo Card Creator, pretty freaking small. Bingo Card Creator can drop $150 without me even noticing it.

Matt:  Take that, yep.

Patrick:  Yep. If KissMetrics costs $150 a month, it’s done. If it increases sales by five percent over the year, it pays for itself in perpetuity, which that might be what I paid for…that might be what I paid for  KissMetrics…I don’t even know what I paid for  KissMetrics, and the reason is, it doesn’t matter.

Matt:  Right. [laughter]

Patrick:  Again, that’s a business that makes what, three, four, five thousand a month or so, somewhere in there. At the smallest possible scale of business, the prices that people want to charge for software don’t matter. Don’t optimize very aggressively for never getting complaints about pricing. It is not the way forward.

You guys have just the one pricing point. We’ll talk about that in more detail at some point, but we might want that conversation to be private. Anyhow, one of the reasons a lot of companies have multiple pricing points is that it helps segment and capture value.

There is a difference in the ability of Bingo Card Creator and the White House to afford things. How do you segment the usage of those two organizations such that the White House pays more for the extra service they are getting out of the software? That’s one of the reasons that you see the four column pricing plan on a lot of SaaS, typically because it prints a lot of money as soon as you introduce it.

Just as an aside, for people I have talked to, SaaS businesses, like it’s my job.  A lot of folks report that those plans generates an absurd portion of revenue. I’ll say, for Appointment Reminder, the top-most plan ($199) generates about 50% of the revenue of the publicly available plans ($9/$29/$79/$199)  [Patrick notes: Closer to 1/3rd when I checked the numbers recently.]

Don’t do a $9 plan either, it’s not practical if you’re selling to businesses. Lesson learned. You might think $200 is pretty rich, but it isn’t for a company, so give people the option to pay at least that much.

Matt:  Sure.

Patrick:  The $200 is not really the ceiling for selling to businesses. For selling to businesses, typically the ceiling for a month‑to‑month plan is generally $500 and they can put that on a credit card without requiring eight or 12 signatures for management. Then after $500 you have to step up your game a little because it’s not being so much of a self‑service model. You actually do have to talk to folks. I have a bit of experience with this. You have much more. There’s adjustments you have to make when it’s no longer just a website. You have to prove yourself, and you’re actually talking to folks. How does that process work for you?

How To Sell Into The Enterprise

Matt:  Yeah, the process for us started by email, just having a simple email address, which hopefully, everybody has, getting those initial queries from people who say, “I want to buy this but I have a few questions first.” Answering those emails is obviously a great way if you can scale it up to a point. But then, at some point, like you said, there is definitely the right time and place to have a actual phone call, maybe a couple, or maybe a lot of them if it’s going to be a large deal. For me, that really started with sending emails to people and responding with, “Hey, call my cell phone number” kind of thing, a typical self‑starter, entrepreneur kind of method. Got a 1‑800 number from Grasshopper.com not soon after that, and ended up routing people through the 1‑800 number which then rings whatever phone we want in the business, and talking to people that way.

With our business, especially since, weather tracking in the abstract is not very emotional but when you apply, like you said, the lives and properties to it, people generally want to have a human being on the end of the line if they’re going to spend a lot of money, just to be assured that it’s going to do what they think it’s going to do. Or just to understand the right way to pay, things of that nature.

We take phone calls. We have a 1‑800 number for our sales line, and I love it when people call because it generally means that we’re going to have an opportunity to make good contact. It increases the likelihood that they’ll be retained. All kinds of good stuff happen when you talk to people on the phone, as long as you can do it profitably.

Patrick:  Right, and again, this is one of the differences between the stuff that you have to do when you’re trying to grow the business like that and stuff you have to do as a bootstrapper. I live in Japan, and so folks calling my cell phone directly or even indirectly through the 800 number that’s on the website would be inconvenient because it would typically land at about 4 AM in the morning. Though I like doing enterprise sales. I don’t love getting woken up at 4 AM in the morning. I drop everybody who calls the sales line straight to voicemail and then attempt to set up a time to call them, typically at about midnight because I keep engineers hours. I apologize to my wife, say I’m going to get on a phone call for half an hour, do it and then go to bed.

Just an FYI, when I do that, half the people will hang up immediately when they get to voicemail. You get no information from them and I have never closed a sale like that. If you’re beholden to investors, don’t do it that way. But if you’re a bootstrapper who can control the pace of growth of your business at whatever you want, it totally does work.

We both come from engineering backgrounds, so this is not exactly in our wheelhouse, constitutionally or by experience. We both learned how to do business to business sales over the years, and it’s amazing. People will actually pay money to people that they’ve only ever met on a phone call.  Lots of money! [laughs]

Matt:  Yes. Yeah, absolutely.

Patrick:  Let’s see, what stories can I tell? Again, never lie to a customer. I always be very up front with people and say, “Hey, I’m a one-man operation operating outside of Japan. I’m a professional at this,” and oft times it’s pretty good. “All the problems like, “My bus number is one, yadda yadda yadda,” if they ask about that. Appointment Reminder is currently operating in, I usually say eight of the top 10 hospitals in the United States. I’m not sure if that’s actually true. A, there’s more than eight now, and B, I’m not sure if my definition of the top 10 is reasonably rigorous. Suffice it to say, if you name a big brand hospital, Appointment Reminder might be running it. Matt, again, from his home office sold into the White House. I will never get tired of telling that story.

Matt:  [laughs] The craziest part about it, Patrick, is that I didn’t do that sale. [laughs] I had no idea that it even happened!

Patrick:  Oh, that’s right. They signed up on your website directly.

Matt:  Yeah. That was self serve, man. [laughter]

Patrick:  Oh, boy. Life is wonderful.

Matt:  Yeah, yeah, yeah. [laughs] Yes.

Patrick:  Just a quick piece of advice that folks listening at home can steal. One of the things that you can do if you’re not at a position where you can jump quick onto a sales call with somebody, maybe they’re not at that point in the relationship: use some incentive on your website to capture their email address. For example, if I were Matt, after you get the other 5,000 things off the plate, create some resource or white paper about managing severe weather events at your business, maybe specific to a particular industry.  Offer a download of this white paper if you give us your email address and say on that form “We’re going to get in touch with you every week with stuff you’ll find interesting, as a risk manager at a retail business.”

Then you will have the opportunity to provide them with stuff they’ll find interesting, and then eventually, after you’ve established credibility, attempt to sell them. That works out very, very well in terms of generating sales.

Matt:  Yeah, and you know what? I’ll say this. Because life is messy and it happens organically whether we like it or not, we’ve done almost everything backwards with Stormpulse. These days, I think somebody who wants to bootstrap a company has so much good advice to rely on.

Patrick:  Every company ever will tell you they did everything  wrong starting out. [laughter]

Matt:  Well, somebody who wants to bootstrap a company these days might say, “OK, here’s what I’m going to do. I’m going to charge from day one. I’m going to build this thing. Here’s the funnel that we’re going to use. Here’s the flow we’re going to use. It’s just this machine.” We are working on the machine right now, but the machine originally was just this tipping point in our distribution with Hurricane Ike hitting Houston, that took us from 1,000 to 1,000,000 visitors in 45 days. Our servers didn’t crash, but all of a sudden we were inundated with interest from people that…We were like the two guys at the hot dog stand that all of the sudden all of Milwaukee wants to come to. How do you handle that?

We didn’t have the great landing pages and stuff I’d like to talk to you about more offline. We didn’t have the great segmented landing page with the white paper download and the free trial thing set up. It was just people loved this product so much that they had to talk to us. They wanted to talk to us and they wanted to buy it, and so they did. Here I am getting emails from people saying, “Send me an invoice,” and I’m going, “I don’t even have a template for that.”

[laughter]

Matt:  I was just slammed with a lot of the operational stuff from the get go. [Patrick notes: Again, after years of working in the trenches.] There was a fair amount of self service, but definitely people…Learning trial by fire in a lot of ways. I’m sitting here looking at in front of me a receipt from, it so happens to be a hospital that uses our software. I’m looking at an invoice number, and it says 36215. What’s great about that, and if this is helpful to anybody, or at least an encouragement, that invoice number is a number that we completely made up. It was like here’s a piece of paper. We’re going to put some numbers on it. We’re going to send it to them. The first time I got a check from somebody that was a real company, like a Fortune 500 company, paying an invoice that I had just made up was like this moment of clarity.

Something came in and something came out. The plumbing works. I guess the encouragement would be don’t freak out when you get these things. In a lot of ways, you’re always in this just‑make‑it‑up stage until it works, and then you can refine it and make it look more professional.

I still have copies of the first invoices I sent out. It was like I don’t even know what I was thinking. I hate to think what the person that received them was thinking. It was the world’s least elegant invoice, but it had a number and it had a price and it had a few other details. That’s all it took. B2B is full of wonder.

Patrick:  That’s the story that you’re going to hear again and again and again, both bootstrapping and funded. There’s a whole lot of making it up as you go along. There’s obviously some folks who sold to the Fortune 500 prior to the two of us living, so some of the stuff you take the knocks and figure out and some of it, you talk to your mentors/buddies/whoever you find credible and figure out. This is one reason why doing things with email is helpful. It’s asynchronous, so when somebody says, “Hey, to buy this, we need proof of insurance from your company,” you can email somebody who has been in business a little while longer would say, “A hospital has asked me for proof of insurance. What does that mean?” It means say that you buy, in my case, $2,000 worth of insurance.

That takes a week of your life to get arranged, and then you can invoice the hospital enough for the software to handily pay for the insurance coverage, to put it mildly. By the way, for folks who are not in business, if you’re talking about, $500 per month is the upper reaches of the self‑serve model over the Internet. The price of software is unbounded. I think it probably wouldn’t be good to mention actual numbers from either of our companies that are the largest contracts.

Let’s say that software sold at low five figures, mid five figures, high five figures, low six figures, mid six figures, high six figures and up, up, up. It all depends on the value you’re offering and getting that customer to “yes.” Astoundingly, one of the reasons that folks don’t put prices on the website for the enterprise plans is that the only thing you need to do to get, pick a number, $100,000, out of a company is to convince them that the thing your selling is worth $100,000. Any truthful and ethical thing you do get this when you do that “yes” is what you need to get that “yes.”

Matt:  Exactly, and I can tell you from some experience now that what is helpful is when you’re selling B2B, there’s obviously the super scalable part. Enterprise is where you get to the point, I think, and I’m not even a true what you call the Palantir Enterprise or like the massive trilogy enterprise. Those are seven figure deals. When you’re talking about even the high five figures, low six figures, you are at that point. You are external to their company, but what you’re trying to do is actually navigate their company and the way they make a decision about whether or not it’s worth the $100,000.  They’re going to have their own way of managing that decision‑making. You are now trying to manage their management of it so that it does not get off course. [laughs]

In some sense, you are like the CEO of the buying process happening internal to your prospective customer, right?

Patrick:  This is probably the most important think that I’ve ever learned about doing the sales at enterprises. Basically, if there’s an internal person who wants to buy it, there’s other people that their management process means they have to convince to be able to buy it. You have to empower them. People call them your “internal champion.” You have to give them anything they need to get those sign‑offs. Which means both, A, figuring out who those people are and, B, figure out what you need to give them to get to “yes.” Your customer might not know these answers, because they aren’t experts at working their own purchasing department. This is the art and science because it’s different for every contract.

Matt:  Yeah.

Patrick:  I’ll tell a quick story from my first big enterprise deal for Appointment Reminder. A hospital sent out 10 requests for proposals to 10 firms who could theoretically provide appointment reminder phone‑calls for their purposes. It was for a low‑budget project, so the larger firms in the industry got that RFP and I imagine that the sales guy’s reaction was “Beep this. I’m only going to make $100 commission off of writing this, so I’m not actually going to write a detailed response to it. I’m just going to send them a brocure and say, ‘Hey, I’ll hop on a call if you’ve got your checkbook out.’”

We’re a little hungrier than those organizations, both because I get more out of the entirety of a sale than the commission a sales guy would make, and because I very urgently wanted the social proof of having landed this contract. So I wrote a detailed 3 page response to the RFP, including quite a bit of detail that the average sales guy wouldn’t know.

Then I got on for an hour-long phone call with a nurse at this hospital, and we talked about every concern she had. After that hour long phone call, I took my (obsessive) notes, typed up a detailed response for every issue raised on the call, and emailed it to her.  I asked if she would please forward it to every stakeholder involved with the purchase, including every name she had mentioned on the call.

“Could you please forward this to Dave and Dr. Larry as well, just so they know the stuff we talked about?” Later when they had a discussion inside the hospital on whether to guy for the safe 800 pound gorilla or the little one-man operation operating outside of Japan, I was the only guy whose name they knew. They had seen emails from me and I sounded knowledgeable and trustworthy.  The nurse I had talked to also had a good impression from our phone calls.

She said a different stakeholder attempted to say, “Well, nobody ever got fired for choosing IBM, or the analog in our industry.” She said, “No, you don’t understand. I don’t know that company. I think they brushed us off, but this is Patrick’s baby. You take care of your baby. If we ever have a problem with it, we know exactly who we’re going to be dealing with, and he’ll fix it for us. I trust him,” and that argument carried the day.

Matt:  Awesome.

Patrick:  That’s how you beat out a company that is a thousand times bigger than you, which is a story that I’m quite certain has gotten Stormpulse a couple of wins along the way.

Matt:  Oh, yeah. Yeah.

Patrick:  Founders have an incredible advantage on sales, by the way, because you’ve got magical founder advantages when you can announce yourself as the founder or CEO or head of product, or whatever you need to be here for the phone call. People will say, “Wow, thanks for taking the time to call me!” It’s amazing. Here’s a hospital who has probably a billion dollars in gross revenue a year or some multiple of that, versus a teeny-tiny little software company whose annual revenue is probably smaller than identifiable surgeries that they do. But if you announce yourself to the hospital as, “Yeah, I’m the founder of the company that you’re talking to,” then the person at the hospital’s like, “Wow. I’m just a little person at this big hospital. This guy is the head honcho — he is really doing me a solid by getting me this phone call.” Despite the fact that I’m the founder, sole employee, and also the guy who empties out the waste paper basket every day.

Matt:  Yeah. [laughs]

Patrick:  Also, especially for founders who have both the technical and business sense, you’re able to talk about whatever they need to talk about. A sales guy will often say, “Oh, let me get back to you about that question because I need to ask the engineers.” Or even worse they’ll say, “Oh yeah, I can totally do that,” and just be lying and sound like they’re lying, because they don’t have the ring of truth in their voice. Whereas if you’re a founder you can say, “OK, the software doesn’t actually do that right now, but it sounds like something that we could get done in about two weeks. How important is this to you vis‑a‑vis your other priorities, or is there some other way we could meet this need?” When you start talking that level of detail, people will be like, “Wow, he knows what he’s talking about, unlike every other sales guy I’ve been talking to this week.”

Matt:  Yeah. Absolutely.

Patrick:  Not that I hate sales guys.

Matt:  [laughs]

Patrick:  Good sales guys are wonderful, but good sales are like good engineers because they’re very rare.

Matt:  Yeah. No, absolutely, absolutely.

Patrick:  Yeah. I think we’re probably pushing the two hour mark for this conversation, so we probably want to be wrapping up now. Matt, is there a blog that people can find you at? What’s the URL for that?

Matt:  Yeah. It’s here. You can also find me on Twitter @MattWensing.

Patrick: My blog is at http://wwww.kalzumeus.com/blog/ and I’m Patio11 all over the Internet. Stormpulse is the website, storm like the weather phenomenon, pulse like the pulse of the nation, dot com. You can take a look at it, attempt to invest in it, etc.  If you’re needing to protect the lives and property of your business, it’s good stuff, consider buying it.

Thanks so much for getting on the podcast, Matt. It was an awesome conversation, and I hope the audience learned something from it.

Matt:  Yeah, absolutely. Thanks a lot, Patrick.

Patrick:  OK, and thanks very much to all you guys who are listening. I know it’s been a long wait since the last one. I really appreciate you taking time out of your day with us. We will see you again next time, hopefully in a shorter timeframe than the six months or so it took for podcast number four. All right, till next time, bye‑bye.

Matt:  Bye.

5 Comments

What The Rails Security Issue Means For Your Startup

January has been a very bad month for Ruby on Rails developers, with two high-severity security bugs permitting remote code execution found in the framework and a separate-but-related compromise on rubygems.org, a community resource which virtually all Ruby on Rails developers sit downstream of.  Many startups use Ruby on Rails.  Other startups don’t but, like the Rails community, may one day find themselves asking What Do We Do When Apocalyptically Bad Things Happen On Our Framework of Choice?  I thought I’d explain that for the general community.

Nota bene: I’m not a professional security researcher.  Mostly, I sell software.  In the course of doing that, I (very occasionally) do original security research.  I did no significant amount for these bugs, aside from mitigating them for my own applications.  I am currently engaged in a Ruby on Rails security safari, and anticipate publishing the results of that in February, after responsible disclosure to the relevant security teams.  If you don’t know enough to know whether I’m trustworthy with regards to generic advice, pay someone you trust to get advice on this.

Don’t skip this post because you’re not a Rails developer.  If you’re reading this blog, this matters to you.

Background: What Has Been Happening in Rails-land?

Ruby on Rails recently released two sets of security patches (announcements here and here), in response to related vulnerabilities discovered in the frameworks.

How bad were those bugs? Severity: Apocalyptic.  They permitted attackers to execute arbitrary code on virtually ever Ruby on Rails application, without requiring that the application do anything to enable the attack other than “be hooked up to the Internet.”

What does “execute arbitrary code” mean?  Literally, it means that the attacker can choose to have your server execute any code they can dream up.  In practice, it means that you lose the server that the code is executing on.  Any further access to that server or applications on should be assumed to be compromised.

What went wrong?  This has been covered in more detail by security researchers, in posts such as here and here.  A brief description: Ruby on Rails makes extensive use of a serialization format called YAML, most commonly (you might think) for reading e.g. configuration files on the server.  The core insight behind the recent spat of Rails issues is that YAML deserialization is extraordinarily dangerous.  YAML has a documented and “obvious” feature to deserialize into arbitrary objects.   Security researchers became aware in late December that just initializing well-crafted objects from well-chosen classes can cause arbitrary code to be executed, without requiring any particular cooperation from the victim application.  Since then, the bug hunt has been on: security researchers have been actively finding lots of ways in the Ruby on Rails code base, and in related code bases, to cause the application to deserialize YAML which is in some way under the control of the attacker.

So far this has included:

  • Rails, for programmer convenience, used YAML to implement JSON deserialization.  JSON is designed to get into Rails quite easily indeed — just POST it at the server, wham, YAML.load(attacker_data) happened.  (The actual mechanics of achieving that were more complicated, but that’s the practical upshot.)
  • Rails allows XML documents to include YAML attributes.  That decision has caused a bit of head scratching, since it seems like a curious choice for most programmers in the community, but be that as it may this allowed posting XML at Rails apps to be trivially exploited.
  • Rubygems used YAML to hold metadata about each gem submitted to it.  An attacker was able to create a malicious gem, cause the Rubygems web application to evaluate the metadata contained in it, and thereby compromise the Rubygems server infrastructure.
  • February will see more compromises, with my certainty of this prediction approaching my certainty that the sun will rise tomorrow.  There exist many, many other code paths in Rails to get to YAML.load().  Some of them will be found to be amenable to attackers, either (worst case) for all or substantially all Rails applications or (still bad case) to Rails applications whose application logic involuntarily cooperates with the attack.  (i.e. In the worst case, attackers root every unpatched Rails app on the Internet.  In the best case, attackers only root some apps and they often have to have an expert do a modicum of marginal work to do so.)

Ruby on Rails security sucks lolz amirite? No.  Well, no to the nuance.  Software security does, in general, suck.  Virtually every production system has security bugs in it.  When you bring pen testers in to audit your app, to a first approximation, your app will lose.  While Ruby on Rails cherishes its Cool-Kid-Not-Lame-Enterprise-Consultingware image, software which is absolutely Big Freaking Enterprise consultingware, like say the J2EE framework or Spring, have seen similar vulnerabilities in the past.  The recent bugs were, contrary to some reporting, not particularly trivial to spot.  They’re being found at breakneck pace right now precisely because they required substantial new security technology to actually exploit, and that new technology has unlocked an exciting new frontier in vulnerability research.  It sucks for users of Rails that Rails is currently on the bleeding edge — believe me, after having lost 3 consecutive nights to patching my own applications, I know — but it would suck much, much worse if the Bad Guys had found these first and just proceeded to remote-own every Rails app on the Internet.  That is, by the way, an achievable scenario.

Was anyone actually compromised?  Yes.  The first reported compromise of a production system was in an industry which hit the trifecta of amateurs-at-the-helm, seedy-industry-by-nature, and under-constant-attack.  It is imperative that you understand that all Rails applications will eventually be targeted by this and similar attacks, and any vulnerable applications will be owned, regardless of absence of these risk factors.

Will anyone else be compromised?  Yes.  Thousands upon thousands of Ruby on Rails applications will be compromised using these vulnerabilities and their spiritual descendants, and this will happen for years.

  • Many Rails developers have not reacted to this news with the alacrity they should have.  (See next question.)  These applications may be compromised already.
  • There are many Rails applications which were created years ago, which are not under active development any more, for whom no-one is responsible for applying security patches.  Any of these applications which are publicly routable on the Internet will be compromised.
  • There are many Rails applications which are installed by end users, some of whom do not have security expertise.  For example, Redmine — an open source developer productivity tool — is commonly installed at individual companies.  Every publicly accessible Redmine instance which is not patched will be compromised.
  • Ruby on Rails lacks a CMS with the mindshare of, say, WordPress, which is good, because every unpatched Ruby on Rails CMS delivered to a non-technical company to serve as their website or backend to their mobile application will be compromised.
  • There are many developers who are not presently active on a Ruby on Rails project who nonetheless have a vulnerable Rails application running on localhost:3000.  If they do, eventually, their local machine will be compromised. (Any page on the Internet which serves Javascript can, currently, root your Macbook if it is running an out-of-date Rails on it. No, it does not matter that the Internet can’t connect to your localhost:3000, because your browser can, and your browser will follow the attacker’s instructions to do so. It will probably be possible to eventually do this with an IMG tag, which means any webpage that can contain a user-supplied cat photo could ALSO contain a user-supplied remote code execution.)
  • Many companies — including ones which do not even consider themselves Ruby on Rails shops — nonetheless have a skunkworks project running somewhere.  For example, they might have a developer who coded a quick one-off analytics app, which is accessible outside the firewall so that sysadmins could check server loads from home.  If the app is on the public Internet, it will be compromised.
  • Many Ruby on Rails shops have good development practices and no longer have the “monorail” anti-pattern, where everything their company does is in one gigantic Rails app.  They have already patched most of their main apps, but they missed one.  Maybe it is the customer support portal at admin.example.com.  Maybe it is a publicly accessible staging server at EC2 spun up by a developer who has since left the company and not shut down because, hey, $20 a month.  Maybe it is a 20% project by a junior engineer which he has on the back burner for the moment.  It doesn’t matter why this app was forgotten: if it is publicly accessible, it will be compromised.

What was the proper way to react to these patches?  Patch immediately, install a workaround immediately, or pull the plug on your application.  (“Pull the plug” means disconnect it from the Internet or shutdown the server while you get a mitigation plan into place.)  You should have distinct memories of you or someone under your employ having at least two separate incidents in the last four weeks in which they dropped everything they were doing and immediately took action to resolve these problems.  Immediately means exactly that: right now, not during the next schedule code spring, not tomorrow, not in an hour.

I was up at 3 AM Japan time applying these patches, twice.  If the next patch drops at 3 AM your local time, someone should be applying it immediately.  Computers can count to big numbers very quickly indeed.  A six hour window between a patch dropping and the start of business the next day is more than enough for an automated scanner running on a botnet to have tried compromising substantially every Rails app on the Internet.  (Do you disagree?  You are overestimating how hard it would be to find your application.)

Aren’t you exaggerating?  Our application isn’t particularly high risk!  We aren’t high-profile, it doesn’t have obvious monetary return for exploiting it, etc etc. Good thing you aren’t really saying that, but you might be at an Internet cafe next to an engineer who has poor reading comprehension, so help me explain this to him: nobody needs to care about your application to compromise it using these vulnerabilities. They can be exploited in a totally automated manner over the open Internet, requiring zero knowledge of e.g. what version of Ruby you are running, what version of Rails you are running, what your URL structure looks like, etc.  (Somebody suggested “How would you determine which servers were running Ruby on Rails?”  Answer: It’s absolutely trivial to detect Rails applications in a scalable fashion, but why bother?  Fire four HTTP requests at every server on the Internet: if the server is added to your botnet, it was running a vulnerable version of Ruby on Rails.)

Aren’t you exaggerating? Clearly this would take a lot of specialized expertise to exploit! Yep… the first time. Now that people know how the exploitation is done, however, you could do it by just copy/pasting one of the proof-of-concept scripts or b) running a browser bookmarklet. (I am not passing out that browser bookmarklet, because I think that would inevitably lead to mischief, but just know that you’re rootable in a click if you didn’t take action on this. And, by the way, have been for three weeks or so now.)

We’re A Startup.  What Happens If We Lose A Server?

If you lose one server, you will lose every server, with very high confidence.  If, for example, you are a Python-using shop which had a Redmine instance running around with no code on it, and you lose that Redmine server, you can expect a skilled attacker to then pivot from that privileged location within your network to start compromising other servers on your network.  At this point, you need to have done absolutely everything right to make it impossible for that skilled attacker to prevail, and you almost certainly have not.  (Compelling evidence that you’re not as good as you think you are: you already had one vulnerable application which could be compromised over the open Internet.  To a certain philosophy, that isn’t your fault, but the attacker gets root regardless of whose fault it is.)

The actual steps a pen-tester would take to root your other boxes are pretty academic after they have one.  (For example, you can start probing other machines on the network for vulnerable services, use credentials found on your compromised machine to suborn other machines, take over routing hardware using vulnerable administration panels and then start intercepting all network traffic, etc etc.)  Just take it as a given, you will lose.  Companies much larger and smarter than you lose everything when this happens, essentially every time it happens.

We’re A Startup.  What Happens If We Lose Every Server?

A short preview of coming attractions:

  • You will lose the next several weeks out of your schedule dealing with this issue.
  • You will have to take down all of your applications and rebuild all your servers from scratch.
  • You can assume the attacker now has a copy of your source code, all credentials you have, all your databases, and all information you had like e.g. log files.
  • Do you take credit cards?  Were you taking credit cards through an exploited application?  You now have a PCI-reportable data breach.
  • Your local jurisdiction may have legal requirements that you notify the people whose data just got exposed.
  • You now have a public relations nightmare on your hand.
  • In addition to compromising any customer data you possessed, you have made it possible for diligent attackers to compromise those customers elsewhere.  The most trivial example is, if you did not implement password storage correctly, you have just handed the attackers a list of email addresses and associated passwords which they can now re-use on higher value targets like e.g. bank accounts or Gmail, because many users re-use their passwords everywhere.  (You use bcrypt?  Wonderful.  Did  the attackers turn it off when they rooted all your applications?  Can you conveniently check that, knowing that you cannot trust the contents of any logs on those compromised servers?  No?  OK, so instead of losing all the passwords, we can upper bound exposure at only all users who logged in since the attack started.  That’s an improvement… sort of.)

Basically, it’s Very Bad, but not the end of the world.  You’ll probably need expert help to get through it, like you would need if e.g. you got sued.  Unfortunately, lawsuits generally give you weeks of notice and progress slowly, but security vulnerabilities often give you negative several hours notice and get worse for every minute left unchecked.

We’re A Startup.  We Don’t Use Ruby on Rails So We’re Totally Cool, Right?

Can you enumerate every account on the Internet where you have a password and also every service consumed by your business?  Go ahead, take as long as you need: it is very important that you don’t miss one.

OK, let’s start with the obvious: Look for analytics providers and other folks on that list who have instructed you to embed JS on your website.  If I do this exercise, I come up with at least three results here.  Do any of them use Ruby on Rails?  (Are you sure?  Remember, if they have at least one Rails app on their network…)  Great.  If they didn’t patch in a timely manner, you should assume that Javascript you’re embedding on your website is in the hands of the enemy.  It is now a cross-site scripting vulnerability against every page it is embedded on.  Do you embed it on e.g. log in pages or anywhere your admins expose their own all-powerful admin cookies?  Boo, now the enemy has your password / cookies / etc.

Alright, let’s move down the line: Look for anybody who implements OAuth/Facebook Connect/etc.  Do any of them use Ruby on Rails?  Are you sure?  If they haven’t patched, you’ve handed the union of all privileges over the linked accounts to the attackers.

Alright, let’s move down the line: Consider everybody who has a copy of a password which you re-use elsewhere.  (You shouldn’t be re-using passwords, or variants of passwords, but I ignored that advice for years so I’m betting a lot of you did, too.  Maybe not you, specifically, but you know that chap in marketing who is great with people but thinks MSWord is complicated?  Consider whether he has access to anything sensitive in your company.  He does?  Well, sucks to be you then, but good on your for password security.)  Do any of them use Ruby on Rails?  Are you sure?  Did they use bcrypt/scrypt/etc to properly secure passwords at rest, and did they patch these vulnerabilities fast enough to prevent attackers from pulling them off of the wire?  Are you sure?  If you’re not sure of all of these things, consider every password compromised and take action appropriately.

One of my friends who is an actual security researcher has deleted all of his accounts on Internet services which he knows to use Ruby on Rails.  That’s not an insane measure.  (It might even be inadequate, because all the folks who are compromised are probably going to lose their database backups as well.  Well, if they have database backups.)

These are just a sample of ways in which these vulnerabilities can ruin your day.  They are very much not an exhaustive list.  If you believe in karma or capricious supernatural agencies which have an active interest in balancing accounts, chortling about Ruby on Rails developers suffering at the moment would be about as well-advised as a classical Roman cursing the gods during a thunderstorm while tapdancing naked in the pool on top of a temple consecrated to Zeus while holding nothing but a bronze rod used for making obscene gestures towards the heavens.

Somebody Dropped A 0-Day On Rubygems. What If It Happens To Me?

Yes, that certainly sucks royally.  Rubygems wasn’t even exploited using the patched Rails vulnerabilities — an attacker just learned something which worked (again, we’re on the leading, bleeding edge of security research here), applied it in a novel fashion, and compromised the Rubygems application.  As of me writing this it looks like we avoided the Ruby-ecosystem-wide apocalypse that would have happened if they had started backdooring gems, but let’s just focus on the immediate fallout: their system got compromised.  What if one of yours did, like that?

The first step is a preventative inoculation: If you run an application on the Internet, you should today establish a security contact page.  It only needs to include two things: a working, monitored email address and a PGP key.  Bonus points for giving some sort of public recognition to people who report security vulnerabilities to you in a responsible matter.  This helps to co-opt some security researchers so that they e.g. get in touch with you about the problem prior to just going ahead an exploiting it.  Software security has a curious system of social norms, where scalp collecting both builds both karma and pseudo-currency.  It’s bizarre, but just take this on faith: having a security page with a working email gives you a certain amount of We Should Avoid #’#(ing Their #()#% Up Without Asking First street cred.  (Naturally, like any social norm, that is a preventative measure rather than a panacea.  However, given that it is a well-understood norm, it gives you a bit of an edge in the PR battle should someone decide to just drop a 0-day on you.)

Good security pages to pattern after: 37signals (I particularly like how this page works for responsible disclosure while, in a dual-audience fashion, also doubles as being great marketing copy), Twilio, Heroku (again, dual audience), etc.

Have a plan for responding to security incidents. I call mine the Big Red Button. Thomas, a security consultant friend of mine, accurately observed that these probably caused the first Big Red Button events that many folks in the Rails community have ever had to deal with. We should learn from our experiences here.

For example: I pushed the Big Red Button at 3 AM in the morning, twice this month, to apply critical security patches and work-arounds.

So did I do a great job of addressing this problem? No, I did a pretty effing atrocious job of addressing this problem. Specifically, I have two old-as-the-hills Rails apps running on 2.3.X at the moment. Waaaaay back in 2010, Mongrel and Rails had a bit of a compatibility issue, and I solved it via a monkeypatch. The monkeypatch relied on a hardcoded version number, which I have been hand-incrementing every time I update Rails. It’s literally on the redeploy checklist, next to a note “TODO: This is stupid and should be fixed when I get a moment.”

I did three Rails app upgrades locally, three test suite runs, and three sets of smoke tests when applying one of these patches. The one in the middle happened to be Appointment Reminder, which is an application that has to be up during the US workday. Unfortunately, because I was exhausted while following my deployment and smoke test checklists, I a) forgot to bump the version number in that monkeypatch and b) did not follow the part of the smoke test which would have clued me on to “This is going to cause log-ins to fail on some browsers.” That resulted in some breaking downtime for some customers during the US workday, and me having to send an apology to all customers. That sucked horribly.

I have now fixed my monkeypatch to not require hard-coding the Rails version, simplified some of my deploy procedures, and am working in the next several months on beefing up my testing suite. Also, lesson learned about resolving “TODO: This is stupid” when it would take 5 minutes to do rather than having it blow up in my face.

There, that’s an experience I went through. Now you know the punchline, so hopefully you don’t have to go through it as well.

Similarly, we can observe:

  • We need an updated list of all applications running on our servers, so that we know when a problem with a technology stack affects them, even though this sounds like a boring Big Freaking Enterprise IT Department requirement. (And gulp their dependencies.)
  • For each tech stack we support, we need at least one expert following the primary source for security news for that tech stack.
  • We need whomever is responsible for product development and/or ops to, effectively, carry a pager for drop-everything-and-do-it-now resolution of security issues, just like we’d do for e.g. the server has fallen over or “our building is, physically, on fire.”
  • These requirements suggest minimizing the number of tech stacks we work with, even if that means passing up the new hotness occasionally.
  • Just like we have e.g. insurance on the building physically burning down, we should have some upfront investment in security. Good forms might include security training, outside consulting, or (if we’ve got a lot of money) contributing work towards securing tech stacks we rely on.

You Should Be At Defcon 2 For Most Of February

Big security vulnerabilities tend to be discovered in bunches.

Why does this happen?

  • Blood in the water attracts sharks. Some of my security friends would hate this phrasing, because “researchers don’t cause vulnerabilities, they find vulnerabilities”, but as a businessman who depends on software for his livelihood, I had exactly zero days of the last six years spent sleepless because of the latent vulnerability in Rails, but two days this month due to the pressing need for immediate mitigation. There are many more eyes pouring over Rails — and related projects — more closely now than typically. Many of them are white hats (yay!). Some aren’t. In general, there is a virtually infinite need for software security expertise, just like there is an infinite need for software, and there is a crushing lack of expertise which can meet it. Some folks who are capable of finding vulnerabilities are, due to attention/topicality/renewed interest/commercial potential/etc, now looking at Rails as of today.
  • Technology marches on. After you have a new exploit vector to play with, you can start applying some of the technology used to discover / develop / exploit it against other code bases, code paths, etc etc. For example, the first Rails vulnerability was parlayed within a day into a similar vulnerability in the MultiXml gem. The same underlying “YAML is very dangerous” realization enabled the Rubygems compromise. If I were working on e.g. Django, I would strongly suspect that security researchers are going to see whether they can find similar patterns on Django — it wouldn’t be the first time, since e.g. HMAC tampering vulnerability disclosures in Rails were followed up by similar findings on Django the same week.

I previously had a version of this post queued up right after the first bug dropped, but didn’t hit Publish because I got busy that weekend and thought it wouldn’t be timely anymore. That post included the lines “I will bet $1,000 at 100-to-1 odds that Rails suffers another code execution vulnerability before the end of January.” If you had hypothetically taken that bet, you would have lost.

You should expect February to be a very trying month for the Rails community and startups in general. Your security team should be at Defcon 2: be ready to respond to patches with particular alacrity, and expect there to be failures in the ecosystem outside of your ability to control them. For example, I’d make sure that you can rebuild systems without requiring access to Github / Rubygems / etc, and that’s (unfortunately) the tip of the iceberg.

This Sounds Like A #$()#%ing Disaster

That is primarily because this is a #$()#%ing disaster.

For my part, in addition to taking steps to fortify my own businesses, I’m (as time permits) doing some pro-bono security work on Rails. I do not have results which can be published yet. I strongly suspect based on early research that I will, in February, and I strongly suspect that other researchers (both white hats and the Bad Guys) are much, much better at this than I am.

Get ready. It will get worse before it gets better.

70 Comments
Loading...
Free video + email advice on making & selling software:
(1~2 emails a week.)