Safety Entrepreneurs' Practice Manual: The rivers and lakes of information security belong to people in the circle.

Lei Feng Network: Author Zhang Mo, Director of Fengrui Capital, has been responsible for the construction and operation of Google and YouTube data centers. He is a founding team member and first operator of Google China. He is involved in R&D and service environment construction. He also served as Joyent China. The chief representative of the district, the chief operating officer of the Youyou System, and the executive director of Anshun Speed, were among the earliest people to join the cloud computing industry. This article is part of the speech delivered by Zhang Mo at the Alibaba Security Summit entitled “Entrepreneurs Who Have “Sentimental Sense in the Eyes of Investors”, and analyzes the problems and opportunities faced by the current network security team’s entrepreneurship. For investors, What kind of security entrepreneurs are "safe"?

Entrepreneurs with "security" in the eyes of investors

In the past year, entrepreneurship in the field of information security in China has become very hot. Since the leader personally set up the Central Cyber ​​Security and Informationization Leading Group and served as the leader, the information security industry has gradually received more and more attention and felt “unclear”. From the top level, this case has completely changed the basic perception of information security and entrepreneurship in the investment community and industry, and turned it from relatively neutral to a very hot event.

I would like to share with you some of my observations and thoughts on entrepreneurship for information security practitioners over the years. In any case, entrepreneurship is a process of growth and transformation. What is important is that since it has begun to move forward without hesitation, whether it is a failure or not, it must be done with a head and a hero.

1. "Different" born for destruction

Looking inside, information security practitioners are actually a very special and very scarce group. In terms of thinking, they are essentially different from traditional computer engineers. Engineers have a general idea: use technology plus resources and raw materials to build many components into a system to achieve specific functions. This is a typical process of construction and creation.

The thinking of information security practitioners is exactly the opposite. When they see a running system, they often think of whether the system has loopholes in its operation, whether there are irrational areas in its design, what kind of weaknesses in its use and construction, and how to surrender it through these loopholes, flaws, and weaknesses. Systems that change their behavior and cause system damage, or for us to use. This process is a typical destruction process.

Talented information security practitioners often have destructive thinking

Talented information security practitioners are usually people with destructive thinking. However, our education system suppresses, corrects or even eliminates this destructive thinking. Those who can survive or escape education baptism should be regarded as "different" anyway.
If it really traces its roots, education may be second. Because most of the evolutionary process of humans is very detrimental to individuals with destructive thinking. For most of human development, human beings are in a state of very scarce resources. Constructive and creative individuals are more likely to survive in times of scarce resources, while individuals who naturally like to destroy will live a hard life, regardless of whether Food is still color.

2. Information security rivers and lakes belong to people in the circle

Looking out of the industry, the information security field has the feeling of legendary martial arts. Looking from the outside is a relatively mysterious big circle. The people inside are full of stunts and can not be ordinary people. When it comes to martial arts, one of the most important things is the position of the people, which is also important in the information security circle. When it comes to the status of rivers and lakes, it is actually two things. First, the level of martial arts. Like the martial arts novels, the information security circle is also full of factions. As a result, information security may be one of the most competitive areas in the technical field. There should be more than half of the information security offensive and defensive games held in East Asia.

The field of information security is like a martial arts

Second, in addition to having the ability, there must be human products. Just like martial arts, people who are loyal to the atmosphere often have higher positions in the arena. The masters of information security practitioners often start with hackers and become very influential experts in a vertical field. Along the way, Schneider-Jade, made a group of friends, taught the industry doubts, also has a bunch of loyal fans, slowly became a big coffee in the field.
In the area of ​​information security, entrepreneurship is different from other fields. One of the main features is that this is an insider's business. An outsider who is not in the information security industry, who is doing business in the field of information security, is basically just trying to play tickets. There is an ancient Chinese saying that it is in place: Ci does not lead troops, and it does not gather money. The essence of entrepreneurship is to fight all the way, and ultimately achieve fame and fortune. This process is always a big challenge for entrepreneurs, regardless of their original intention or nature, and it is a process of reshaping and re-growth.

3, information security entrepreneurship: Xiang Yu's good fight + Liu Bang's strategy

The process of growth and entrepreneurship of information security practitioners is a typical process from soldiers to generals to heads of state. They usually start with highly skilled engineers and become professional experts after actual combat baptism. A good security officer will usually form an influential small circle through his own ideas and technology inheritance, and the soldier will reach the general position. This point in time is often the time when information security practitioners start thinking about entrepreneurship. Because they have knowledge, practical experience, ideas, and even a lot of connections.

The growth of information security practitioners is a typical process from soldiers to generals to heads of state.

In fact, the key to the entrepreneurial process is the process from the general to the head of state. There are too many uncertainties in this process. There are too many challenges and problems. There are too many resources that need to be integrated and the forces that need to be united. Therefore, there must be certain means to circumvent them and many compromises are needed. This process has often evolved from a high-profile, high-standard soldier to a very grounded and realistic politician.
Many information security practitioners have the shadow of Xiang Yu intentionally or unintentionally: not only are they brave and brave, but they can also lead troops to fight victory. Not only can they despise authority and effortlessness, but they can also be beautiful. But the truly successful entrepreneurs must add the elements of Liu Bang: that is, the grasp of people and insight into the essence, for the sake of vision, make insistence or compromise.

4, go against it and go to his fast is not broken

Information security is a very broad area (in the rapid development of information technology, the coverage of information security is also growing rapidly). The offensive and defensive attributes of information security determine that information security is an ever-present market: constantly evolving countermeasures will endlessly generate information security startups. In this context, information security practitioners do not have to pursue so-called hot spots in their search for entrepreneurship.

The offensive and defensive attributes of information security determine this is an evergreen market.

The information technology industry and the entertainment industry have great similarities. We can do this in the opposite direction and take a step back. Actually, the reverse engineering capability that information security professionals are good at is exactly what the current impetuous entrepreneurial environment is scarce: to find cracks, weaknesses, and imperfections in view of the current status quo. Places are used.

The beginning of entrepreneurship is more effective than positive ones in reverse thinking, especially in the field of information security. Reverse thinking often sees the very clear weaknesses and imperfections that are not easy to see with positive thinking in the current technology architecture system and current market environment. From here, you can come up with what direction you should choose and what kind of things to do.

In the final analysis, entrepreneurship is a matter of people. How to bring together the same industry is the biggest challenge that all entrepreneurs will face. This is especially true for information security entrepreneurs. The excellent information security practitioners themselves are very scarce resources, plus BAT3 (Baidu, Alibaba, Tencent, Qihoo 360) have accumulated hoardings for information security personnel in recent years (but the familiar names are basically global The incredible wages within them are taken by them. This means that it is basically impossible for startups to compete with their economic interests.

Information security companies are more attractive than giant companies.

Fortunately, in the field of information security, there are really talented people out there. Well-known names are only part of the real mastermind. More importantly, the young talents are most often regarded not as financial interests, but as equally good people. Work together, grow, and see future career development from better people.

This also explains that a truly excellent information security startup team is often more than capable of bringing together others in the same industry. Excellent information security practitioners have the opportunity to create very attractive personal brands through their own knowledge and expertise in the field. In a word, your position is often more attractive than cold giants.

Only the concept of being promoted to the extreme in the age of Internet entrepreneurship, I personally believe that this is harmful to entrepreneurial businesses in the field of information security. Part of the reason is that any entrepreneurial process is usually not as enjoyable as everyone talks about; more importantly, the effectiveness of information security products is reflected in the confrontation of information security attack and defense, like other offensive and defensive products, such as drugs. And weapon development can often not help such products succeed.

It is undeniable that timing is an important factor in determining the success of an entrepreneurial enterprise, but the timing is usually brought up. Patience derives from confidence in the future and self. When you are very confident about what you are doing, you will have patience and persistence to wait. I feel that slowing down in my heart is a very important starting point for people who are engaged in information security.

5. Adhere to principles, keep discipline, and set an example

There are many arguments and genres about the management of the founding company. What is particularly popular is the various theories on how to manage high IQ and high-capacity people. Everyone can say a lot of fancy management ideas, but the ultimate goal of management is to establish an efficient organizational structure to achieve technical and commercial product goals.

Aside from the discussion of these theories, I think the most important nature of management lies in two things:

First, there must be principles, and second, discipline.

The principle of this matter is not difficult for information security practitioners, discipline is more difficult for information security practitioners to grasp and implement.


Discipline is often more difficult for information security practitioners to grasp and implement.

Management itself is to establish good and reasonable norms within an organizational system. Norms are guaranteed by discipline. All things should be within a reasonable standard. Corporate culture is built on the principle system that the company upholds, including the principles of external affairs. What matters is what can not be done. These are extremely important to an information security company. The principle of internality is fairness, justice, and mutual respect. Behind the principles and disciplines, there is a little more to the founder's own requirements. That is to lead by example. Information security practitioners often have almost paranoid defiance of rules and discipline, but the founders' adherence to principles and disciplines is a basic requirement that drives the entire company into a well-managed, well-educated entity.

6, born in fear, the market status comes from trust

The essential driving force of the information security market is fear—the fear of data assets being stolen, the fear of theft of trade secrets, and the fear of information security incidents leading to the loss of brands, reputation, and even customers.

In fact, the business model of many industries is based on fear. The insurance industry is another industry based on fear. The combination of the insurance industry and the information security industry is a topic worthy of discussion. Fear itself is a big driving force, allowing customers to find your product, and your service can provide information security protection.

Obviously, fear is the starting point for the launch of information security company's products and services. However, an information security company that wants to develop for a long time must not use it as a means of positive feedback for market development. As an executor of security capabilities, the market position of information security companies comes from trust rather than fear.

For trust, the stronger the ability, the greater the responsibility. A truly successful information security company is usually the rule-builder of a field, not the person protecting the fee.

The essential driving force of the information security market is fear.

All in all, it is an information security startup company's history from scratch and from weak to strong. It is an information security startup company that rises from fear, establishes itself through technology, and seeks victory through victory. Finally, I want to share with you: The hero is always down to earth.

This is dedicated to information security practitioners on the road to entrepreneurship.

Lei Feng Network (Search "Lei Feng Network" public concern) Note: Copyright belongs to Feng Shui, reproduced, please contact us to authorize and retain the source and author, not to delete the content.

Posted on