Debug Information

Processing Details

• VTT File: c1e-nr20cd8vv9bq8r6n-kp9p24gxfvgn-awnucg.vtt
• Processing Time: September 11, 2025 at 01:37 PM
• Total Chunks: 2
• Transcript Length: 83,060 characters
• Caption Count: 692 captions

Prompts Used

Prompt 1: Context Setup

You are an expert data extractor tasked with analyzing a podcast transcript. 
I will provide you with part 1 of 2 from a podcast transcript. 
I will then ask you to extract different types of information from this content in subsequent messages. Please confirm you have received and understood the transcript content.

Transcript section:
[00:00:00.160 --> 00:00:02.880] You're listening to another episode of Startups for the Rest of Us.
[00:00:02.880 --> 00:00:10.240] I'm Rob Walling, and today I'm joined by fan favorite Derek Reimer as we dive in to listener questions.
[00:00:10.240 --> 00:00:24.400] This episode runs a little long, and I let it run long because we dove really deep into a couple of these questions, and I felt like the deeper we went, the more kind of knowledge we unlocked.
[00:00:24.400 --> 00:00:29.600] And so, I really appreciated Derek spending the time with me today and going over our allotted time.
[00:00:29.600 --> 00:00:44.400] And I hope you'll stick around to the end, even though it's longer than a typical episode, because I really do think some of the things we dug into today are far beyond the surface level of what we could have dug into by only spending five or six minutes answering each question.
[00:00:44.400 --> 00:00:54.880] Before we dive in to our conversation, Microconf Europe is only six weeks away, it's in Istanbul, Turkey from September 28th through the 30th.
[00:00:54.880 --> 00:01:02.480] We already have an amazing docket of speakers, including Michelle Hansen, Mark Thomas, James Mooring, and myself.
[00:01:02.480 --> 00:01:05.440] We're going to have more than 170 attendees.
[00:01:05.440 --> 00:01:15.520] And last year, we had folks from across 30 countries, and something like 25, almost 30% had at least 100K of MRR, not ARR.
[00:01:15.520 --> 00:01:20.880] So it's a really amazing group of Bootstrap founders to be in a room with.
[00:01:20.880 --> 00:01:22.640] This event will sell out.
[00:01:22.640 --> 00:01:25.840] And in fact, we are 89% sold out at this point.
[00:01:25.840 --> 00:01:29.440] We have sold out all of our in-person events for the past few years.
[00:01:29.440 --> 00:01:34.800] So if you want a ticket, you're going to want to head to microconf.com/slash Europe.
[00:01:34.800 --> 00:01:42.800] In addition, I want to tease that we're going to be releasing the first episode of season five of Tiny Seed Tales on Thursday.
[00:01:42.800 --> 00:01:45.680] So keep your eye out for that in this feed.
[00:01:45.680 --> 00:01:47.840] I hope you enjoy the new season.
[00:01:47.840 --> 00:01:51.360] And with that, let's dive into my conversation with Derek.
[00:01:59.880 --> 00:02:02.120] Derek Reimer, welcome back to the show.
[00:02:02.120 --> 00:02:03.400] It's great to be back.
[00:02:03.400 --> 00:02:04.760] Wow, it's great to have you, man.
[00:02:04.760 --> 00:02:08.200] We are digging into listener questions today.
[00:02:08.520 --> 00:02:13.480] Have some across some great topics like how crucial is a co-founder?
[00:02:13.480 --> 00:02:17.240] How can I balance security with producing products?
[00:02:17.240 --> 00:02:18.760] And many more.
[00:02:18.760 --> 00:02:23.160] And our first comes to us from Thomas Parker.
[00:02:23.160 --> 00:02:29.560] I'm hoping I'm pronouncing his name right, but he's asking how crucial it is to have a co-founder.
[00:02:33.720 --> 00:02:34.840] My name's Thomas.
[00:02:34.840 --> 00:02:37.080] Thanks for all the value you create and share.
[00:02:37.080 --> 00:02:47.240] A friend told me about TinySeed when I was starting my project Prism, which you can find at Prism.guide last fall, and I've gotten a lot from the podcast since then.
[00:02:47.240 --> 00:02:58.120] I'm wondering how crucial you think it is to have a co-founder, especially in terms of general success, but also in terms of being a company that TinySeed would potentially fund.
[00:02:58.120 --> 00:03:06.760] I have a 15-year career in the niche world of self-directed education, where I co-founded an education model and nonprofit network called Agile Learning Centers.
[00:03:06.760 --> 00:03:11.960] I've worked on tech projects on the side as a product or project manager, but I'm not a developer.
[00:03:11.960 --> 00:03:27.960] This past fall, I realized I had enough technical knowledge that with some AI coding tools, I could probably build an application that could solve some pain points that the school my wife and I run has had for over 10 years as it relates to documenting and communicating the value of emergent self-directed learning.
[00:03:27.960 --> 00:03:30.360] I was in a cave for 10 weeks with Claude.
[00:03:30.360 --> 00:03:34.520] I had a friend who's an experienced engineer give me advice and check my work along the way.
[00:03:34.520 --> 00:03:44.200] Fast forward seven months, and I've got a dozen micro schools using the application and a bunch more planning to use it this fall, along with verbal commitments to pay for it starting in September.
[00:03:44.200 --> 00:03:46.320] It's currently July 4th.
[00:03:44.680 --> 00:03:51.600] I thought that after getting this first version up and running, I would definitely need a technical co-founder to depend on.
[00:03:51.600 --> 00:03:58.800] But now, after building a lot of new stuff, especially with clawed code and having another friend check the work, I'm starting to wonder if maybe I don't.
[00:03:58.800 --> 00:04:02.960] Of course, I've tried to poach friends from their high-paying jobs, but no dice.
[00:04:02.960 --> 00:04:11.040] I don't want to work with the wrong person, but I also love the idea of having someone that I can really depend on and think deeply about the product with.
[00:04:11.040 --> 00:04:15.200] So, should I keep sailing or hit the brakes and find a technical partner?
[00:04:15.520 --> 00:04:17.760] And I want to say one thing before I pass it to you, Derek.
[00:04:17.760 --> 00:04:21.040] I actually think this is maybe two questions.
[00:04:21.040 --> 00:04:25.280] One, there's this idea of just having a co-founder, period.
[00:04:25.600 --> 00:04:30.960] The other is having a technical co-founder if I'm not and I'm building SaaS specifically.
[00:04:30.960 --> 00:04:33.280] So, maybe we can separate those two.
[00:04:33.280 --> 00:04:35.040] And you can answer one or both.
[00:04:35.040 --> 00:04:38.320] I'll just kick it to you, and then I obviously have some thoughts on my own.
[00:04:38.320 --> 00:04:39.760] Yeah, this is an interesting one.
[00:04:39.760 --> 00:04:47.040] I think because we've, even you and I, I think, in listener questions before, have talked kind of about co-founder dynamics and having them.
[00:04:47.040 --> 00:05:07.440] But I think the interesting piece here is sort of that line of thinking around: okay, I'm non-technical, but we're kind of entering a brave new world here of AI tooling that allows non-technical people to get really far with building software products, whether you call it a prototype or an MVP, or even pass it as a full-blown production-grade application.
[00:05:07.440 --> 00:05:13.840] You know, doing this without necessarily having the rigorous oversight of someone technical on the team.
[00:05:13.840 --> 00:05:18.160] And I think that's really the interesting of the moment bit here.
[00:05:18.160 --> 00:05:26.560] And I don't want this to come off as disrespectful at all to tenacious founders who are like, who are doing this and building products without having someone technical on the team?
[00:05:26.560 --> 00:05:29.280] But in general, I find this a bit alarming.
[00:05:29.280 --> 00:05:31.560] I would feel like I always have to put a timestamp on this.
[00:05:29.840 --> 00:05:33.960] We're talking mid-summer 2025.
[00:05:34.280 --> 00:05:37.960] So things might be different in three months, six months, a year.
[00:05:37.960 --> 00:05:39.880] Who knows where tooling is going to go?
[00:05:39.880 --> 00:05:48.520] But at least in this moment, I've worked a lot with LLMs helping me write code in my various products.
[00:05:48.520 --> 00:06:01.240] And I would say I would have a hard time trusting an LLM to produce code that is necessarily up to snuff on security and just maintainability in general.
[00:06:01.240 --> 00:06:09.640] But I think there's been a lot of memes passed around over the last few weeks and months about apps that are vibe-coded that then people are hacking really easily.
[00:06:09.640 --> 00:06:30.440] So especially if you're not prompting an LLM with the knowledge that a developer would have, you don't necessarily know what to ask it to do in terms of making sure that authorization and access are locked down on all endpoints and just all the different things you would think about as a web developer.
[00:06:30.440 --> 00:06:33.080] The LLM may not know if that's a priority for you.
[00:06:33.080 --> 00:06:35.800] And if you don't ask it to do it, there's a chance it won't.
[00:06:35.800 --> 00:06:48.200] These types of things don't often get caught until someone pops open developer tools and looks at the API requests it's making in the background and discovers, oh, you have this unsecured endpoint where I can query all your users or whatever.
[00:06:48.200 --> 00:07:01.640] So I think there's a lot of reasons to be concerned about trying to go deep into production with a code base that hasn't been at least kind of curated by a developer.
[00:07:01.640 --> 00:07:05.480] I know you mentioned he has a friend who's a developer who's kind of spot checking his code.
[00:07:05.480 --> 00:07:08.200] And that's good on him for doing that.
[00:07:08.200 --> 00:07:16.720] But I think if you're going to build a SaaS, it's worthwhile to try to have someone as soon as possible on your team kind of in charge of the technical side.
[00:07:17.040 --> 00:07:29.520] I think there's also the piece of like most of these tools today that help you build like a V1 of a product are kind of effective because they're able to hold most of the product in the context window of the LLM.
[00:07:29.520 --> 00:07:34.960] So like, you know, in the early days, it kind of knows everything all the time and it can keep building stuff.
[00:07:34.960 --> 00:07:44.800] But as soon as your code base gets sufficiently large where it doesn't all fit in the context window, that's when figuring out how to basically manage the context gets more and more difficult.
[00:07:44.800 --> 00:07:50.720] And it starts producing things that it doesn't necessarily know you have this other area of the code base because it's not all in context.
[00:07:50.720 --> 00:07:54.960] And so you start getting spaghetti code, duplicate code, things that are not well-factored.
[00:07:54.960 --> 00:07:59.200] And I think that's kind of a hard cliff that a lot of people are bumping up against these days.
[00:07:59.200 --> 00:08:04.160] Now, maybe we'll get to the point where there's nearly infinite context and this is not a concern anymore.
[00:08:04.160 --> 00:08:17.280] But at least for now, this could be something unforeseen that will catch you out when suddenly the AI is not really able to produce features like it has been in the past because you reach this kind of hard limit.
[00:08:17.600 --> 00:08:21.280] Yep, 100% on the same page.
[00:08:21.600 --> 00:08:27.680] And what strikes me is that conversation you and I had two, three months ago.
[00:08:27.680 --> 00:08:36.240] Well, it was the whole DD group, and you specifically were talking about your process with how you use AI to help augment and make you faster writing code.
[00:08:36.240 --> 00:08:37.440] Because I haven't done it, right?
[00:08:37.440 --> 00:08:38.720] I haven't used AI to write code.
[00:08:38.720 --> 00:08:44.640] And you basically said, yeah, I tell it what to do, and then I look through it and I'm like, oh, it did all this wrong.
[00:08:44.640 --> 00:08:48.880] And then I tell it to fix these things, and then I make sure that it's fixed.
[00:08:48.880 --> 00:08:58.480] You, as the senior, super senior dev, are spot checking and making sure it's security, it's maintainability, it's brittleness, it's whatever else, and you're sanity checking that.
[00:08:58.480 --> 00:09:08.840] It's the same way where if I ask, if I ask ChatGPT to help me outline a YouTube video or to help me brainstorm blah, blah, blah, or I have a tweet I want to say on this thing, like write the tweet.
[00:09:08.840 --> 00:09:11.800] I then look at that and say, man, it really messed up.
[00:09:11.800 --> 00:09:14.520] Like by my, I have a taste, I have an editorial eye.
[00:09:14.520 --> 00:09:17.560] I never copy and paste straight out of ChatGPT into anything.
[00:09:17.560 --> 00:09:19.880] It's just never, it's never 100% there.
[00:09:19.880 --> 00:09:21.160] It might get 90%.
[00:09:21.160 --> 00:09:23.720] And in most cases, it's more like 75%.
[00:09:23.720 --> 00:09:31.080] And I have to then tweak it and transform it to make it, to me, make it good, make it great.
[00:09:31.080 --> 00:09:43.480] And so without that step, that's where as a non-technical or as an entry-level dev using ChatGPT, it's kind of two entry-level devs working together is what it feels like.
[00:09:43.480 --> 00:09:45.720] And here's the thing that can work.
[00:09:45.960 --> 00:09:49.960] I'm going to do a metaphor here with construction, like of constructing a building.
[00:09:49.960 --> 00:09:58.840] You and I, as not, I mean, we are handy enough to use a screwdriver and nail, you know, nail boards and the thing with the place.
[00:09:58.840 --> 00:10:03.560] You and I could go out back on my property and we could build an outhouse.
[00:10:03.560 --> 00:10:05.640] I would feel confident that you and I could figure that out.
[00:10:05.640 --> 00:10:06.520] We could watch YouTube.
[00:10:06.520 --> 00:10:11.000] We could go to Home Depot and we could even maybe build a tool shed from scratch.
[00:10:11.000 --> 00:10:15.080] Now, maybe, maybe it wouldn't all be right angles, but we would figure it out.
[00:10:15.080 --> 00:10:18.120] The moment that I said, dude, I want to build a two-car garage.
[00:10:18.120 --> 00:10:19.480] Will you come help me?
[00:10:19.480 --> 00:10:21.640] That's when I start thinking, exactly.
[00:10:21.640 --> 00:10:23.880] You're like, because it's like, no, this is not a good idea.
[00:10:23.880 --> 00:10:25.960] Well, what if I was like, dude, I want to build a one-story house?
[00:10:25.960 --> 00:10:26.520] Come help me.
[00:10:26.520 --> 00:10:27.800] You know, a two-story house.
[00:10:27.800 --> 00:10:30.280] I want to build a commercial building that's three stories.
[00:10:30.280 --> 00:10:31.320] I want to build a skyscraper.
[00:10:31.320 --> 00:10:38.280] Like, you can build, if you're going to build a tiny little utility that converts PDFs to MP3s, which isn't really a thing, but you know what I mean?
[00:10:38.280 --> 00:10:39.960] Like, cool, vibe code that thing.
[00:10:39.960 --> 00:10:40.760] It does one thing.
[00:10:40.760 --> 00:10:42.120] That's your outhouse.
[00:10:42.120 --> 00:10:51.600] The moment you're building Savvy Cal, the moment you're building Drip, you're talking commercial buildings, you're talking maybe not skyscrapers, but you know, it's a totally different thing.
[00:10:51.600 --> 00:10:58.480] And so that's where, as a non-technical founder, you just got to be really careful with this stuff because it can often work in the short term.
[00:10:58.480 --> 00:11:09.920] You can get something into production that'll work in the next, it'll work for a month, it'll work for five months, it'll work for six months, and then until it doesn't, until there's bugs all over, until you change any line of code and it breaks six other places.
[00:11:09.920 --> 00:11:12.320] And AI doesn't fix that.
[00:11:12.320 --> 00:11:20.800] And it's the same thing we see with tiny seed companies across 204 companies we funded, and I think 300-something founders.
[00:11:20.800 --> 00:11:25.200] And 85 to 90% of the companies have at least one technical founder.
[00:11:25.200 --> 00:11:35.680] And the ones that don't, the 10, 15% that don't, code maintainability, code velocity, security, just all this stuff is there is always their number one issue, inevitably.
[00:11:35.680 --> 00:11:42.240] And so it's not that we don't fund teams with non-technical founders, but it is this will be your biggest headwind.
[00:11:42.560 --> 00:12:06.640] Yeah, do you feel like, because this is always the question, like, so you're a founder, solo founder, at least like he is for the moment, and he's considering like, should I stop and try to find a co-founder or should I, I guess the alternative would be like, maybe you find someone, a dev contractor who's within a budget range that he could afford and have that person start to take over the vibe-coded code base?
[00:12:06.640 --> 00:12:14.240] Or how important do you think like having someone with equity stake at this stage versus like hiring contractors?
[00:12:14.480 --> 00:12:21.200] Yeah, I know I can think of some folks that are good friends of mine that are in this seat of like solo founder, non-technical.
[00:12:21.200 --> 00:12:25.600] And I'm sure they've struggled here and there to like even know how to hire developers.
[00:12:25.600 --> 00:12:27.280] So that's something that's tricky, right?
[00:12:27.280 --> 00:12:29.040] So, yeah, how do you think about this?
[00:12:29.040 --> 00:12:29.960] That's always the hard part.
[00:12:29.760 --> 00:12:34.600] And that's usually the issue with folks who, let's say, pre-AI and pre-no-code.
[00:12:34.920 --> 00:12:49.240] Well, not pre-no-code, but like before no-code got really good at building stuff, even like three, four years ago, non-technical founder would hire a freelancer, a contractor, because, you know, again, all right, so I'm going to build a one-story house or a two-story house.
[00:12:49.240 --> 00:12:57.080] I'm not going to ask Derek to come over, but I am going to hire a single carpenter, you know, off of Craigslist and say, come build that house.
[00:12:57.400 --> 00:12:58.840] Do they know how to architect a house?
[00:12:58.840 --> 00:12:59.640] Do they know structure?
[00:12:59.800 --> 00:13:00.280] They don't.
[00:13:00.280 --> 00:13:02.920] Like, they know how to write some code, you know, is the analogy.
[00:13:02.920 --> 00:13:11.240] And so, you know, a carpenter can nail boards together and we'll know some stuff, but that house is not going to be what it should be because you really do need expertise in a team of people.
[00:13:11.240 --> 00:13:14.520] And that's product and, you know, all the other stuff.
[00:13:14.520 --> 00:13:22.760] So that is the tough thing: is you kind of, how do you know how to hire a developer who really knows what they're doing when you don't know what you're doing?
[00:13:22.760 --> 00:13:28.680] Now, you can get a friend or you can hire a super senior dev to help you interview, and it might work out.
[00:13:28.680 --> 00:13:33.400] In most cases, that person stays with you for six to 12 months, then they leave.
[00:13:33.400 --> 00:13:36.920] Then the next person you hire says, we need to rewrite this entire code base from scratch.
[00:13:36.920 --> 00:13:38.440] It's completely unmaintainable.
[00:13:38.440 --> 00:13:45.080] I mean, I see this over and over and over, which is always like, oh boy, you know, this is, it's, it's the headwind, right?
[00:13:45.080 --> 00:13:47.480] So this is one of those tough things.
[00:13:47.480 --> 00:13:59.320] Like, if I were to say, I want to, me, Rob Walling, I want to get into manufacturing, like, I'm going to design and manufacture tabletop board games, or I want to design and manufacture hardware of some kind.
[00:13:59.320 --> 00:14:01.640] I have no experience doing that.
[00:14:01.640 --> 00:14:03.640] So it's like, should I learn it?
[00:14:03.640 --> 00:14:04.440] I'm not a designer.
[00:14:04.440 --> 00:14:06.280] Should I learn design or should I go hire a designer?
[00:14:06.280 --> 00:14:08.920] I guess design's a tough one because that's when you can just identify.
[00:14:08.920 --> 00:14:17.200] There's no like, this is where some of the analogies break down: there's no long-term maintainability of design.
[00:14:17.200 --> 00:14:21.040] If the design is good and I see that the pieces look good and the board looks amazing, great, ship it.
[00:14:21.040 --> 00:14:21.680] It's a game.
[00:14:21.680 --> 00:14:26.320] Code, much like a building, you know, has this under, what is it?
[00:14:26.320 --> 00:14:27.200] It's like the iceberg.
[00:14:27.200 --> 00:14:34.880] There's stuff under the water that you don't under, you don't see that this will f you a year down the line or two years down the line once you've had success.
[00:14:34.880 --> 00:14:46.640] That, so we're, we're pretty doom and gloom on this, but and it's not always the case, but it is the majority of the cases, you know, where not having a technical co-founders really, really can come back to bite you.
[00:14:46.960 --> 00:14:54.480] Yeah, I mean, I think about how hard, even being a developer, how hard it is to keep a code base maintainable.
[00:14:54.480 --> 00:15:15.440] And I would argue most developers don't have a code base as maintainable as they would want it to be because you make decisions and then you learn some things and a year goes by and you learn more about what features you maybe should have built from the beginning and now they're bolted on in a way where you're not quite happy, but you're constantly making these practical decisions of like, I'm not going to go back and rewrite this entire subsystem.
[00:15:15.440 --> 00:15:16.560] Like it's not worth the effort.
[00:15:16.560 --> 00:15:20.960] So instead we'll bolt the thing on, but it's not as pristine and perfect as it could have been.
[00:15:20.960 --> 00:15:24.960] And then you just layer those decisions on again and again and again over the life cycle of a product.
[00:15:24.960 --> 00:15:35.040] And before you know it, you're always contending with a certain amount of technical debt that you don't want to have around, but you can't justify pumping the brakes on the entire business to go and pay down that technical debt.
[00:15:35.040 --> 00:15:39.280] And so, yeah, it's just a lot to think about even as a developer.
[00:15:39.280 --> 00:15:47.040] And if you don't have a developer on the team, the AI is not going to be, the AI is just, it's just fancy autocomplete, really, if we're thinking about it.
[00:15:47.040 --> 00:15:51.520] So it's not necessarily, yeah, it's not, it's not thinking about these things.
[00:15:51.520 --> 00:15:59.200] Yeah, and that's the thing, you know, to back to your earlier question, which I didn't answer, which was, could you hire a developer and how important is it that they have equity?
[00:15:59.200 --> 00:16:04.280] In my opinion, this is one of these things where I don't, this is not an always-never absolute thing.
[00:16:04.280 --> 00:16:05.480] You just hear there's a leaning.
[00:16:05.480 --> 00:16:08.520] I'm like 90%, 95% on these opinions.
[00:16:08.520 --> 00:16:09.560] There is a little wiggle room.
[00:16:09.560 --> 00:16:10.760] I have seen some work.
[00:16:10.760 --> 00:16:12.760] I've just seen so many not work.
[00:16:12.760 --> 00:16:21.400] For me, if I was starting a SaaS tomorrow, I would want to be working with a developer who had ownership of that code base and who had equity in the company.
[00:16:21.400 --> 00:16:26.840] And I would find that person is what I would do, especially if I'm not going to write the code.
[00:16:26.840 --> 00:16:31.720] I can't imagine doing it any other way and having it long-term work.
[00:16:31.720 --> 00:16:32.280] It can work.
[00:16:32.360 --> 00:16:32.920] It's the thing.
[00:16:32.920 --> 00:16:40.280] It can work in the short term, you know, get the MVP, as you said, or get that, you know, just enough to prove it out.
[00:16:40.280 --> 00:16:45.880] But it's likely if they don't have equity and want to be in it for the long term that you are going to have to rewrite it.
[00:16:45.880 --> 00:16:58.840] And we see this with, we've funded a handful, and I don't know the exact numbers, but it's five or less of no-code code bases, no-code apps, I guess I would call them, you know, that are built in Airtable bubble, that kind of stuff.
[00:16:58.840 --> 00:17:03.880] And all of them have been rewritten or will need to be rewritten.
[00:17:03.880 --> 00:17:06.200] It just doesn't work when it's pure SaaS play.
[00:17:06.200 --> 00:17:08.680] If you're a service on top of SaaS, it's one thing, right?
[00:17:08.680 --> 00:17:10.200] You can kind of manage it.
[00:17:10.200 --> 00:17:15.400] But I think it's just too core to the business to not have someone have ownership of that.
[00:17:15.400 --> 00:17:20.840] It's kind of like saying, I'm going to hire my first salesperson right now and have them do all the selling.
[00:17:20.840 --> 00:17:22.360] And it's like, they don't even know what you have.
[00:17:22.680 --> 00:17:24.680] As a founder, you kind of have to do that.
[00:17:24.680 --> 00:17:40.920] I will say on the non-doom and gloom side of this, I feel like five years ago, we would have said, try to prove out your idea by building something, cobbling something together with spreadsheets and a Google Doc and a Google form or whatever, you know, like naming the tools du jour from that era.
[00:17:40.920 --> 00:17:50.000] And I would say now it's a lot easier to build something that looks a lot closer to a full-blown production app as your prototype, you know, for proving something out.
[00:17:50.160 --> 00:17:56.400] And so I think that's still, that's a good thing, and that will help you do your validation efforts better.
[00:17:56.400 --> 00:18:08.240] And then I think the big thing is having the restraint to not keep a prototype in production if it's not actually up to par on what you want to maintain long term.
[00:18:08.240 --> 00:18:12.000] But you should probably try to make that decision as early on as possible.
[00:18:12.000 --> 00:18:24.800] Like, I think it'd be pretty painful if you take your prototype and then you end up bringing it into production and you go, you know, a year, two years in where you have all these customers using this thing, and then you have to stop the world and rewrite.
[00:18:24.800 --> 00:18:25.840] That's going to be pretty painful.
[00:18:25.840 --> 00:18:42.720] I've always been a fan of like the product you build from the start, try to keep that code base and not have to scrap it and start over, if at all possible, because you build up so much knowledge and you pay down, you find bugs and you fix them, and all of that gets lost if you scrap the code base.
[00:18:42.720 --> 00:18:44.880] So, yeah, so I think that's the tricky thing.
[00:18:44.880 --> 00:18:52.880] And maybe this code base that has been built by the non-technical founder is still usable and moldable into something else.
[00:18:52.880 --> 00:19:00.080] It's possible you might be able to, you know, hand that off to a developer and they can sort of continue maintenance of the same code base.
[00:19:00.080 --> 00:19:00.960] But I don't know.
[00:19:00.960 --> 00:19:07.280] I would be thinking about trying to do this as early on in the life cycle as possible once you're sure, like, yep, we're going to go forward with this as a business.
[00:19:07.280 --> 00:19:13.360] Yeah, and I like what you've said about the plus side: the tools today are so much better than they were five years ago, whether it's AI or no-code.
[00:19:13.760 --> 00:19:15.840] You can build full-blown line of business apps now.
[00:19:15.840 --> 00:19:24.800] We have several within Microcomp and TinySeed that were built by non-technical people who just kind of figured it out and we use them and we didn't have to pay a bunch of money to have them built.
[00:19:24.800 --> 00:19:26.880] And we certainly, you know, are not paying a third party.
[00:19:26.880 --> 00:19:41.560] And that's the thing is not only for validation, but if you get to 3K, 5K MRR with something that's clunky, but it's a tool shed or a garage that you've built with AI, that's a lot of validation there.
[00:19:41.560 --> 00:19:47.080] Now, standing still for six months to rebuild it, which is usually about what it takes from what I've seen.
[00:19:47.080 --> 00:19:50.440] Again, this is not a tiny little utility that does PDF to MP3 conversion.
[00:19:50.440 --> 00:19:53.640] This is like a real, you know, app that actually has logic and such.
[00:19:53.640 --> 00:19:56.920] Standing still for that time can be painful, but like what other option do you have?
[00:19:56.920 --> 00:20:03.080] Like you're a non-technical person starting a SaaS, like that there is a headwind there for better or worse.
[00:20:03.080 --> 00:20:05.400] So thanks for that question, Thomas.
[00:20:05.400 --> 00:20:06.920] I hope it was helpful.
[00:20:06.920 --> 00:20:14.280] And I think the second thing we never, this is like the longest answer ever to a question, but second thing we didn't address was like just having a co-founder in general.
[00:20:14.280 --> 00:20:16.520] And he asked specifically around tiny seed funding.
[00:20:16.520 --> 00:20:19.800] So we have funded gobs of single founder companies.
[00:20:19.800 --> 00:20:30.600] And I don't remember the exact number, but it's probably 50%, if I'm guessing, are single founder and another 35% are two-founder.
[00:20:30.600 --> 00:20:34.200] If I were to just ballpark it, so that puts us to 85, maybe even more.
[00:20:34.200 --> 00:20:36.840] Maybe it's like 60, 35 or something.
[00:20:37.160 --> 00:20:37.640] Probably nothing.
[00:20:37.640 --> 00:20:38.200] You get the idea.
[00:20:38.200 --> 00:20:40.360] Like it's half or more are single founders.
[00:20:40.360 --> 00:20:41.480] And that's fine.
[00:20:41.480 --> 00:20:48.520] Like, especially if you are a technical founder, the biggest challenge of being a single founder is it's kind of lonely.
[00:20:48.520 --> 00:20:50.920] You don't have as much of a sounding board.
[00:20:50.920 --> 00:21:04.600] Now, you can have advisors, investors, mastermind partners, you know, just friends, network, or like smart people that you can reach out to, especially if you're in a, obviously, if you're in a network like Tiny Seed, you have a ton of smart people you can reach out to, but even in the broader MicroConf space or whatever.
[00:21:04.600 --> 00:21:08.520] But the loneliness and kind of the I'm all on my own thing, it can get old.
[00:21:08.520 --> 00:21:18.240] Some people love it, and most people eventually find that it's a little bit of a drain to not be able to celebrate the wins with someone and to also go through the hard times with someone.
[00:21:18.560 --> 00:21:20.720] You know, you and I both done both, right?
[00:21:20.720 --> 00:21:22.640] You've been a single founder as you are right now.
[00:21:22.640 --> 00:21:24.320] You and I were together on Drip.
[00:21:24.320 --> 00:21:27.920] I've had both single founder and co-founders on my stuff.
[00:21:27.920 --> 00:21:31.680] But what's your reflection on just that difference?
[00:21:31.680 --> 00:21:34.640] Yeah, I think I, I mean, I see the pros and cons of both.
[00:21:34.640 --> 00:21:38.000] And obviously, I've done them, done both in different seasons.
[00:21:38.000 --> 00:21:47.760] For me, I love working autonomously because I can move so fast and I can kind of, you know, stretch my abilities in a bunch of different areas.
[00:21:47.760 --> 00:21:50.320] And I find some joy in that for sure.
[00:21:50.320 --> 00:21:59.840] But I also think it, on the flip side, the really hard part about it is it takes so much activation energy all the time from the founders of a company.
[00:21:59.840 --> 00:22:02.560] You can't, I don't think the same thing comes from employees.
[00:22:02.560 --> 00:22:09.840] You know, it has to come from the founders or founder to just keep the energy going behind a company.
[00:22:09.840 --> 00:22:12.800] And you're usually going to have one bias in one direction.
[00:22:12.800 --> 00:22:15.360] Mine is definitely I'm biased towards building.
[00:22:15.360 --> 00:22:22.880] And the business and marketing side is a necessary thing because I'm building a business and I'm not just building a product with no customers, you know?
[00:22:22.880 --> 00:22:29.760] So what that means is I'm constantly having to fight against my desire to just build more and to focus on the other areas.
[00:22:29.760 --> 00:22:42.240] And if I had a co-founder who was like the kind of the classic split of one person in charge mainly of product and dev and the other person in charge of sales and marketing, then you can both kind of default to your zone of genius.
[00:22:42.240 --> 00:22:48.480] And that's where you spend most of your time and you both deploy your founder activation energy in that direction.
[00:22:48.480 --> 00:22:49.680] And it's a great thing.
[00:22:49.680 --> 00:23:15.000] So, I think, yeah, it's a challenging road to be a solo founder, especially if you find yourself kind of in the midpoint cycle of a business where it's like we just kind of have to muscle through this and keep going and keep mustering that activation energy and balancing the zone of genius thing and being willing to devote a good chunk of your time towards an area where maybe you don't feel like that's your passion, but it's necessary for the business.
[00:23:15.000 --> 00:23:16.440] That's a good summary.
[00:23:16.440 --> 00:23:18.280] So, thanks for that question.
[00:23:18.280 --> 00:23:19.400] Hope it was helpful.
[00:23:19.400 --> 00:23:21.160] We're going to bounce to our next one.
[00:23:21.160 --> 00:23:28.040] This is from Kelly about how to balance security with producing products.
[00:23:32.520 --> 00:23:33.160] Hi, Rob.
[00:23:33.160 --> 00:23:37.080] I'm a software engineer, and I would love to start my SaaS journey through contracting.
[00:23:37.080 --> 00:23:44.600] I have a family member who is in an underserved industry that could use a lot of help when it comes to automating mundane tasks and creating workflows.
[00:23:44.600 --> 00:23:51.320] I know how to automate tasks for myself, but how could I possibly make and package something for someone else in a secure manner?
[00:23:51.320 --> 00:23:56.600] I feel like I need a degree in cybersecurity before ever feeling qualified to produce something for a customer.
[00:23:56.600 --> 00:24:00.040] Will I ever reach a point of okay, this code is safe?
[00:24:00.040 --> 00:24:05.160] It feels like code needs to be absolutely perfect before shipping, so I become too scared to even start.
[00:24:05.160 --> 00:24:10.280] I fear I will spin my wheels and never ship anything because it will never feel secure enough.
[00:24:10.280 --> 00:24:11.240] Love the podcast.
[00:24:11.240 --> 00:24:13.720] Thanks so much for all your help and insights.
[00:24:13.720 --> 00:24:19.720] I liked your phrase about getting a degree in cybersecurity or something like that.
[00:24:19.720 --> 00:24:25.240] So, as always, this is that balance, right, of risk versus reward and what you're willing to take on.
[00:24:25.240 --> 00:24:34.200] But, Derek Reimer, you have shipped many, many applications, including very complex ones, into the wild with real-life customers, and you do not have a degree in cybersecurity.
[00:24:34.200 --> 00:24:37.400] So, how do you think about this?
[00:24:37.400 --> 00:24:44.560] Yeah, I find this funny too that this follows the previous question where we're kind of talking about vibe-coded code bases and how they're a little lax on security.
[00:24:44.360 --> 00:24:49.680] And then here we have kind of the other side of it where I think Kelly identifies herself as a software developer.
[00:24:50.000 --> 00:25:03.120] I don't know what her exact experience is, but you know, has the technical background and yet is still nervous about the security risk of shipping code into production with real customer data.
[00:25:03.120 --> 00:25:05.040] And I can definitely empathize with that.
[00:25:05.040 --> 00:25:14.960] I mean, I've fought, I feel like I've had to fight malicious actors in all the businesses I've had, whether it's spammers trying to abuse our systems, that's usually how it plays out.
[00:25:14.960 --> 00:25:19.760] To my knowledge, I've never had someone try to hack a database and successfully get into any systems.
[00:25:19.760 --> 00:25:30.400] But just knowing that at all times there are bad actors out there scanning the internet, trying to break into web applications can be a bit unnerving.
[00:25:30.400 --> 00:25:31.920] So, I have a couple thoughts on this.
[00:25:31.920 --> 00:25:38.480] I think you're probably, again, I don't know your background exactly, but you're probably more qualified than you think you are.
[00:25:38.720 --> 00:25:46.160] I think as these days, as we're learning about web development, a lot of these things are just sort of either baked into the frameworks that we're already learning.
[00:25:46.160 --> 00:25:58.320] So, if you're using Rails or Laravel or Phoenix or any of these modern frameworks, they come with a ton of kind of best practices baked into them because there's just so many developers using them all the time.
[00:25:58.320 --> 00:26:01.360] And most of us don't have that degree in cybersecurity.
[00:26:01.360 --> 00:26:07.680] So, we're having to lean on the tooling that the open source community kind of has collectively pulled together.
[00:26:07.680 --> 00:26:13.120] And these days, all of these major frameworks have so much built into save you.
[00:26:13.120 --> 00:26:19.920] Like, I remember back in the maybe the 2000s or something, people were dealing with SQL injection attacks all the time, right?
[00:26:19.920 --> 00:26:23.760] Where people try to paste in a string to hack an SQL query.
[00:26:23.760 --> 00:26:32.280] And these days, I would say, you know, 99% of web developers are just using ORMs, the object-relational mappers, built into the framework.
[00:26:29.680 --> 00:26:36.520] And that handles all of the escaping and sanitizing of user input.
[00:26:36.680 --> 00:26:49.160] So the odds that you'll run into an SQL injection attack are very slim if you're using kind of the baked-in tooling that has been heavily tested and just kind of patches over a lot of those problems.
[00:26:49.160 --> 00:27:00.760] The other thing I think about is kind of leaning hard on platform as a service whenever possible for actually deploying stuff and kind of keeping your infrastructure as simple as possible.
[00:27:00.760 --> 00:27:13.480] So these days, I don't stand up my own EC2 instances and make myself be responsible for patching the firewall and making sure that there's no open ports and all that kind of stuff.
[00:27:13.480 --> 00:27:22.760] Like, yes, you can do that, but it's extra time and there is that fear that you're going to miss something or there's some kind of operating system patch that you didn't apply in time.
[00:27:22.760 --> 00:27:31.800] So rather than worry about that, these days I like to lean on platform as a service that I trust that will manage all those aspects for me.
[00:27:31.800 --> 00:27:33.560] And it just keeps things simple.
[00:27:33.560 --> 00:27:38.920] Now it's their liability to make sure that the OS is patched and that the firewalls are in place.
[00:27:38.920 --> 00:27:44.600] And of course, if you're choosing a reputable one, they should have all that stuff documented about their process for it.
[00:27:44.600 --> 00:27:48.760] And there's a handful of these that are very well established at this point.
[00:27:48.760 --> 00:27:50.360] So that's the approach I choose.
[00:27:50.360 --> 00:27:51.320] Same for the database.
[00:27:51.560 --> 00:27:54.520] I don't stand up my own servers to run my own databases.
[00:27:54.520 --> 00:27:59.320] I use a managed database host that has all of their firewalls locked down.
[00:27:59.320 --> 00:28:04.440] And really, what you want to be concerned with is where data lives and where it flows.
[00:28:04.440 --> 00:28:16.080] So, you know, if you're using managed providers for your servers and your databases and you can kind of easily map how the data flows between them, you're going to be in pretty good shape.
[00:28:16.080 --> 00:28:17.440] It's a great summary.
[00:28:17.440 --> 00:28:22.160] But, Derek, isn't everyone moving to rolling your own hardware?
[00:28:22.160 --> 00:28:24.160] Don't you want it to go bare metal hardware?
[00:28:24.400 --> 00:28:32.880] Do you see this online and it's like, dude, if you have $100 million in ARR in your board, you should go roll your own hardware.
[00:28:32.880 --> 00:28:33.840] You know what I mean?
[00:28:34.320 --> 00:28:37.120] Have you and I already talked about this on the podcast, or has it just been private?
[00:28:37.120 --> 00:28:44.240] Where it's like, come on, man, don't, it's not a good use case for 99% of bootstrappers.
[00:28:44.240 --> 00:28:44.800] Yeah.
[00:28:44.800 --> 00:28:53.520] Ultimately, I think it's the only justification you can really make for it is one, if you just want the technical exercise of doing it, but two, if you want to try to save cost.
[00:28:53.520 --> 00:29:00.720] And like at the scale that I would say 99% of listeners of this podcast are at, it's not worth trying to save the cost.
[00:29:00.720 --> 00:29:07.120] Like just lean on these companies that are building this tooling and assuming all the liability for it.
[00:29:07.120 --> 00:29:12.880] There's a huge incentive for these platform as a service companies to not have vulnerabilities.
[00:29:12.880 --> 00:29:15.520] And I like to rely on that.
[00:29:15.840 --> 00:29:16.400] Big time.
[00:29:16.400 --> 00:29:26.000] And you and SavvyCal, even with thousands of customers paying you, you're still able to afford like a pass is not a blocker for you.
[00:29:26.720 --> 00:29:32.000] With Drip, we started on Heroku and Drip was very big and very complicated.
[00:29:32.000 --> 00:29:34.960] And we did have to migrate off within the first year, I think, which was a pain.
[00:29:34.960 --> 00:29:36.560] I remember that being a big hassle.
[00:29:36.560 --> 00:29:38.640] But I'm glad we started where we started.
[00:29:38.640 --> 00:29:39.600] It got us there quick.
[00:29:39.600 --> 00:29:41.040] We didn't have to roll our own stuff.
[00:29:41.040 --> 00:29:47.840] And frankly, maintaining the DevOps effort from then on to maintain our servers was a was necessary.
[00:29:47.840 --> 00:29:49.600] It was a pain in the ass.
[00:29:49.600 --> 00:29:50.080] Yeah.
[00:29:50.080 --> 00:29:51.200] It was a pain in the ass.
[00:29:51.200 --> 00:29:55.760] Like, if we could have stayed on, even paid Heroku, you know, quite a bit of money, like we would have done it.
[00:29:55.760 --> 00:29:57.680] So, it's another reason.
[00:29:57.840 --> 00:30:02.600] I appreciate Kelly's question, and I think you've covered it quite well.
[00:30:02.920 --> 00:30:10.440] I would say it's the kind of thing where, like, if you have to ask the question, then that means you're probably in a pretty good position to build something that's quite secure.
[00:30:10.440 --> 00:30:15.240] It's when you're not thinking about security at all, it's when you're going to run into problems.
[00:30:15.240 --> 00:30:17.720] So, just the fact that you're asking is a good sign.
[00:30:17.720 --> 00:30:41.160] And if you feel like there's some like some fundamentals that maybe you're missing, I'm sure it's not a great answer, but I'm sure if you just like, you know, Google for like a basics of web security kind of course or something like that, like there's got to be some things out there that kind of just outline like these are the top, the top things to be thinking about when you're trying to secure a system, you know, just to give you that primer.
[00:30:41.160 --> 00:30:44.120] Yeah, so I hope you appreciate that answer, Kelly.
[00:30:44.120 --> 00:30:46.520] Obviously, we're not security experts, nor are we lawyers or anything.
[00:30:46.520 --> 00:30:49.480] It's a lot of it is around risk tolerance.
[00:30:49.480 --> 00:31:06.760] And frankly, we used to, when I was a contractor consultant writing code dollars for hours, we had the gold-plated quote, the gold-plated version of the software, which is like, oh, we're going to spend, this was back in the early 2000s, so it's like an extra 20% to like write some tests and an extra 20% to do a ton of security, this and that.
[00:31:06.760 --> 00:31:10.120] And it just, the quote got bigger and bigger and bigger.
[00:31:10.120 --> 00:31:12.680] And it's like, it'll be relatively secure.
[00:31:12.680 --> 00:31:14.440] It's .NET and we follow best practices.
[00:31:14.440 --> 00:31:17.240] So even without that extra 20%, it's generally secure enough.
[00:31:17.240 --> 00:31:21.560] But like if we spent that extra 20 grand or 40 grand or whatever, we can really lock it down.
[00:31:21.560 --> 00:31:25.160] And that's kind of what you're balancing here: it's like, how much effort do you put?
[00:31:25.160 --> 00:31:30.600] Like, do you have an LLC right now versus kind of just being a sole proprietorship?
[00:31:30.600 --> 00:31:39.400] Do you have insurance like, you know, I forget what all the insurances are around a business because we have an operations person that hands that, but you know, there's like two or three types of insurance.
[00:31:39.400 --> 00:31:41.960] Do you have those from day one with zero customers?
[00:31:41.960 --> 00:31:43.240] Most people don't.
[00:31:43.240 --> 00:31:44.280] It's not to say you shouldn't.
[00:31:44.280 --> 00:31:53.440] I'm not giving you advice to not to, but that's kind of where we are: thinking about how far do we go to fix problems that may or may not happen at this point.
[00:31:53.440 --> 00:31:55.760] So thanks for that question, Kelly.
[00:31:55.760 --> 00:31:58.800] Our next question is another question about security.
[00:31:58.800 --> 00:32:04.880] This one's about security and compliance objections when bootstrapping enterprise SaaS.
[00:32:04.880 --> 00:32:10.960] Steven says, I'm building an app and the ideal customer I'm targeting works in sales at enterprise companies.
[00:32:10.960 --> 00:32:16.400] I'm trying to bootstrap, but one objection I'm encountering is that these enterprises have high bars for security and compliance.
[00:32:16.400 --> 00:32:26.160] For example, they expect any new vendors to have SOC 2 Type 2, ISO 27001, I don't know if I'm pronouncing that right, and/or GDPR compliance, ISO 27,001.
[00:32:26.160 --> 00:32:27.600] I don't know how you would say that.
[00:32:27.600 --> 00:32:29.120] 27001.
[00:32:29.120 --> 00:32:32.480] How have you seen bootstrap startups tackle these requests?
[00:32:32.480 --> 00:32:40.800] Even though they're not my ICP, would you just sell to SMB and mid-market until you had enough revenue to invest in these kinds of security audits?
[00:32:40.800 --> 00:32:45.920] I've seen all manner of approaches to this, but how have you thought about this?
[00:32:46.240 --> 00:32:48.880] Yeah, I think, so some of this is for my own stuff.
[00:32:48.880 --> 00:32:54.080] Some of this is just from talking to other Tiny Seed founders who have been sort of dealing with this lately.
[00:32:54.080 --> 00:33:00.480] But I think, one, I would try to assess how vital is having these formal certifications.
[00:33:00.480 --> 00:33:03.280] Like, how actually much do they care?
[00:33:03.280 --> 00:33:18.800] You know, like, could you potentially get by with a really robust set of security documentation and policy showing that you have an incident response plan and yada, yada, yada, all the different things, the policies that these formal frameworks want you to have in place.
[00:33:18.800 --> 00:33:24.400] Like, could you get by with having some of this stuff without investing in the full audit?
[00:33:24.400 --> 00:33:29.600] Maybe that'll get you still into your ICP, but you'll probably still deal with some objections.
[00:33:29.800 --> 00:33:34.280] But, like, is that enough to get started and maybe get your first couple customers?
[00:33:34.280 --> 00:33:51.000] And assuming you're charging a high enough price point, which this sounds like kind of true enterprise, so this should be hopefully a decently high price point, then that you could maybe use that to sort of then parlay into a more formal security audit to get formal certification.
[00:33:51.000 --> 00:34:01.400] The thing that I've learned from other founders who have, at a relatively small scale, actually gotten SOC2 certification is that it's not as bad as we make it out to be.
[00:34:01.400 --> 00:34:12.520] Like, yes, it's a lot of paperwork, it's annoying, especially us like impatient founder types, like have a real hard time slogging through a lot of paperwork that feels like security theater.
[00:34:12.520 --> 00:34:16.760] But like, in reality, it's not unattainable.
[00:34:16.760 --> 00:34:24.360] There's platforms like Vanta that have all of these documents that you're going to need for the audit, like all kind of catalogued.
[00:34:24.360 --> 00:34:37.320] You pay them for it, and then you get these checklists, and you can go through one by one and set all your policies and wire up all of your hosting platform for making sure that you have all the controls in place in your systems.
[00:34:37.320 --> 00:34:42.920] So there's a lot of kind of automated tooling around it, and then it's just the expense of paying for the audit.
[00:34:42.920 --> 00:34:45.720] And you generally get your own auditor for these things.
[00:34:45.720 --> 00:34:56.200] So you don't want to go too cheap to where people won't trust the audit that you have, but also, you know, you don't want to spend hundreds of thousands of dollars on an audit that's way too expensive.
[00:34:56.200 --> 00:35:01.160] So you need to try to find an auditor that's kind of within a budget range that you can accept.
[00:35:01.160 --> 00:35:06.600] But basically, I think this is more of a speed bump than a roadblock to use Rob Walling parlots.
[00:35:06.600 --> 00:35:16.320] And if you're truly selling to the enterprise where the price point supports it, then I wouldn't be too afraid of trying to get some of these certifications.
[00:35:16.640 --> 00:35:18.160] Yeah, I've seen a mix.
[00:35:14.840 --> 00:35:20.960] I'll be honest, we have some tiny seed companies that get it pretty quickly.
[00:35:21.200 --> 00:35:29.840] Some tiny seed companies take the money, our money, and put it towards SOC 2 because I believe the first initial is what, 20 to 30 grand, maybe.
[00:35:29.840 --> 00:35:32.000] And that's like a lot for a bootstrapper out of pocket.
[00:35:32.000 --> 00:35:34.480] But like, if you take tiny seed money, it can help you get it.
[00:35:34.480 --> 00:35:38.320] And if it really is an issue, it gets you a long way.
[00:35:38.320 --> 00:35:45.680] So, the second part of his question where he's like, would you sell to SMBs in mid-market, even if it's not in the ICP in order to kind of get enough revenue and prove it out?
[00:35:45.680 --> 00:35:46.640] I might.
[00:35:46.640 --> 00:35:47.680] Yeah, I might.
[00:35:47.840 --> 00:35:49.200] I would have to make that decision.
[00:35:49.200 --> 00:35:59.760] Like, if truly the enterprise is my end customer, and as you said, truly they are going to want SOC 2 or something, especially from a little no-name startup.
[00:35:59.760 --> 00:36:04.160] There's a reason because everyone's scared of data breaches and they want you to, you know, know you have it.
[00:36:04.160 --> 00:36:05.520] It's just, it's hard.
[00:36:05.520 --> 00:36:08.400] It is difficult to bootstrap a business when you need that.
[00:36:08.400 --> 00:36:28.640] And so most of the companies that I see, most of the tiny seed companies that I see thinking about SOC 2 who have not gotten it yet, it is because they have a kind of non-enterprise ICP that is building their MRR in the meantime until they can justify getting SOC 2 type 2.
[00:36:28.640 --> 00:36:32.000] If you never sell to enterprise and you don't need SOC 2, don't get it.
[00:36:32.000 --> 00:36:32.640] It's a pain.
[00:36:32.640 --> 00:36:34.240] You know, I mean, this is just my advice.
[00:36:34.720 --> 00:36:37.520] I should say I wouldn't get it if I didn't really, really need it.
[00:36:37.520 --> 00:36:44.240] Because as you and I both know, like we hate, you know, heavy process and just security theater.
[00:36:44.640 --> 00:36:47.440] It's not that bad, but it really is just like stuffed.
[00:36:47.440 --> 00:36:48.960] I didn't get into startups.
[00:36:48.960 --> 00:36:51.600] I didn't get into building my own company to do that.
[00:36:51.600 --> 00:37:02.280] But with all that said, generally, it's probably a good thing for the industry because it ensures that folks aren't just going willy-nilly and building AI prototypes and pushing it.
[00:36:59.840 --> 00:37:06.360] You know, I don't think you can get socked too on, you know, back to our first question.
[00:37:06.600 --> 00:37:10.520] So, yeah, it's a tough balance and it is kind of a bootstrapping conundrum.
[00:37:10.520 --> 00:37:17.480] Because if you raised funding, whether from Tiny Seed or Angels or whatever, and you're going into the enterprise, it would just be a no-brainer.
[00:37:17.480 --> 00:37:18.280] You just get it.
[00:37:18.280 --> 00:37:18.920] You just do it.
[00:37:18.920 --> 00:37:25.640] You spend a few months and you pay the money and you just do it because it will win you more deals if you're selling an enterprise.
[00:37:25.640 --> 00:37:28.360] The balance is: what if I'm not sure yet?
[00:37:28.360 --> 00:37:29.720] How do I know when to justify it?
[00:37:29.720 --> 00:37:40.840] And I think that's kind of what we're talking about: is like, yeah, I'd probably try to figure out if there is an ICP that can also use the product that's not in the enterprise, or you just got to go all in and make that decision.
[00:37:40.840 --> 00:37:52.440] Yeah, I've been doing HIPAA compliance framework for my new product line that's doing kind of appointment scheduling for medical is one type of customer where they value that.
[00:37:52.440 --> 00:37:56.360] So I think it has quite a bit of overlap actually with Zock 2.
[00:37:56.360 --> 00:38:04.920] But the nice thing about HIPAA is it's self-attesting, so you don't pay for an external audit or it's not required to basically claim HIPAA compliance.
[00:38:05.240 --> 00:38:17.640] But there's a bunch of controls that you want to have in place so that in the event that something happens and so that you can demonstrate to your end customers that we have all these controls in place to support our claim of HIPAA compliance.
[00:38:17.640 --> 00:38:21.400] But in general, I found a lot of these things seem like overkill.
[00:38:21.400 --> 00:38:24.120] They are overkill for the size company that we are.
[00:38:24.120 --> 00:38:30.200] You know, most of the default policies have eight different roles kind of by default in them.
[00:38:30.200 --> 00:38:32.400] So these are the responsibilities of the CEO.
[00:38:32.400 --> 00:38:37.880] These are the responsibilities of the IT manager, the VP of global sales, the VP of Global HR, the da-da-da.
[00:38:38.040 --> 00:38:41.560] And these are like the default roles enumerated in a lot of these things.
[00:38:41.560 --> 00:38:47.680] And in most, most cases, I collapse all of them down into these are the responsibilities of the CEO, you know?
[00:38:47.680 --> 00:38:53.840] So it's like clearly these things are kind of designed by default for larger companies.
[00:38:53.840 --> 00:39:06.400] But that being said, a lot of the practices that they're asking for are actually good things to have in place, you know, good, good kind of from a legal perspective and from a liability perspective.
[00:39:06.400 --> 00:39:13.600] So there are kernels of good in there, even though like it's well known that having SOC2 compliance doesn't actually mean that your product is secure.
[00:39:13.600 --> 00:39:16.240] It just means you've gotten the check mark.
[00:39:16.560 --> 00:39:26.000] But there's still good in there to infuse into the way you handle data, the way employees engage with it and all that.
[00:39:26.000 --> 00:39:27.360] So thanks for that question.
[00:39:27.360 --> 00:39:28.880] Hope it was helpful.
[00:39:28.880 --> 00:39:38.240] Our last question for the day comes to us from Misha on building a lasting culture with a bias toward action.
[00:39:43.040 --> 00:39:43.840] Hi, Rob.
[00:39:43.840 --> 00:39:47.760] This is Mike, frequent listener, occasional question answer.
[00:39:47.760 --> 00:39:49.680] So another question for you.
[00:39:50.640 --> 00:39:58.560] Building out a startup, it's growing well, getting friends to help us, looking to hire some engineers soon.
[00:39:58.640 --> 00:40:05.680] As we're doing that, one conversation we've had a few times is about building a culture with a bias towards action.
[00:40:05.840 --> 00:40:07.920] Bit of a corporate speak there.
[00:40:07.920 --> 00:40:12.000] It's a conversation that I've been part of throughout my career.
[00:40:12.320 --> 00:40:23.600] It's rare to find that in my experience, whether it's a large company or a five-person startup, there's no guarantee that that'll be the case.
[00:40:23.600 --> 00:40:29.760] So, how do you think about that being a conscious decision?
[00:40:29.800 --> 00:40:45.880] So, instead of focusing just on we're going to hire people who deliver over ship frequently or introgue for people who ship, but really thinking about the culture of the organization from the start, where we can focus on go-build stuff, go ship things.
[00:40:45.880 --> 00:40:47.560] You don't need permission.
[00:40:47.960 --> 00:40:51.080] Don't go breaking stuff, don't go break the law.
[00:40:51.080 --> 00:40:53.000] However, go experiment.
[00:40:53.000 --> 00:40:53.880] What are your thoughts on that?
[00:40:53.880 --> 00:41:03.880] What have you seen work as a, again, as a conscious decision by the founders and by the leadership of the startups, the companies that you've invested in, been part of?
[00:41:04.200 --> 00:41:05.320] Thank you.
[00:41:05.640 --> 00:41:09.400] All right, Eric, what are your thoughts here as someone who has a bias towards action?
[00:41:09.400 --> 00:41:21.560] It's interesting because oftentimes when I have a trait or when I have the urgency, a lot of founders do, it can sometimes be hard to get other people to do that because it's so intrinsic to you.
[00:41:21.560 --> 00:41:23.960] You're not even sure how I motivate them to do this.
[00:41:23.960 --> 00:41:31.160] So, I've given a ton of thought to this concept and idea over the years, but I'm curious to hear your thoughts first.
[00:41:31.160 --> 00:41:31.880] Yeah, yeah.
[00:41:31.880 --> 00:41:35.240] In my mind, it comes down to kind of two pieces, I think.
[00:41:35.240 --> 00:41:38.040] Like, how do you get this instilled into your company?
[00:41:38.040 --> 00:41:47.720] Well, I think it comes down to who you hire, what's the personality traits of those people and their past experience, you know, and also like what are the ways that you operate?
[00:41:47.720 --> 00:41:56.760] Like, it's one thing to say in like a mission statement, we bias towards action, but like, do the way you ways you operate actually align with that?
[00:41:56.760 --> 00:42:14.560] Um, so like on the on the who piece, I think the big thing is, like, I've found in talking to you know, developers who have worked for larger companies almost exclusively tend to have sort of this sort of slow, methodical way of operating, they err on the side of caution.
[00:42:14.280 --> 00:42:20.240] It's it's you know, create something, but then wait for full consensus and everyone to check off on it.
[00:42:20.400 --> 00:42:27.920] And it's kind of just this, it's the way you need to operate in a lot of larger companies because maybe they're more risk averse and that's just how they do it.
[00:42:27.920 --> 00:42:34.720] And I think that can be really difficult to work out of somebody to pull it out of their mind.
[00:42:34.720 --> 00:42:44.720] I'm not saying it's impossible, and maybe you're talking to someone who's like, I've worked in these environments and I hate it and I just want to be able to, you know, take initiative and move faster.
[00:42:45.040 --> 00:42:59.760] So that maybe you find someone who's been in large company environments and is kind of reacting against it and looking for seeing your company as like a breath of fresh air where they can actually stretch their legs and do their craft without all that ceremony and stuff.
[00:42:59.760 --> 00:43:05.200] But yeah, I think that's something really important to kind of suss out in just the who.
[00:43:05.520 --> 00:43:06.560] What are they motivated by?
[00:43:06.560 --> 00:43:07.520] What are they comfortable with?
[00:43:07.520 --> 00:43:15.520] Because I think there's a lot of people who maybe are just more comfortable in that larger corporate environment where there's a lot of safeguards and there's a lot of cross-checking.
[00:43:15.520 --> 00:43:26.240] And so trying to put someone who that's their DNA into your company, it's probably going to be tough to get someone to bias to action.
[00:43:26.240 --> 00:43:33.200] And then I think just the way you operate, like, I think it requires you to trust people a lot to take ownership of things.
[00:43:33.200 --> 00:43:36.960] And that's something I think you have to evaluate in yourself to make sure.
[00:43:36.960 --> 00:43:41.040] Like a lot of times, people who are biased to action also can be control freaks.
[00:43:41.040 --> 00:43:42.960] So I think that's something you have to be careful.
[00:43:43.200 --> 00:43:51.760] Like, are you hamstringing the people that you want to have trust in, and you want to give them a lot of leash to do things and move fast?
[00:43:51.760 --> 00:43:53.760] But are you trying to micromanage stuff?
[00:43:54.080 --> 00:44:02.360] Because that can counter against this narrative of like, we want to bias towards action, but I also want to maintain strict control over everything.
[00:43:59.760 --> 00:44:03.640] You're going to hamstring yourself.
[00:43:59.840 --> 00:44:04.680] So I think that's the other piece.
[00:44:04.760 --> 00:44:09.160] That one's more about you as the founder or as the person leading the company.
[00:44:09.160 --> 00:44:13.080] Like, are you actually allowing people to ship code?
[00:44:13.080 --> 00:44:16.520] Do you require multiple code reviews on every single feature?
[00:44:16.520 --> 00:44:22.520] If you do, you might be working against your desire to have biased action.
[00:44:22.520 --> 00:44:24.680] So those are just a few thoughts.
[00:44:24.680 --> 00:44:26.520] I had all of those written down.
[00:44:26.520 --> 00:44:29.000] Derek and I do not compare notes before we do these.
[00:44:29.000 --> 00:44:35.880] And oftentimes I make notes as you talk because I'm like thinking, you know, thinking out loud or thinking in my head, I guess in this case.
[00:44:35.880 --> 00:44:40.360] But I especially like the last piece you said of like, you can say you want a bias towards action.
[00:44:40.360 --> 00:44:42.440] Are you ready for people to make mistakes?
[00:44:42.440 --> 00:44:48.840] Are you ready for people to do things that you don't agree with or that you, you know, they took the action and you're like, why did you waste eight hours doing that?
[00:44:48.840 --> 00:44:50.840] And it's like, well, I was acting in the way I thought I would.
[00:44:50.840 --> 00:44:51.320] You know what I mean?
[00:44:51.320 --> 00:44:55.720] And so are you ready for there to be miscommunications or for you to lose control of things?
[00:44:55.720 --> 00:45:04.120] Because, and then that a lot comes back to who you hire because people's judgment, if they're going to have a bias towards action, you want their judgment to be good.
[00:45:04.120 --> 00:45:09.640] Because there are some folks we know, their judgment, just in general on certain areas, is just not good and they can't get out of their own way.
[00:45:09.640 --> 00:45:17.080] And I wouldn't want them to have a bias towards action at my company because I think the things that they're going to work on are not going to move the needle or are going to be misdirected, you know?
[00:45:17.080 --> 00:45:22.600] So similarly, I kind of broke it down in my head into three parts, two of which you said.
[00:45:22.600 --> 00:45:25.560] You said it's who you hire, and that was one of mine.
[00:45:25.560 --> 00:45:27.800] And then you said, it's how you operate.
[00:45:27.800 --> 00:45:41.080] I have who you hire, and specifically, just like you said, small companies, I have in parentheses, meaning I pretty much, if I run a five-person team, almost without exception, I will not hire someone from a 500-person team.
[00:45:41.080 --> 00:45:48.560] Just won't do it because retraining that culture, that thinking that there is no process, you have to do your stuff is so very hard.
[00:45:48.560 --> 00:45:54.480] And so, again, I say almost without exception, I want people from other small teams who have worked on teams of five to 20.
[00:45:54.480 --> 00:45:54.880] Period.
[00:45:54.880 --> 00:45:55.520] End of story.
[00:45:55.520 --> 00:45:57.600] And that kind of helps limit that.
[00:45:57.600 --> 00:46:06.880] You talked about how you operate, which came to this phrase that I wrote down, which was, you can't punish people for making mistakes if you want everybody to have a bias towards action.
[00:46:06.880 --> 00:46:11.040] Mistakes are not bad on their own because they show that people are moving in a direction.
[00:46:11.040 --> 00:46:19.280] Now, if someone makes either the same mistake over and over, or they're just constantly, again, this comes back to their judgment that they kind of are just always not doing things really well.
[00:46:19.280 --> 00:46:22.240] Well, then you made a mishire, you know, or you're not communicating well.
[00:46:22.240 --> 00:46:28.000] The other couple things that I thought about were communicating this on a frequent basis.
[00:46:28.000 --> 00:46:37.120] And you touched on this when you said if it's in a mission statement or a vision statement or whatever, bias towards action, or value, I guess it would be values, but it's like no one cares.
[00:46:37.120 --> 00:46:44.240] It's every week or every day or whatever, are you communicating that there is an urgency to what you're doing?
[00:46:44.240 --> 00:46:46.400] And actually, John Tedesco did a pretty good job of this.
[00:46:46.400 --> 00:46:51.200] He was the CEO who took over DRIP, I guess, after me and Clay Collins.
[00:46:51.200 --> 00:46:59.680] And he would say in the weekly meetings, like, every, we're going to start up, every month is like a quarter, every week is like a month, we got to get stuff done.
[00:46:59.680 --> 00:47:01.680] You know, he, that's how he communicated it.
[00:47:01.680 --> 00:47:02.640] I communicate it differently.
[00:47:02.640 --> 00:47:05.440] Like, the Tiny Seed Microconf team feels a sense of urgency.
[00:47:05.440 --> 00:47:06.160] They all do.
[00:47:06.160 --> 00:47:10.000] And I don't use that same metaphor that John did, but we all know we got to get stuff done.
[00:47:10.080 --> 00:47:13.120] The team is small and we're super, how do I say?
[00:47:13.120 --> 00:47:14.240] We punch above our weight.
[00:47:14.240 --> 00:47:15.360] You know, we're very efficient.
[00:47:15.360 --> 00:47:18.240] We do the work of a team that's twice our size.
[00:47:18.240 --> 00:47:20.480] There's an urgency because we're just getting it done.
[00:47:20.480 --> 00:47:26.240] And there's a constant communication of, here's the other thing: what we're doing matters.
[00:47:26.240 --> 00:47:40.040] If you are a mid-level developer, engineer, manager at Target or best buyer, general mill, whatever, I'm not trying to throw shade at any individual company, but just some big company of 5,000 people, you're often working on stuff that just kind of doesn't matter.
[00:47:40.040 --> 00:47:44.440] And how much bias towards action do you want to have when you just don't give a shit about what you're building?
[00:47:44.440 --> 00:47:54.360] The luxury, one of the luxuries we have as small companies is any individual person, engineer, whatever can have a huge impact and ship stuff to production and interact with customers.
[00:47:54.360 --> 00:47:55.240] And do you remember?
[00:47:55.240 --> 00:48:00.840] Like these days, like with Microcomput Tiny Seed, I say we're trying to multiply the world's population of independent, self-sustaining startups.
[00:48:00.840 --> 00:48:01.320] That's cool.
[00:48:01.320 --> 00:48:03.400] If you're on board with that, it's really fun.
[00:48:03.400 --> 00:48:04.440] That's the urgency.
[00:48:04.440 --> 00:48:05.800] And we communicate that often.
[00:48:05.800 --> 00:48:09.480] There's a vision there, it's an interesting problem, and there's urgency to get stuff done.
[00:48:09.480 --> 00:48:10.760] So there's a bias towards action.
[00:48:10.760 --> 00:48:15.960] But even with Drip, we were building email marketing software, marketing automation software.
[00:48:15.960 --> 00:48:17.000] Is that that interesting?
[00:48:17.000 --> 00:48:17.800] You know what?
[00:48:17.800 --> 00:48:21.880] The team, the 10 of us, you know, when we got acquired, people were really into it.
[00:48:21.880 --> 00:48:25.320] We were into it because there was something really interesting about being close to the metal.
[00:48:25.320 --> 00:48:27.000] We all believed in this scrappy team.
[00:48:27.000 --> 00:48:31.560] We were number 12 on Venture Beats or, you know, list of the best marketing automation platforms.
[00:48:31.560 --> 00:48:38.120] And we were like seven people in a closet in Fresno, and all the 11 ahead of us had raised tens of millions, if not hundreds of millions of dollars.
[00:48:38.120 --> 00:48:38.760] That was cool.
[00:48:38.760 --> 00:48:39.480] We were the underdog.
[00:48:39.480 --> 00:48:43.800] And there was something about the bias toward action was part who we hired.
[00:48:43.800 --> 00:48:45.800] You think of everybody on the team at that time.
[00:48:45.800 --> 00:48:47.960] And also, we just felt it.
[00:48:47.960 --> 00:48:52.680] We felt like we were doing something interesting and we were each of us making a difference.
[00:48:52.680 --> 00:48:59.320] And collectively, we were like making a dent somehow in the broader market that people were paying attention.
[00:48:59.320 --> 00:49:08.840] There was a feedback loop of like, you did something this week, and next week, like customers are raving or ranting about it, as the case may be, but at least we did something interesting, right?
[00:49:08.840 --> 00:49:10.440] So that's kind of a long way of saying it.
[00:49:10.440 --> 00:49:14.480] And I almost want to put all of the stuff I just said into Chat GPT and say, give me four bullets.
[00:49:14.720 --> 00:49:16.160] But you kind of, you know what I mean?
[00:49:16.160 --> 00:49:17.280] Like really summarize that.
[00:49:14.280 --> 00:49:21.120] But I think you touched on hiring and operationally, and I think both those are valid.
[00:49:21.280 --> 00:49:25.360] But I also would put forth that there's that vision and that interesting problem.
[00:49:25.360 --> 00:49:26.640] And SavvyCal has the same thing.
[00:49:26.640 --> 00:49:29.920] It's like, I'm building scheduling links and scheduling software.
[00:49:29.920 --> 00:49:35.840] And one could say, well, you could do that in a very boring way and be like, oh, cool, come work for us and build stuff.
[00:49:35.840 --> 00:49:39.520] But the people who work with you are like, let's do this.
[00:49:39.680 --> 00:49:40.480] Why is that?
[00:49:40.480 --> 00:49:46.800] Because it's cool, because they're making an impact, because it's fun, and because they see the customers using it, you know, there's this virtuous feedback loop.
[00:49:46.800 --> 00:49:57.840] Yeah, I think it's the like the people who are working with you should also be kind of enamored with this notion of being able to have an impact on your corner of the industry.
[00:49:57.840 --> 00:50:02.800] Like that's like, I think most companies out there would say that they're trying to have an impact.
[00:50:02.800 --> 00:50:11.440] The 5,000 person company, 10,000 person company, it's moving in a direction and it's making some kind of impact as it continues to chug along.
[00:50:11.440 --> 00:50:21.520] But when you're one of 5,000, one of 10,000, your ability to move the needle is very low versus being in a smaller environment.
[00:50:21.520 --> 00:50:28.320] And so I think that should be probably like top of the list on the reason why someone wants to join your team.
[00:50:28.320 --> 00:50:30.000] Like, do they care about that?
[00:50:30.000 --> 00:50:35.360] Because if they don't, then they're not going to be necessarily motivated by that.
[00:50:35.360 --> 00:50:42.320] And you need a lot of that motivation to move at the pace that's required on a really small company.
[00:50:42.320 --> 00:50:43.440] Good stuff, man.
[00:50:43.760 --> 00:50:46.720] So thanks for that question, Michelle.
[00:50:46.720 --> 00:50:48.160] I hope that was helpful.
[00:50:48.160 --> 00:50:54.240] Derek Reimer, if folks want to keep up with you, you, of course, are Derek Reimer on XTwitter.
[00:50:54.240 --> 00:50:58.000] And the best scheduling link on the internet is savvycal.com.
[00:50:58.000 --> 00:51:03.080] But give us an elevator pitch for the new functionality because you teased it in the episode.
[00:51:03.080 --> 00:51:07.000] And it's about its appointment booking, and that's different than scheduling.
[00:51:07.000 --> 00:51:14.280] And so, if you know, who should reach out to you, or at a minimum, should sign up if they're interested in kind of revamping their stuff?
[00:51:14.280 --> 00:51:31.080] Yeah, so something that we've been we've heard over the years is from people who are who are building something kind of like scheduling related in their business that requires them to take appointments from people, but they need to build all these custom flows around it.
[00:51:31.080 --> 00:51:37.000] And so they're not necessarily looking for an off-the-shelf SavvyCal meetings, meeting booking type of thing.
[00:51:37.000 --> 00:51:42.760] They're looking for more of scheduling infrastructure that they can weave into their platform.
[00:51:42.760 --> 00:51:50.360] And so we finally decided to tackle that problem in addition to our meeting scheduling software that everyone knows and loves, hopefully.
[00:51:50.360 --> 00:51:53.880] You know, we have this kind of new appointment scheduling software.
[00:51:53.880 --> 00:52:05.720] And we're trying to, in this initial rollout phase, trying to talk specifically to agencies that are building these types of custom flows that involve scheduling.
[00:52:05.720 --> 00:52:22.440] We've already onboarded our first customer and they're a fertility clinic that needs to take initial consultations from their website and they had this very manual process that involved calling the office and putting something on the schedule in the medical record system.
[00:52:22.440 --> 00:52:32.040] And so we worked with our kind of first agency partner to build this kind of custom intake flow that includes the SavvyCal appointments booking widget embedded right into it.
[00:52:32.040 --> 00:52:33.080] And it's gone well.
[00:52:33.080 --> 00:52:38.360] So, we're looking for more, basically, more people who are kind of building these types of projects.
[00:52:38.360 --> 00:52:41.000] Could be medical, could be for law firms.
[00:52:41.000 --> 00:52:47.600] There's a bunch of different, you know, types of kind of service-based industries that might be able to make use of this.
[00:52:44.600 --> 00:52:48.000] Amazing.
[00:52:48.160 --> 00:52:51.440] And if they want to reach out to you, what's the best way for them to get a hold of you?
[00:52:51.440 --> 00:52:52.720] Yeah, hit me up over email.
[00:52:52.720 --> 00:52:56.560] It's derek at savvycal.com, and I would, uh, yeah, I'd love to chat.
[00:52:56.560 --> 00:52:56.960] Amazing.
[00:52:56.960 --> 00:53:00.640] That's D-E-R-R-I-C-K at savvycal.com.
[00:53:00.640 --> 00:53:01.120] Yes.
[00:53:01.120 --> 00:53:02.480] Thanks again, Derek.
[00:53:02.480 --> 00:53:03.440] Thank you.
[00:53:03.440 --> 00:53:06.000] Thanks again to Derek for coming back on the show.
[00:53:06.000 --> 00:53:09.920] And thank you for sending in all those amazing listener questions.
[00:53:09.920 --> 00:53:17.200] If you have a question you'd like to hear us answer on the show, you can head to startups with the restofus.com, click ask a question in the top nav.
[00:53:17.200 --> 00:53:25.680] Video and voicemail questions go to the top of the stack, as well as more intermediate and advanced questions.
[00:53:25.680 --> 00:53:28.800] But we do get to all the questions at some point.
[00:53:28.800 --> 00:53:31.200] So thanks again for listening this week and every week.
[00:53:31.200 --> 00:53:35.200] This is Rob Walling signing off from episode 788.
[00:54:13.440 --> 00:54:18.000] Listener, you have found the hidden track of this podcast episode.
[00:54:18.000 --> 00:54:20.000] I am springing this on Derek.
[00:54:20.000 --> 00:54:28.400] He has no idea that he's going to be answering espresso trivia from frothy to hardcore.
[00:54:28.400 --> 00:54:29.600] It's going to be good.
[00:54:29.600 --> 00:54:29.840] Okay.
[00:54:29.960 --> 00:54:33.320] All right, let's do a few of these courtesy of Chat GPT.
[00:54:33.320 --> 00:54:38.040] So here's the best part: if it hallucinated any of the answers, you get to tell me, oh no, that's actually wrong.
[00:54:38.280 --> 00:54:39.720] But I asked it.
[00:54:39.720 --> 00:54:43.000] For folks who don't know, you are like, you're my go-to.
[00:54:43.000 --> 00:54:53.560] If I'm going to ask someone about espresso, about, you know, what is the perfect temperature for the, how many PSI should I tamp the you have like a manual espresso?
[00:54:53.560 --> 00:54:54.520] Am I saying this thing right?
[00:54:54.520 --> 00:54:56.040] Am I using the right terms?
[00:54:56.040 --> 00:54:57.000] Yeah, yeah.
[00:54:57.000 --> 00:55:01.880] Like a like a miniature version of a of an espresso machine you'd see at a coffee shop.
[00:55:01.880 --> 00:55:02.600] Got it.
[00:55:02.600 --> 00:55:08.520] So like super legit and you make the best lattes I've had at someone's house.
[00:55:08.520 --> 00:55:09.160] All right.
[00:55:09.480 --> 00:55:10.360] First question.
[00:55:10.360 --> 00:55:13.000] This goes from easy to hard.
[00:55:13.000 --> 00:55:20.360] What is the name of the creamy caramel colored foam that forms on top of a properly pulled espresso shot?
[00:55:21.000 --> 00:55:22.680] What is crema?
[00:55:23.320 --> 00:55:24.840] Yeah, Alex.
[00:55:25.160 --> 00:55:26.360] Alex, what is crema?
[00:55:26.600 --> 00:55:27.720] Yes, indeed, sir.
[00:55:27.720 --> 00:55:28.680] Ding.
[00:55:28.680 --> 00:55:32.360] That gives us one correct answer.
[00:55:32.360 --> 00:55:37.080] What's the ideal brew temperature range for extracting espresso?
[00:55:37.080 --> 00:55:39.160] You can answer in Fahrenheit or Celsius.
[00:55:39.160 --> 00:55:39.720] I have both.
[00:55:39.720 --> 00:55:42.200] Or Kelvin, and I can do the conversion.
[00:55:42.840 --> 00:55:44.120] Add 50,000 to it.
[00:55:44.440 --> 00:55:45.080] Exactly.
[00:55:45.640 --> 00:55:47.640] 273, I believe.
[00:55:47.640 --> 00:55:48.280] Yeah.
[00:55:48.280 --> 00:55:48.760] Okay.
[00:55:49.000 --> 00:55:55.560] I'm trying not to cheat right now because if I look across my office, there's a little readout that's blinking the temperature.
[00:55:56.200 --> 00:56:03.640] It's like the PID unit 

Prompt 2: Key Takeaways

Now please extract the key takeaways from the transcript content I provided.

Extract the most important key takeaways from this part of the conversation. Use a single sentence statement (the key takeaway) rather than milquetoast descriptions like "the hosts discuss...". 

Limit the key takeaways to a maximum of 3. The key takeaways should be insightful and knowledge-additive. 

IMPORTANT: Return ONLY valid JSON, no explanations or markdown. Ensure:
- All strings are properly quoted and escaped
- No trailing commas
- All braces and brackets are balanced
Format: {"key_takeaways": ["takeaway 1", "takeaway 2"]}

Prompt 3: Segments

Now identify 2-4 distinct topical segments from this part of the conversation.

For each segment, identify:
- Descriptive title (3-6 words)  
- START timestamp when this topic begins (HH:MM:SS format)
- Double check that the timestamp is accurate - a timestamp will NEVER be greater than the total length of the audio
- Most important Key takeaway from that segment. Key takeaway must be specific and knowledge-additive.
- Brief summary of the discussion

IMPORTANT: The timestamp should mark when the topic/segment STARTS, not a range. Look for topic transitions and conversation shifts.

Return ONLY valid JSON. Ensure all strings are properly quoted, no trailing commas:
{
  "segments": [
    {
      "segment_title": "Topic Discussion", 
      "timestamp": "01:15:30",
      "key_takeaway": "main point from this segment",
      "segment_summary": "brief description of what was discussed"
    }
  ]
}

Timestamp format: HH:MM:SS (e.g., 00:05:30, 01:22:45) marking the START of each segment.

Prompt 4: Media Mentions

Now scan the transcript content I provided for ACTUAL mentions of specific media titles:

Find explicit mentions of:
- Books (with specific titles)
- Movies (with specific titles)  
- TV Shows (with specific titles)
- Music/Songs (with specific titles)

DO NOT include:
- Websites, URLs, or web services
- Other podcasts or podcast names

IMPORTANT: 
- Only include items explicitly mentioned by name. Do not invent titles.
- Valid categories are: "Book", "Movie", "TV Show", "Music"
- Include the exact phrase where each item was mentioned
- Find the nearest proximate timestamp where it appears in the conversation
- THE TIMESTAMP OF THE MEDIA MENTION IS IMPORTANT - DO NOT INVENT TIMESTAMPS AND DO NOT MISATTRIBUTE TIMESTAMPS
- Double check that the timestamp is accurate - a timestamp will NEVER be greater than the total length of the audio
- Timestamps are given as ranges, e.g. 01:13:42.520 --> 01:13:46.720. Use the EARLIER of the 2 timestamps in the range.

Return ONLY valid JSON. Ensure all strings are properly quoted and escaped, no trailing commas:
{
  "media_mentions": [
    {
      "title": "Exact Title as Mentioned",
      "category": "Book",
      "author_artist": "N/A",
      "context": "Brief context of why it was mentioned",
      "context_phrase": "The exact sentence or phrase where it was mentioned",
      "timestamp": "estimated time like 01:15:30"
    }
  ]
}

If no media is mentioned, return: {"media_mentions": []}

Prompt 5: Context Setup

You are an expert data extractor tasked with analyzing a podcast transcript. 
I will provide you with part 2 of 2 from a podcast transcript. 
I will then ask you to extract different types of information from this content in subsequent messages. Please confirm you have received and understood the transcript content.

Transcript section:
00] For folks who don't know, you are like, you're my go-to.
[00:54:43.000 --> 00:54:53.560] If I'm going to ask someone about espresso, about, you know, what is the perfect temperature for the, how many PSI should I tamp the you have like a manual espresso?
[00:54:53.560 --> 00:54:54.520] Am I saying this thing right?
[00:54:54.520 --> 00:54:56.040] Am I using the right terms?
[00:54:56.040 --> 00:54:57.000] Yeah, yeah.
[00:54:57.000 --> 00:55:01.880] Like a like a miniature version of a of an espresso machine you'd see at a coffee shop.
[00:55:01.880 --> 00:55:02.600] Got it.
[00:55:02.600 --> 00:55:08.520] So like super legit and you make the best lattes I've had at someone's house.
[00:55:08.520 --> 00:55:09.160] All right.
[00:55:09.480 --> 00:55:10.360] First question.
[00:55:10.360 --> 00:55:13.000] This goes from easy to hard.
[00:55:13.000 --> 00:55:20.360] What is the name of the creamy caramel colored foam that forms on top of a properly pulled espresso shot?
[00:55:21.000 --> 00:55:22.680] What is crema?
[00:55:23.320 --> 00:55:24.840] Yeah, Alex.
[00:55:25.160 --> 00:55:26.360] Alex, what is crema?
[00:55:26.600 --> 00:55:27.720] Yes, indeed, sir.
[00:55:27.720 --> 00:55:28.680] Ding.
[00:55:28.680 --> 00:55:32.360] That gives us one correct answer.
[00:55:32.360 --> 00:55:37.080] What's the ideal brew temperature range for extracting espresso?
[00:55:37.080 --> 00:55:39.160] You can answer in Fahrenheit or Celsius.
[00:55:39.160 --> 00:55:39.720] I have both.
[00:55:39.720 --> 00:55:42.200] Or Kelvin, and I can do the conversion.
[00:55:42.840 --> 00:55:44.120] Add 50,000 to it.
[00:55:44.440 --> 00:55:45.080] Exactly.
[00:55:45.640 --> 00:55:47.640] 273, I believe.
[00:55:47.640 --> 00:55:48.280] Yeah.
[00:55:48.280 --> 00:55:48.760] Okay.
[00:55:49.000 --> 00:55:55.560] I'm trying not to cheat right now because if I look across my office, there's a little readout that's blinking the temperature.
[00:55:56.200 --> 00:56:03.640] It's like the PID unit that constantly keeps a constant temperature in the boiler.
[00:56:03.960 --> 00:56:04.760] And this has a range.
[00:56:06.120 --> 00:56:12.600] This has a range of 10 degrees, but you could, if you name the exact middle of the range or something, and the park, I think we could do it.
[00:56:12.600 --> 00:56:18.800] This is somewhere around in the high 190s to 205, something like that.
[00:56:18.960 --> 00:56:19.360] There you go.
[00:56:19.360 --> 00:56:19.840] Perfect.
[00:56:20.160 --> 00:56:24.880] It says between 195 and 205 degrees Fahrenheit.
[00:56:25.520 --> 00:56:33.920] For those of you anywhere in the world but the U.S., that's between 90.5 Celsius to 96 degrees Celsius in case you were curious.
[00:56:35.200 --> 00:56:36.080] Very good, dude.
[00:56:36.080 --> 00:56:37.600] That's two out of two so far.
[00:56:37.600 --> 00:56:41.600] What's the generally accepted pressure in bars?
[00:56:41.600 --> 00:56:43.920] It says, but you can do PSI if you want.
[00:56:43.920 --> 00:56:48.640] What's a generally accepted pressure used for extracting espresso?
[00:56:48.960 --> 00:56:51.680] I want to say it's around 15 bars.
[00:56:51.680 --> 00:56:52.640] I have nine.
[00:56:52.960 --> 00:56:53.280] Nine?
[00:56:53.520 --> 00:56:54.320] Nine bars.
[00:56:54.320 --> 00:56:54.800] Yep.
[00:56:54.800 --> 00:56:55.360] Yeah.
[00:56:55.360 --> 00:56:56.000] Okay.
[00:56:56.000 --> 00:56:56.640] All right.
[00:56:56.640 --> 00:56:58.560] Maybe we'll do one more.
[00:56:58.880 --> 00:57:00.400] I mean, is this even fair?
[00:57:00.400 --> 00:57:01.760] Do you know espresso history?
[00:57:01.760 --> 00:57:06.160] Which Italian company is often credited with inventing the modern espresso machine?
[00:57:06.720 --> 00:57:07.680] Yes, that's what you guess.
[00:57:07.680 --> 00:57:08.640] La Marzoco?
[00:57:09.360 --> 00:57:10.800] La Pavoni.
[00:57:10.800 --> 00:57:11.360] Okay.
[00:57:11.360 --> 00:57:11.760] Yeah.
[00:57:12.080 --> 00:57:13.040] Let's count that one.
[00:57:13.040 --> 00:57:14.720] That one feels like it's like, I don't know.
[00:57:15.040 --> 00:57:23.040] What's the recommended weight range in pounds or kilograms for tamping espresso to ensure even extraction?
[00:57:23.040 --> 00:57:24.480] 30 pounds of pressure.
[00:57:24.480 --> 00:57:25.440] There it is.
[00:57:25.440 --> 00:57:30.640] Ladies and gentlemen, this is why Derek Reimer has a permanent guest spot on Startups for the Rest of Us.
[00:57:30.640 --> 00:57:32.000] It's not that.
[00:57:32.160 --> 00:57:34.080] I thought I was going to make you lose my espresso cred.
[00:57:34.560 --> 00:57:36.240] I was a little nervous.
[00:57:36.640 --> 00:57:37.360] Really sweating.
[00:57:37.760 --> 00:57:39.760] I just throw things at you without even telling you.
[00:57:39.760 --> 00:57:46.800] You know, all the startup knowledge that we've just shared in this episode doesn't compare to what you've just dropped to all the listeners.
[00:57:46.800 --> 00:57:48.160] Thanks for participating.
[00:57:48.160 --> 00:57:48.880] It's good stuff.

Prompt 6: Key Takeaways

Now please extract the key takeaways from the transcript content I provided.

Extract the most important key takeaways from this part of the conversation. Use a single sentence statement (the key takeaway) rather than milquetoast descriptions like "the hosts discuss...". 

Limit the key takeaways to a maximum of 3. The key takeaways should be insightful and knowledge-additive. 

IMPORTANT: Return ONLY valid JSON, no explanations or markdown. Ensure:
- All strings are properly quoted and escaped
- No trailing commas
- All braces and brackets are balanced
Format: {"key_takeaways": ["takeaway 1", "takeaway 2"]}

Prompt 7: Segments

Now identify 2-4 distinct topical segments from this part of the conversation.

For each segment, identify:
- Descriptive title (3-6 words)  
- START timestamp when this topic begins (HH:MM:SS format)
- Double check that the timestamp is accurate - a timestamp will NEVER be greater than the total length of the audio
- Most important Key takeaway from that segment. Key takeaway must be specific and knowledge-additive.
- Brief summary of the discussion

IMPORTANT: The timestamp should mark when the topic/segment STARTS, not a range. Look for topic transitions and conversation shifts.

Return ONLY valid JSON. Ensure all strings are properly quoted, no trailing commas:
{
  "segments": [
    {
      "segment_title": "Topic Discussion", 
      "timestamp": "01:15:30",
      "key_takeaway": "main point from this segment",
      "segment_summary": "brief description of what was discussed"
    }
  ]
}

Timestamp format: HH:MM:SS (e.g., 00:05:30, 01:22:45) marking the START of each segment.

Prompt 8: Media Mentions

Now scan the transcript content I provided for ACTUAL mentions of specific media titles:

Find explicit mentions of:
- Books (with specific titles)
- Movies (with specific titles)  
- TV Shows (with specific titles)
- Music/Songs (with specific titles)

DO NOT include:
- Websites, URLs, or web services
- Other podcasts or podcast names

IMPORTANT: 
- Only include items explicitly mentioned by name. Do not invent titles.
- Valid categories are: "Book", "Movie", "TV Show", "Music"
- Include the exact phrase where each item was mentioned
- Find the nearest proximate timestamp where it appears in the conversation
- THE TIMESTAMP OF THE MEDIA MENTION IS IMPORTANT - DO NOT INVENT TIMESTAMPS AND DO NOT MISATTRIBUTE TIMESTAMPS
- Double check that the timestamp is accurate - a timestamp will NEVER be greater than the total length of the audio
- Timestamps are given as ranges, e.g. 01:13:42.520 --> 01:13:46.720. Use the EARLIER of the 2 timestamps in the range.

Return ONLY valid JSON. Ensure all strings are properly quoted and escaped, no trailing commas:
{
  "media_mentions": [
    {
      "title": "Exact Title as Mentioned",
      "category": "Book",
      "author_artist": "N/A",
      "context": "Brief context of why it was mentioned",
      "context_phrase": "The exact sentence or phrase where it was mentioned",
      "timestamp": "estimated time like 01:15:30"
    }
  ]
}

If no media is mentioned, return: {"media_mentions": []}

Full Transcript

[00:00:00.160 --> 00:00:02.880] You're listening to another episode of Startups for the Rest of Us.
[00:00:02.880 --> 00:00:10.240] I'm Rob Walling, and today I'm joined by fan favorite Derek Reimer as we dive in to listener questions.
[00:00:10.240 --> 00:00:24.400] This episode runs a little long, and I let it run long because we dove really deep into a couple of these questions, and I felt like the deeper we went, the more kind of knowledge we unlocked.
[00:00:24.400 --> 00:00:29.600] And so, I really appreciated Derek spending the time with me today and going over our allotted time.
[00:00:29.600 --> 00:00:44.400] And I hope you'll stick around to the end, even though it's longer than a typical episode, because I really do think some of the things we dug into today are far beyond the surface level of what we could have dug into by only spending five or six minutes answering each question.
[00:00:44.400 --> 00:00:54.880] Before we dive in to our conversation, Microconf Europe is only six weeks away, it's in Istanbul, Turkey from September 28th through the 30th.
[00:00:54.880 --> 00:01:02.480] We already have an amazing docket of speakers, including Michelle Hansen, Mark Thomas, James Mooring, and myself.
[00:01:02.480 --> 00:01:05.440] We're going to have more than 170 attendees.
[00:01:05.440 --> 00:01:15.520] And last year, we had folks from across 30 countries, and something like 25, almost 30% had at least 100K of MRR, not ARR.
[00:01:15.520 --> 00:01:20.880] So it's a really amazing group of Bootstrap founders to be in a room with.
[00:01:20.880 --> 00:01:22.640] This event will sell out.
[00:01:22.640 --> 00:01:25.840] And in fact, we are 89% sold out at this point.
[00:01:25.840 --> 00:01:29.440] We have sold out all of our in-person events for the past few years.
[00:01:29.440 --> 00:01:34.800] So if you want a ticket, you're going to want to head to microconf.com/slash Europe.
[00:01:34.800 --> 00:01:42.800] In addition, I want to tease that we're going to be releasing the first episode of season five of Tiny Seed Tales on Thursday.
[00:01:42.800 --> 00:01:45.680] So keep your eye out for that in this feed.
[00:01:45.680 --> 00:01:47.840] I hope you enjoy the new season.
[00:01:47.840 --> 00:01:51.360] And with that, let's dive into my conversation with Derek.
[00:01:59.880 --> 00:02:02.120] Derek Reimer, welcome back to the show.
[00:02:02.120 --> 00:02:03.400] It's great to be back.
[00:02:03.400 --> 00:02:04.760] Wow, it's great to have you, man.
[00:02:04.760 --> 00:02:08.200] We are digging into listener questions today.
[00:02:08.520 --> 00:02:13.480] Have some across some great topics like how crucial is a co-founder?
[00:02:13.480 --> 00:02:17.240] How can I balance security with producing products?
[00:02:17.240 --> 00:02:18.760] And many more.
[00:02:18.760 --> 00:02:23.160] And our first comes to us from Thomas Parker.
[00:02:23.160 --> 00:02:29.560] I'm hoping I'm pronouncing his name right, but he's asking how crucial it is to have a co-founder.
[00:02:33.720 --> 00:02:34.840] My name's Thomas.
[00:02:34.840 --> 00:02:37.080] Thanks for all the value you create and share.
[00:02:37.080 --> 00:02:47.240] A friend told me about TinySeed when I was starting my project Prism, which you can find at Prism.guide last fall, and I've gotten a lot from the podcast since then.
[00:02:47.240 --> 00:02:58.120] I'm wondering how crucial you think it is to have a co-founder, especially in terms of general success, but also in terms of being a company that TinySeed would potentially fund.
[00:02:58.120 --> 00:03:06.760] I have a 15-year career in the niche world of self-directed education, where I co-founded an education model and nonprofit network called Agile Learning Centers.
[00:03:06.760 --> 00:03:11.960] I've worked on tech projects on the side as a product or project manager, but I'm not a developer.
[00:03:11.960 --> 00:03:27.960] This past fall, I realized I had enough technical knowledge that with some AI coding tools, I could probably build an application that could solve some pain points that the school my wife and I run has had for over 10 years as it relates to documenting and communicating the value of emergent self-directed learning.
[00:03:27.960 --> 00:03:30.360] I was in a cave for 10 weeks with Claude.
[00:03:30.360 --> 00:03:34.520] I had a friend who's an experienced engineer give me advice and check my work along the way.
[00:03:34.520 --> 00:03:44.200] Fast forward seven months, and I've got a dozen micro schools using the application and a bunch more planning to use it this fall, along with verbal commitments to pay for it starting in September.
[00:03:44.200 --> 00:03:46.320] It's currently July 4th.
[00:03:44.680 --> 00:03:51.600] I thought that after getting this first version up and running, I would definitely need a technical co-founder to depend on.
[00:03:51.600 --> 00:03:58.800] But now, after building a lot of new stuff, especially with clawed code and having another friend check the work, I'm starting to wonder if maybe I don't.
[00:03:58.800 --> 00:04:02.960] Of course, I've tried to poach friends from their high-paying jobs, but no dice.
[00:04:02.960 --> 00:04:11.040] I don't want to work with the wrong person, but I also love the idea of having someone that I can really depend on and think deeply about the product with.
[00:04:11.040 --> 00:04:15.200] So, should I keep sailing or hit the brakes and find a technical partner?
[00:04:15.520 --> 00:04:17.760] And I want to say one thing before I pass it to you, Derek.
[00:04:17.760 --> 00:04:21.040] I actually think this is maybe two questions.
[00:04:21.040 --> 00:04:25.280] One, there's this idea of just having a co-founder, period.
[00:04:25.600 --> 00:04:30.960] The other is having a technical co-founder if I'm not and I'm building SaaS specifically.
[00:04:30.960 --> 00:04:33.280] So, maybe we can separate those two.
[00:04:33.280 --> 00:04:35.040] And you can answer one or both.
[00:04:35.040 --> 00:04:38.320] I'll just kick it to you, and then I obviously have some thoughts on my own.
[00:04:38.320 --> 00:04:39.760] Yeah, this is an interesting one.
[00:04:39.760 --> 00:04:47.040] I think because we've, even you and I, I think, in listener questions before, have talked kind of about co-founder dynamics and having them.
[00:04:47.040 --> 00:05:07.440] But I think the interesting piece here is sort of that line of thinking around: okay, I'm non-technical, but we're kind of entering a brave new world here of AI tooling that allows non-technical people to get really far with building software products, whether you call it a prototype or an MVP, or even pass it as a full-blown production-grade application.
[00:05:07.440 --> 00:05:13.840] You know, doing this without necessarily having the rigorous oversight of someone technical on the team.
[00:05:13.840 --> 00:05:18.160] And I think that's really the interesting of the moment bit here.
[00:05:18.160 --> 00:05:26.560] And I don't want this to come off as disrespectful at all to tenacious founders who are like, who are doing this and building products without having someone technical on the team?
[00:05:26.560 --> 00:05:29.280] But in general, I find this a bit alarming.
[00:05:29.280 --> 00:05:31.560] I would feel like I always have to put a timestamp on this.
[00:05:29.840 --> 00:05:33.960] We're talking mid-summer 2025.
[00:05:34.280 --> 00:05:37.960] So things might be different in three months, six months, a year.
[00:05:37.960 --> 00:05:39.880] Who knows where tooling is going to go?
[00:05:39.880 --> 00:05:48.520] But at least in this moment, I've worked a lot with LLMs helping me write code in my various products.
[00:05:48.520 --> 00:06:01.240] And I would say I would have a hard time trusting an LLM to produce code that is necessarily up to snuff on security and just maintainability in general.
[00:06:01.240 --> 00:06:09.640] But I think there's been a lot of memes passed around over the last few weeks and months about apps that are vibe-coded that then people are hacking really easily.
[00:06:09.640 --> 00:06:30.440] So especially if you're not prompting an LLM with the knowledge that a developer would have, you don't necessarily know what to ask it to do in terms of making sure that authorization and access are locked down on all endpoints and just all the different things you would think about as a web developer.
[00:06:30.440 --> 00:06:33.080] The LLM may not know if that's a priority for you.
[00:06:33.080 --> 00:06:35.800] And if you don't ask it to do it, there's a chance it won't.
[00:06:35.800 --> 00:06:48.200] These types of things don't often get caught until someone pops open developer tools and looks at the API requests it's making in the background and discovers, oh, you have this unsecured endpoint where I can query all your users or whatever.
[00:06:48.200 --> 00:07:01.640] So I think there's a lot of reasons to be concerned about trying to go deep into production with a code base that hasn't been at least kind of curated by a developer.
[00:07:01.640 --> 00:07:05.480] I know you mentioned he has a friend who's a developer who's kind of spot checking his code.
[00:07:05.480 --> 00:07:08.200] And that's good on him for doing that.
[00:07:08.200 --> 00:07:16.720] But I think if you're going to build a SaaS, it's worthwhile to try to have someone as soon as possible on your team kind of in charge of the technical side.
[00:07:17.040 --> 00:07:29.520] I think there's also the piece of like most of these tools today that help you build like a V1 of a product are kind of effective because they're able to hold most of the product in the context window of the LLM.
[00:07:29.520 --> 00:07:34.960] So like, you know, in the early days, it kind of knows everything all the time and it can keep building stuff.
[00:07:34.960 --> 00:07:44.800] But as soon as your code base gets sufficiently large where it doesn't all fit in the context window, that's when figuring out how to basically manage the context gets more and more difficult.
[00:07:44.800 --> 00:07:50.720] And it starts producing things that it doesn't necessarily know you have this other area of the code base because it's not all in context.
[00:07:50.720 --> 00:07:54.960] And so you start getting spaghetti code, duplicate code, things that are not well-factored.
[00:07:54.960 --> 00:07:59.200] And I think that's kind of a hard cliff that a lot of people are bumping up against these days.
[00:07:59.200 --> 00:08:04.160] Now, maybe we'll get to the point where there's nearly infinite context and this is not a concern anymore.
[00:08:04.160 --> 00:08:17.280] But at least for now, this could be something unforeseen that will catch you out when suddenly the AI is not really able to produce features like it has been in the past because you reach this kind of hard limit.
[00:08:17.600 --> 00:08:21.280] Yep, 100% on the same page.
[00:08:21.600 --> 00:08:27.680] And what strikes me is that conversation you and I had two, three months ago.
[00:08:27.680 --> 00:08:36.240] Well, it was the whole DD group, and you specifically were talking about your process with how you use AI to help augment and make you faster writing code.
[00:08:36.240 --> 00:08:37.440] Because I haven't done it, right?
[00:08:37.440 --> 00:08:38.720] I haven't used AI to write code.
[00:08:38.720 --> 00:08:44.640] And you basically said, yeah, I tell it what to do, and then I look through it and I'm like, oh, it did all this wrong.
[00:08:44.640 --> 00:08:48.880] And then I tell it to fix these things, and then I make sure that it's fixed.
[00:08:48.880 --> 00:08:58.480] You, as the senior, super senior dev, are spot checking and making sure it's security, it's maintainability, it's brittleness, it's whatever else, and you're sanity checking that.
[00:08:58.480 --> 00:09:08.840] It's the same way where if I ask, if I ask ChatGPT to help me outline a YouTube video or to help me brainstorm blah, blah, blah, or I have a tweet I want to say on this thing, like write the tweet.
[00:09:08.840 --> 00:09:11.800] I then look at that and say, man, it really messed up.
[00:09:11.800 --> 00:09:14.520] Like by my, I have a taste, I have an editorial eye.
[00:09:14.520 --> 00:09:17.560] I never copy and paste straight out of ChatGPT into anything.
[00:09:17.560 --> 00:09:19.880] It's just never, it's never 100% there.
[00:09:19.880 --> 00:09:21.160] It might get 90%.
[00:09:21.160 --> 00:09:23.720] And in most cases, it's more like 75%.
[00:09:23.720 --> 00:09:31.080] And I have to then tweak it and transform it to make it, to me, make it good, make it great.
[00:09:31.080 --> 00:09:43.480] And so without that step, that's where as a non-technical or as an entry-level dev using ChatGPT, it's kind of two entry-level devs working together is what it feels like.
[00:09:43.480 --> 00:09:45.720] And here's the thing that can work.
[00:09:45.960 --> 00:09:49.960] I'm going to do a metaphor here with construction, like of constructing a building.
[00:09:49.960 --> 00:09:58.840] You and I, as not, I mean, we are handy enough to use a screwdriver and nail, you know, nail boards and the thing with the place.
[00:09:58.840 --> 00:10:03.560] You and I could go out back on my property and we could build an outhouse.
[00:10:03.560 --> 00:10:05.640] I would feel confident that you and I could figure that out.
[00:10:05.640 --> 00:10:06.520] We could watch YouTube.
[00:10:06.520 --> 00:10:11.000] We could go to Home Depot and we could even maybe build a tool shed from scratch.
[00:10:11.000 --> 00:10:15.080] Now, maybe, maybe it wouldn't all be right angles, but we would figure it out.
[00:10:15.080 --> 00:10:18.120] The moment that I said, dude, I want to build a two-car garage.
[00:10:18.120 --> 00:10:19.480] Will you come help me?
[00:10:19.480 --> 00:10:21.640] That's when I start thinking, exactly.
[00:10:21.640 --> 00:10:23.880] You're like, because it's like, no, this is not a good idea.
[00:10:23.880 --> 00:10:25.960] Well, what if I was like, dude, I want to build a one-story house?
[00:10:25.960 --> 00:10:26.520] Come help me.
[00:10:26.520 --> 00:10:27.800] You know, a two-story house.
[00:10:27.800 --> 00:10:30.280] I want to build a commercial building that's three stories.
[00:10:30.280 --> 00:10:31.320] I want to build a skyscraper.
[00:10:31.320 --> 00:10:38.280] Like, you can build, if you're going to build a tiny little utility that converts PDFs to MP3s, which isn't really a thing, but you know what I mean?
[00:10:38.280 --> 00:10:39.960] Like, cool, vibe code that thing.
[00:10:39.960 --> 00:10:40.760] It does one thing.
[00:10:40.760 --> 00:10:42.120] That's your outhouse.
[00:10:42.120 --> 00:10:51.600] The moment you're building Savvy Cal, the moment you're building Drip, you're talking commercial buildings, you're talking maybe not skyscrapers, but you know, it's a totally different thing.
[00:10:51.600 --> 00:10:58.480] And so that's where, as a non-technical founder, you just got to be really careful with this stuff because it can often work in the short term.
[00:10:58.480 --> 00:11:09.920] You can get something into production that'll work in the next, it'll work for a month, it'll work for five months, it'll work for six months, and then until it doesn't, until there's bugs all over, until you change any line of code and it breaks six other places.
[00:11:09.920 --> 00:11:12.320] And AI doesn't fix that.
[00:11:12.320 --> 00:11:20.800] And it's the same thing we see with tiny seed companies across 204 companies we funded, and I think 300-something founders.
[00:11:20.800 --> 00:11:25.200] And 85 to 90% of the companies have at least one technical founder.
[00:11:25.200 --> 00:11:35.680] And the ones that don't, the 10, 15% that don't, code maintainability, code velocity, security, just all this stuff is there is always their number one issue, inevitably.
[00:11:35.680 --> 00:11:42.240] And so it's not that we don't fund teams with non-technical founders, but it is this will be your biggest headwind.
[00:11:42.560 --> 00:12:06.640] Yeah, do you feel like, because this is always the question, like, so you're a founder, solo founder, at least like he is for the moment, and he's considering like, should I stop and try to find a co-founder or should I, I guess the alternative would be like, maybe you find someone, a dev contractor who's within a budget range that he could afford and have that person start to take over the vibe-coded code base?
[00:12:06.640 --> 00:12:14.240] Or how important do you think like having someone with equity stake at this stage versus like hiring contractors?
[00:12:14.480 --> 00:12:21.200] Yeah, I know I can think of some folks that are good friends of mine that are in this seat of like solo founder, non-technical.
[00:12:21.200 --> 00:12:25.600] And I'm sure they've struggled here and there to like even know how to hire developers.
[00:12:25.600 --> 00:12:27.280] So that's something that's tricky, right?
[00:12:27.280 --> 00:12:29.040] So, yeah, how do you think about this?
[00:12:29.040 --> 00:12:29.960] That's always the hard part.
[00:12:29.760 --> 00:12:34.600] And that's usually the issue with folks who, let's say, pre-AI and pre-no-code.
[00:12:34.920 --> 00:12:49.240] Well, not pre-no-code, but like before no-code got really good at building stuff, even like three, four years ago, non-technical founder would hire a freelancer, a contractor, because, you know, again, all right, so I'm going to build a one-story house or a two-story house.
[00:12:49.240 --> 00:12:57.080] I'm not going to ask Derek to come over, but I am going to hire a single carpenter, you know, off of Craigslist and say, come build that house.
[00:12:57.400 --> 00:12:58.840] Do they know how to architect a house?
[00:12:58.840 --> 00:12:59.640] Do they know structure?
[00:12:59.800 --> 00:13:00.280] They don't.
[00:13:00.280 --> 00:13:02.920] Like, they know how to write some code, you know, is the analogy.
[00:13:02.920 --> 00:13:11.240] And so, you know, a carpenter can nail boards together and we'll know some stuff, but that house is not going to be what it should be because you really do need expertise in a team of people.
[00:13:11.240 --> 00:13:14.520] And that's product and, you know, all the other stuff.
[00:13:14.520 --> 00:13:22.760] So that is the tough thing: is you kind of, how do you know how to hire a developer who really knows what they're doing when you don't know what you're doing?
[00:13:22.760 --> 00:13:28.680] Now, you can get a friend or you can hire a super senior dev to help you interview, and it might work out.
[00:13:28.680 --> 00:13:33.400] In most cases, that person stays with you for six to 12 months, then they leave.
[00:13:33.400 --> 00:13:36.920] Then the next person you hire says, we need to rewrite this entire code base from scratch.
[00:13:36.920 --> 00:13:38.440] It's completely unmaintainable.
[00:13:38.440 --> 00:13:45.080] I mean, I see this over and over and over, which is always like, oh boy, you know, this is, it's, it's the headwind, right?
[00:13:45.080 --> 00:13:47.480] So this is one of those tough things.
[00:13:47.480 --> 00:13:59.320] Like, if I were to say, I want to, me, Rob Walling, I want to get into manufacturing, like, I'm going to design and manufacture tabletop board games, or I want to design and manufacture hardware of some kind.
[00:13:59.320 --> 00:14:01.640] I have no experience doing that.
[00:14:01.640 --> 00:14:03.640] So it's like, should I learn it?
[00:14:03.640 --> 00:14:04.440] I'm not a designer.
[00:14:04.440 --> 00:14:06.280] Should I learn design or should I go hire a designer?
[00:14:06.280 --> 00:14:08.920] I guess design's a tough one because that's when you can just identify.
[00:14:08.920 --> 00:14:17.200] There's no like, this is where some of the analogies break down: there's no long-term maintainability of design.
[00:14:17.200 --> 00:14:21.040] If the design is good and I see that the pieces look good and the board looks amazing, great, ship it.
[00:14:21.040 --> 00:14:21.680] It's a game.
[00:14:21.680 --> 00:14:26.320] Code, much like a building, you know, has this under, what is it?
[00:14:26.320 --> 00:14:27.200] It's like the iceberg.
[00:14:27.200 --> 00:14:34.880] There's stuff under the water that you don't under, you don't see that this will f you a year down the line or two years down the line once you've had success.
[00:14:34.880 --> 00:14:46.640] That, so we're, we're pretty doom and gloom on this, but and it's not always the case, but it is the majority of the cases, you know, where not having a technical co-founders really, really can come back to bite you.
[00:14:46.960 --> 00:14:54.480] Yeah, I mean, I think about how hard, even being a developer, how hard it is to keep a code base maintainable.
[00:14:54.480 --> 00:15:15.440] And I would argue most developers don't have a code base as maintainable as they would want it to be because you make decisions and then you learn some things and a year goes by and you learn more about what features you maybe should have built from the beginning and now they're bolted on in a way where you're not quite happy, but you're constantly making these practical decisions of like, I'm not going to go back and rewrite this entire subsystem.
[00:15:15.440 --> 00:15:16.560] Like it's not worth the effort.
[00:15:16.560 --> 00:15:20.960] So instead we'll bolt the thing on, but it's not as pristine and perfect as it could have been.
[00:15:20.960 --> 00:15:24.960] And then you just layer those decisions on again and again and again over the life cycle of a product.
[00:15:24.960 --> 00:15:35.040] And before you know it, you're always contending with a certain amount of technical debt that you don't want to have around, but you can't justify pumping the brakes on the entire business to go and pay down that technical debt.
[00:15:35.040 --> 00:15:39.280] And so, yeah, it's just a lot to think about even as a developer.
[00:15:39.280 --> 00:15:47.040] And if you don't have a developer on the team, the AI is not going to be, the AI is just, it's just fancy autocomplete, really, if we're thinking about it.
[00:15:47.040 --> 00:15:51.520] So it's not necessarily, yeah, it's not, it's not thinking about these things.
[00:15:51.520 --> 00:15:59.200] Yeah, and that's the thing, you know, to back to your earlier question, which I didn't answer, which was, could you hire a developer and how important is it that they have equity?
[00:15:59.200 --> 00:16:04.280] In my opinion, this is one of these things where I don't, this is not an always-never absolute thing.
[00:16:04.280 --> 00:16:05.480] You just hear there's a leaning.
[00:16:05.480 --> 00:16:08.520] I'm like 90%, 95% on these opinions.
[00:16:08.520 --> 00:16:09.560] There is a little wiggle room.
[00:16:09.560 --> 00:16:10.760] I have seen some work.
[00:16:10.760 --> 00:16:12.760] I've just seen so many not work.
[00:16:12.760 --> 00:16:21.400] For me, if I was starting a SaaS tomorrow, I would want to be working with a developer who had ownership of that code base and who had equity in the company.
[00:16:21.400 --> 00:16:26.840] And I would find that person is what I would do, especially if I'm not going to write the code.
[00:16:26.840 --> 00:16:31.720] I can't imagine doing it any other way and having it long-term work.
[00:16:31.720 --> 00:16:32.280] It can work.
[00:16:32.360 --> 00:16:32.920] It's the thing.
[00:16:32.920 --> 00:16:40.280] It can work in the short term, you know, get the MVP, as you said, or get that, you know, just enough to prove it out.
[00:16:40.280 --> 00:16:45.880] But it's likely if they don't have equity and want to be in it for the long term that you are going to have to rewrite it.
[00:16:45.880 --> 00:16:58.840] And we see this with, we've funded a handful, and I don't know the exact numbers, but it's five or less of no-code code bases, no-code apps, I guess I would call them, you know, that are built in Airtable bubble, that kind of stuff.
[00:16:58.840 --> 00:17:03.880] And all of them have been rewritten or will need to be rewritten.
[00:17:03.880 --> 00:17:06.200] It just doesn't work when it's pure SaaS play.
[00:17:06.200 --> 00:17:08.680] If you're a service on top of SaaS, it's one thing, right?
[00:17:08.680 --> 00:17:10.200] You can kind of manage it.
[00:17:10.200 --> 00:17:15.400] But I think it's just too core to the business to not have someone have ownership of that.
[00:17:15.400 --> 00:17:20.840] It's kind of like saying, I'm going to hire my first salesperson right now and have them do all the selling.
[00:17:20.840 --> 00:17:22.360] And it's like, they don't even know what you have.
[00:17:22.680 --> 00:17:24.680] As a founder, you kind of have to do that.
[00:17:24.680 --> 00:17:40.920] I will say on the non-doom and gloom side of this, I feel like five years ago, we would have said, try to prove out your idea by building something, cobbling something together with spreadsheets and a Google Doc and a Google form or whatever, you know, like naming the tools du jour from that era.
[00:17:40.920 --> 00:17:50.000] And I would say now it's a lot easier to build something that looks a lot closer to a full-blown production app as your prototype, you know, for proving something out.
[00:17:50.160 --> 00:17:56.400] And so I think that's still, that's a good thing, and that will help you do your validation efforts better.
[00:17:56.400 --> 00:18:08.240] And then I think the big thing is having the restraint to not keep a prototype in production if it's not actually up to par on what you want to maintain long term.
[00:18:08.240 --> 00:18:12.000] But you should probably try to make that decision as early on as possible.
[00:18:12.000 --> 00:18:24.800] Like, I think it'd be pretty painful if you take your prototype and then you end up bringing it into production and you go, you know, a year, two years in where you have all these customers using this thing, and then you have to stop the world and rewrite.
[00:18:24.800 --> 00:18:25.840] That's going to be pretty painful.
[00:18:25.840 --> 00:18:42.720] I've always been a fan of like the product you build from the start, try to keep that code base and not have to scrap it and start over, if at all possible, because you build up so much knowledge and you pay down, you find bugs and you fix them, and all of that gets lost if you scrap the code base.
[00:18:42.720 --> 00:18:44.880] So, yeah, so I think that's the tricky thing.
[00:18:44.880 --> 00:18:52.880] And maybe this code base that has been built by the non-technical founder is still usable and moldable into something else.
[00:18:52.880 --> 00:19:00.080] It's possible you might be able to, you know, hand that off to a developer and they can sort of continue maintenance of the same code base.
[00:19:00.080 --> 00:19:00.960] But I don't know.
[00:19:00.960 --> 00:19:07.280] I would be thinking about trying to do this as early on in the life cycle as possible once you're sure, like, yep, we're going to go forward with this as a business.
[00:19:07.280 --> 00:19:13.360] Yeah, and I like what you've said about the plus side: the tools today are so much better than they were five years ago, whether it's AI or no-code.
[00:19:13.760 --> 00:19:15.840] You can build full-blown line of business apps now.
[00:19:15.840 --> 00:19:24.800] We have several within Microcomp and TinySeed that were built by non-technical people who just kind of figured it out and we use them and we didn't have to pay a bunch of money to have them built.
[00:19:24.800 --> 00:19:26.880] And we certainly, you know, are not paying a third party.
[00:19:26.880 --> 00:19:41.560] And that's the thing is not only for validation, but if you get to 3K, 5K MRR with something that's clunky, but it's a tool shed or a garage that you've built with AI, that's a lot of validation there.
[00:19:41.560 --> 00:19:47.080] Now, standing still for six months to rebuild it, which is usually about what it takes from what I've seen.
[00:19:47.080 --> 00:19:50.440] Again, this is not a tiny little utility that does PDF to MP3 conversion.
[00:19:50.440 --> 00:19:53.640] This is like a real, you know, app that actually has logic and such.
[00:19:53.640 --> 00:19:56.920] Standing still for that time can be painful, but like what other option do you have?
[00:19:56.920 --> 00:20:03.080] Like you're a non-technical person starting a SaaS, like that there is a headwind there for better or worse.
[00:20:03.080 --> 00:20:05.400] So thanks for that question, Thomas.
[00:20:05.400 --> 00:20:06.920] I hope it was helpful.
[00:20:06.920 --> 00:20:14.280] And I think the second thing we never, this is like the longest answer ever to a question, but second thing we didn't address was like just having a co-founder in general.
[00:20:14.280 --> 00:20:16.520] And he asked specifically around tiny seed funding.
[00:20:16.520 --> 00:20:19.800] So we have funded gobs of single founder companies.
[00:20:19.800 --> 00:20:30.600] And I don't remember the exact number, but it's probably 50%, if I'm guessing, are single founder and another 35% are two-founder.
[00:20:30.600 --> 00:20:34.200] If I were to just ballpark it, so that puts us to 85, maybe even more.
[00:20:34.200 --> 00:20:36.840] Maybe it's like 60, 35 or something.
[00:20:37.160 --> 00:20:37.640] Probably nothing.
[00:20:37.640 --> 00:20:38.200] You get the idea.
[00:20:38.200 --> 00:20:40.360] Like it's half or more are single founders.
[00:20:40.360 --> 00:20:41.480] And that's fine.
[00:20:41.480 --> 00:20:48.520] Like, especially if you are a technical founder, the biggest challenge of being a single founder is it's kind of lonely.
[00:20:48.520 --> 00:20:50.920] You don't have as much of a sounding board.
[00:20:50.920 --> 00:21:04.600] Now, you can have advisors, investors, mastermind partners, you know, just friends, network, or like smart people that you can reach out to, especially if you're in a, obviously, if you're in a network like Tiny Seed, you have a ton of smart people you can reach out to, but even in the broader MicroConf space or whatever.
[00:21:04.600 --> 00:21:08.520] But the loneliness and kind of the I'm all on my own thing, it can get old.
[00:21:08.520 --> 00:21:18.240] Some people love it, and most people eventually find that it's a little bit of a drain to not be able to celebrate the wins with someone and to also go through the hard times with someone.
[00:21:18.560 --> 00:21:20.720] You know, you and I both done both, right?
[00:21:20.720 --> 00:21:22.640] You've been a single founder as you are right now.
[00:21:22.640 --> 00:21:24.320] You and I were together on Drip.
[00:21:24.320 --> 00:21:27.920] I've had both single founder and co-founders on my stuff.
[00:21:27.920 --> 00:21:31.680] But what's your reflection on just that difference?
[00:21:31.680 --> 00:21:34.640] Yeah, I think I, I mean, I see the pros and cons of both.
[00:21:34.640 --> 00:21:38.000] And obviously, I've done them, done both in different seasons.
[00:21:38.000 --> 00:21:47.760] For me, I love working autonomously because I can move so fast and I can kind of, you know, stretch my abilities in a bunch of different areas.
[00:21:47.760 --> 00:21:50.320] And I find some joy in that for sure.
[00:21:50.320 --> 00:21:59.840] But I also think it, on the flip side, the really hard part about it is it takes so much activation energy all the time from the founders of a company.
[00:21:59.840 --> 00:22:02.560] You can't, I don't think the same thing comes from employees.
[00:22:02.560 --> 00:22:09.840] You know, it has to come from the founders or founder to just keep the energy going behind a company.
[00:22:09.840 --> 00:22:12.800] And you're usually going to have one bias in one direction.
[00:22:12.800 --> 00:22:15.360] Mine is definitely I'm biased towards building.
[00:22:15.360 --> 00:22:22.880] And the business and marketing side is a necessary thing because I'm building a business and I'm not just building a product with no customers, you know?
[00:22:22.880 --> 00:22:29.760] So what that means is I'm constantly having to fight against my desire to just build more and to focus on the other areas.
[00:22:29.760 --> 00:22:42.240] And if I had a co-founder who was like the kind of the classic split of one person in charge mainly of product and dev and the other person in charge of sales and marketing, then you can both kind of default to your zone of genius.
[00:22:42.240 --> 00:22:48.480] And that's where you spend most of your time and you both deploy your founder activation energy in that direction.
[00:22:48.480 --> 00:22:49.680] And it's a great thing.
[00:22:49.680 --> 00:23:15.000] So, I think, yeah, it's a challenging road to be a solo founder, especially if you find yourself kind of in the midpoint cycle of a business where it's like we just kind of have to muscle through this and keep going and keep mustering that activation energy and balancing the zone of genius thing and being willing to devote a good chunk of your time towards an area where maybe you don't feel like that's your passion, but it's necessary for the business.
[00:23:15.000 --> 00:23:16.440] That's a good summary.
[00:23:16.440 --> 00:23:18.280] So, thanks for that question.
[00:23:18.280 --> 00:23:19.400] Hope it was helpful.
[00:23:19.400 --> 00:23:21.160] We're going to bounce to our next one.
[00:23:21.160 --> 00:23:28.040] This is from Kelly about how to balance security with producing products.
[00:23:32.520 --> 00:23:33.160] Hi, Rob.
[00:23:33.160 --> 00:23:37.080] I'm a software engineer, and I would love to start my SaaS journey through contracting.
[00:23:37.080 --> 00:23:44.600] I have a family member who is in an underserved industry that could use a lot of help when it comes to automating mundane tasks and creating workflows.
[00:23:44.600 --> 00:23:51.320] I know how to automate tasks for myself, but how could I possibly make and package something for someone else in a secure manner?
[00:23:51.320 --> 00:23:56.600] I feel like I need a degree in cybersecurity before ever feeling qualified to produce something for a customer.
[00:23:56.600 --> 00:24:00.040] Will I ever reach a point of okay, this code is safe?
[00:24:00.040 --> 00:24:05.160] It feels like code needs to be absolutely perfect before shipping, so I become too scared to even start.
[00:24:05.160 --> 00:24:10.280] I fear I will spin my wheels and never ship anything because it will never feel secure enough.
[00:24:10.280 --> 00:24:11.240] Love the podcast.
[00:24:11.240 --> 00:24:13.720] Thanks so much for all your help and insights.
[00:24:13.720 --> 00:24:19.720] I liked your phrase about getting a degree in cybersecurity or something like that.
[00:24:19.720 --> 00:24:25.240] So, as always, this is that balance, right, of risk versus reward and what you're willing to take on.
[00:24:25.240 --> 00:24:34.200] But, Derek Reimer, you have shipped many, many applications, including very complex ones, into the wild with real-life customers, and you do not have a degree in cybersecurity.
[00:24:34.200 --> 00:24:37.400] So, how do you think about this?
[00:24:37.400 --> 00:24:44.560] Yeah, I find this funny too that this follows the previous question where we're kind of talking about vibe-coded code bases and how they're a little lax on security.
[00:24:44.360 --> 00:24:49.680] And then here we have kind of the other side of it where I think Kelly identifies herself as a software developer.
[00:24:50.000 --> 00:25:03.120] I don't know what her exact experience is, but you know, has the technical background and yet is still nervous about the security risk of shipping code into production with real customer data.
[00:25:03.120 --> 00:25:05.040] And I can definitely empathize with that.
[00:25:05.040 --> 00:25:14.960] I mean, I've fought, I feel like I've had to fight malicious actors in all the businesses I've had, whether it's spammers trying to abuse our systems, that's usually how it plays out.
[00:25:14.960 --> 00:25:19.760] To my knowledge, I've never had someone try to hack a database and successfully get into any systems.
[00:25:19.760 --> 00:25:30.400] But just knowing that at all times there are bad actors out there scanning the internet, trying to break into web applications can be a bit unnerving.
[00:25:30.400 --> 00:25:31.920] So, I have a couple thoughts on this.
[00:25:31.920 --> 00:25:38.480] I think you're probably, again, I don't know your background exactly, but you're probably more qualified than you think you are.
[00:25:38.720 --> 00:25:46.160] I think as these days, as we're learning about web development, a lot of these things are just sort of either baked into the frameworks that we're already learning.
[00:25:46.160 --> 00:25:58.320] So, if you're using Rails or Laravel or Phoenix or any of these modern frameworks, they come with a ton of kind of best practices baked into them because there's just so many developers using them all the time.
[00:25:58.320 --> 00:26:01.360] And most of us don't have that degree in cybersecurity.
[00:26:01.360 --> 00:26:07.680] So, we're having to lean on the tooling that the open source community kind of has collectively pulled together.
[00:26:07.680 --> 00:26:13.120] And these days, all of these major frameworks have so much built into save you.
[00:26:13.120 --> 00:26:19.920] Like, I remember back in the maybe the 2000s or something, people were dealing with SQL injection attacks all the time, right?
[00:26:19.920 --> 00:26:23.760] Where people try to paste in a string to hack an SQL query.
[00:26:23.760 --> 00:26:32.280] And these days, I would say, you know, 99% of web developers are just using ORMs, the object-relational mappers, built into the framework.
[00:26:29.680 --> 00:26:36.520] And that handles all of the escaping and sanitizing of user input.
[00:26:36.680 --> 00:26:49.160] So the odds that you'll run into an SQL injection attack are very slim if you're using kind of the baked-in tooling that has been heavily tested and just kind of patches over a lot of those problems.
[00:26:49.160 --> 00:27:00.760] The other thing I think about is kind of leaning hard on platform as a service whenever possible for actually deploying stuff and kind of keeping your infrastructure as simple as possible.
[00:27:00.760 --> 00:27:13.480] So these days, I don't stand up my own EC2 instances and make myself be responsible for patching the firewall and making sure that there's no open ports and all that kind of stuff.
[00:27:13.480 --> 00:27:22.760] Like, yes, you can do that, but it's extra time and there is that fear that you're going to miss something or there's some kind of operating system patch that you didn't apply in time.
[00:27:22.760 --> 00:27:31.800] So rather than worry about that, these days I like to lean on platform as a service that I trust that will manage all those aspects for me.
[00:27:31.800 --> 00:27:33.560] And it just keeps things simple.
[00:27:33.560 --> 00:27:38.920] Now it's their liability to make sure that the OS is patched and that the firewalls are in place.
[00:27:38.920 --> 00:27:44.600] And of course, if you're choosing a reputable one, they should have all that stuff documented about their process for it.
[00:27:44.600 --> 00:27:48.760] And there's a handful of these that are very well established at this point.
[00:27:48.760 --> 00:27:50.360] So that's the approach I choose.
[00:27:50.360 --> 00:27:51.320] Same for the database.
[00:27:51.560 --> 00:27:54.520] I don't stand up my own servers to run my own databases.
[00:27:54.520 --> 00:27:59.320] I use a managed database host that has all of their firewalls locked down.
[00:27:59.320 --> 00:28:04.440] And really, what you want to be concerned with is where data lives and where it flows.
[00:28:04.440 --> 00:28:16.080] So, you know, if you're using managed providers for your servers and your databases and you can kind of easily map how the data flows between them, you're going to be in pretty good shape.
[00:28:16.080 --> 00:28:17.440] It's a great summary.
[00:28:17.440 --> 00:28:22.160] But, Derek, isn't everyone moving to rolling your own hardware?
[00:28:22.160 --> 00:28:24.160] Don't you want it to go bare metal hardware?
[00:28:24.400 --> 00:28:32.880] Do you see this online and it's like, dude, if you have $100 million in ARR in your board, you should go roll your own hardware.
[00:28:32.880 --> 00:28:33.840] You know what I mean?
[00:28:34.320 --> 00:28:37.120] Have you and I already talked about this on the podcast, or has it just been private?
[00:28:37.120 --> 00:28:44.240] Where it's like, come on, man, don't, it's not a good use case for 99% of bootstrappers.
[00:28:44.240 --> 00:28:44.800] Yeah.
[00:28:44.800 --> 00:28:53.520] Ultimately, I think it's the only justification you can really make for it is one, if you just want the technical exercise of doing it, but two, if you want to try to save cost.
[00:28:53.520 --> 00:29:00.720] And like at the scale that I would say 99% of listeners of this podcast are at, it's not worth trying to save the cost.
[00:29:00.720 --> 00:29:07.120] Like just lean on these companies that are building this tooling and assuming all the liability for it.
[00:29:07.120 --> 00:29:12.880] There's a huge incentive for these platform as a service companies to not have vulnerabilities.
[00:29:12.880 --> 00:29:15.520] And I like to rely on that.
[00:29:15.840 --> 00:29:16.400] Big time.
[00:29:16.400 --> 00:29:26.000] And you and SavvyCal, even with thousands of customers paying you, you're still able to afford like a pass is not a blocker for you.
[00:29:26.720 --> 00:29:32.000] With Drip, we started on Heroku and Drip was very big and very complicated.
[00:29:32.000 --> 00:29:34.960] And we did have to migrate off within the first year, I think, which was a pain.
[00:29:34.960 --> 00:29:36.560] I remember that being a big hassle.
[00:29:36.560 --> 00:29:38.640] But I'm glad we started where we started.
[00:29:38.640 --> 00:29:39.600] It got us there quick.
[00:29:39.600 --> 00:29:41.040] We didn't have to roll our own stuff.
[00:29:41.040 --> 00:29:47.840] And frankly, maintaining the DevOps effort from then on to maintain our servers was a was necessary.
[00:29:47.840 --> 00:29:49.600] It was a pain in the ass.
[00:29:49.600 --> 00:29:50.080] Yeah.
[00:29:50.080 --> 00:29:51.200] It was a pain in the ass.
[00:29:51.200 --> 00:29:55.760] Like, if we could have stayed on, even paid Heroku, you know, quite a bit of money, like we would have done it.
[00:29:55.760 --> 00:29:57.680] So, it's another reason.
[00:29:57.840 --> 00:30:02.600] I appreciate Kelly's question, and I think you've covered it quite well.
[00:30:02.920 --> 00:30:10.440] I would say it's the kind of thing where, like, if you have to ask the question, then that means you're probably in a pretty good position to build something that's quite secure.
[00:30:10.440 --> 00:30:15.240] It's when you're not thinking about security at all, it's when you're going to run into problems.
[00:30:15.240 --> 00:30:17.720] So, just the fact that you're asking is a good sign.
[00:30:17.720 --> 00:30:41.160] And if you feel like there's some like some fundamentals that maybe you're missing, I'm sure it's not a great answer, but I'm sure if you just like, you know, Google for like a basics of web security kind of course or something like that, like there's got to be some things out there that kind of just outline like these are the top, the top things to be thinking about when you're trying to secure a system, you know, just to give you that primer.
[00:30:41.160 --> 00:30:44.120] Yeah, so I hope you appreciate that answer, Kelly.
[00:30:44.120 --> 00:30:46.520] Obviously, we're not security experts, nor are we lawyers or anything.
[00:30:46.520 --> 00:30:49.480] It's a lot of it is around risk tolerance.
[00:30:49.480 --> 00:31:06.760] And frankly, we used to, when I was a contractor consultant writing code dollars for hours, we had the gold-plated quote, the gold-plated version of the software, which is like, oh, we're going to spend, this was back in the early 2000s, so it's like an extra 20% to like write some tests and an extra 20% to do a ton of security, this and that.
[00:31:06.760 --> 00:31:10.120] And it just, the quote got bigger and bigger and bigger.
[00:31:10.120 --> 00:31:12.680] And it's like, it'll be relatively secure.
[00:31:12.680 --> 00:31:14.440] It's .NET and we follow best practices.
[00:31:14.440 --> 00:31:17.240] So even without that extra 20%, it's generally secure enough.
[00:31:17.240 --> 00:31:21.560] But like if we spent that extra 20 grand or 40 grand or whatever, we can really lock it down.
[00:31:21.560 --> 00:31:25.160] And that's kind of what you're balancing here: it's like, how much effort do you put?
[00:31:25.160 --> 00:31:30.600] Like, do you have an LLC right now versus kind of just being a sole proprietorship?
[00:31:30.600 --> 00:31:39.400] Do you have insurance like, you know, I forget what all the insurances are around a business because we have an operations person that hands that, but you know, there's like two or three types of insurance.
[00:31:39.400 --> 00:31:41.960] Do you have those from day one with zero customers?
[00:31:41.960 --> 00:31:43.240] Most people don't.
[00:31:43.240 --> 00:31:44.280] It's not to say you shouldn't.
[00:31:44.280 --> 00:31:53.440] I'm not giving you advice to not to, but that's kind of where we are: thinking about how far do we go to fix problems that may or may not happen at this point.
[00:31:53.440 --> 00:31:55.760] So thanks for that question, Kelly.
[00:31:55.760 --> 00:31:58.800] Our next question is another question about security.
[00:31:58.800 --> 00:32:04.880] This one's about security and compliance objections when bootstrapping enterprise SaaS.
[00:32:04.880 --> 00:32:10.960] Steven says, I'm building an app and the ideal customer I'm targeting works in sales at enterprise companies.
[00:32:10.960 --> 00:32:16.400] I'm trying to bootstrap, but one objection I'm encountering is that these enterprises have high bars for security and compliance.
[00:32:16.400 --> 00:32:26.160] For example, they expect any new vendors to have SOC 2 Type 2, ISO 27001, I don't know if I'm pronouncing that right, and/or GDPR compliance, ISO 27,001.
[00:32:26.160 --> 00:32:27.600] I don't know how you would say that.
[00:32:27.600 --> 00:32:29.120] 27001.
[00:32:29.120 --> 00:32:32.480] How have you seen bootstrap startups tackle these requests?
[00:32:32.480 --> 00:32:40.800] Even though they're not my ICP, would you just sell to SMB and mid-market until you had enough revenue to invest in these kinds of security audits?
[00:32:40.800 --> 00:32:45.920] I've seen all manner of approaches to this, but how have you thought about this?
[00:32:46.240 --> 00:32:48.880] Yeah, I think, so some of this is for my own stuff.
[00:32:48.880 --> 00:32:54.080] Some of this is just from talking to other Tiny Seed founders who have been sort of dealing with this lately.
[00:32:54.080 --> 00:33:00.480] But I think, one, I would try to assess how vital is having these formal certifications.
[00:33:00.480 --> 00:33:03.280] Like, how actually much do they care?
[00:33:03.280 --> 00:33:18.800] You know, like, could you potentially get by with a really robust set of security documentation and policy showing that you have an incident response plan and yada, yada, yada, all the different things, the policies that these formal frameworks want you to have in place.
[00:33:18.800 --> 00:33:24.400] Like, could you get by with having some of this stuff without investing in the full audit?
[00:33:24.400 --> 00:33:29.600] Maybe that'll get you still into your ICP, but you'll probably still deal with some objections.
[00:33:29.800 --> 00:33:34.280] But, like, is that enough to get started and maybe get your first couple customers?
[00:33:34.280 --> 00:33:51.000] And assuming you're charging a high enough price point, which this sounds like kind of true enterprise, so this should be hopefully a decently high price point, then that you could maybe use that to sort of then parlay into a more formal security audit to get formal certification.
[00:33:51.000 --> 00:34:01.400] The thing that I've learned from other founders who have, at a relatively small scale, actually gotten SOC2 certification is that it's not as bad as we make it out to be.
[00:34:01.400 --> 00:34:12.520] Like, yes, it's a lot of paperwork, it's annoying, especially us like impatient founder types, like have a real hard time slogging through a lot of paperwork that feels like security theater.
[00:34:12.520 --> 00:34:16.760] But like, in reality, it's not unattainable.
[00:34:16.760 --> 00:34:24.360] There's platforms like Vanta that have all of these documents that you're going to need for the audit, like all kind of catalogued.
[00:34:24.360 --> 00:34:37.320] You pay them for it, and then you get these checklists, and you can go through one by one and set all your policies and wire up all of your hosting platform for making sure that you have all the controls in place in your systems.
[00:34:37.320 --> 00:34:42.920] So there's a lot of kind of automated tooling around it, and then it's just the expense of paying for the audit.
[00:34:42.920 --> 00:34:45.720] And you generally get your own auditor for these things.
[00:34:45.720 --> 00:34:56.200] So you don't want to go too cheap to where people won't trust the audit that you have, but also, you know, you don't want to spend hundreds of thousands of dollars on an audit that's way too expensive.
[00:34:56.200 --> 00:35:01.160] So you need to try to find an auditor that's kind of within a budget range that you can accept.
[00:35:01.160 --> 00:35:06.600] But basically, I think this is more of a speed bump than a roadblock to use Rob Walling parlots.
[00:35:06.600 --> 00:35:16.320] And if you're truly selling to the enterprise where the price point supports it, then I wouldn't be too afraid of trying to get some of these certifications.
[00:35:16.640 --> 00:35:18.160] Yeah, I've seen a mix.
[00:35:14.840 --> 00:35:20.960] I'll be honest, we have some tiny seed companies that get it pretty quickly.
[00:35:21.200 --> 00:35:29.840] Some tiny seed companies take the money, our money, and put it towards SOC 2 because I believe the first initial is what, 20 to 30 grand, maybe.
[00:35:29.840 --> 00:35:32.000] And that's like a lot for a bootstrapper out of pocket.
[00:35:32.000 --> 00:35:34.480] But like, if you take tiny seed money, it can help you get it.
[00:35:34.480 --> 00:35:38.320] And if it really is an issue, it gets you a long way.
[00:35:38.320 --> 00:35:45.680] So, the second part of his question where he's like, would you sell to SMBs in mid-market, even if it's not in the ICP in order to kind of get enough revenue and prove it out?
[00:35:45.680 --> 00:35:46.640] I might.
[00:35:46.640 --> 00:35:47.680] Yeah, I might.
[00:35:47.840 --> 00:35:49.200] I would have to make that decision.
[00:35:49.200 --> 00:35:59.760] Like, if truly the enterprise is my end customer, and as you said, truly they are going to want SOC 2 or something, especially from a little no-name startup.
[00:35:59.760 --> 00:36:04.160] There's a reason because everyone's scared of data breaches and they want you to, you know, know you have it.
[00:36:04.160 --> 00:36:05.520] It's just, it's hard.
[00:36:05.520 --> 00:36:08.400] It is difficult to bootstrap a business when you need that.
[00:36:08.400 --> 00:36:28.640] And so most of the companies that I see, most of the tiny seed companies that I see thinking about SOC 2 who have not gotten it yet, it is because they have a kind of non-enterprise ICP that is building their MRR in the meantime until they can justify getting SOC 2 type 2.
[00:36:28.640 --> 00:36:32.000] If you never sell to enterprise and you don't need SOC 2, don't get it.
[00:36:32.000 --> 00:36:32.640] It's a pain.
[00:36:32.640 --> 00:36:34.240] You know, I mean, this is just my advice.
[00:36:34.720 --> 00:36:37.520] I should say I wouldn't get it if I didn't really, really need it.
[00:36:37.520 --> 00:36:44.240] Because as you and I both know, like we hate, you know, heavy process and just security theater.
[00:36:44.640 --> 00:36:47.440] It's not that bad, but it really is just like stuffed.
[00:36:47.440 --> 00:36:48.960] I didn't get into startups.
[00:36:48.960 --> 00:36:51.600] I didn't get into building my own company to do that.
[00:36:51.600 --> 00:37:02.280] But with all that said, generally, it's probably a good thing for the industry because it ensures that folks aren't just going willy-nilly and building AI prototypes and pushing it.
[00:36:59.840 --> 00:37:06.360] You know, I don't think you can get socked too on, you know, back to our first question.
[00:37:06.600 --> 00:37:10.520] So, yeah, it's a tough balance and it is kind of a bootstrapping conundrum.
[00:37:10.520 --> 00:37:17.480] Because if you raised funding, whether from Tiny Seed or Angels or whatever, and you're going into the enterprise, it would just be a no-brainer.
[00:37:17.480 --> 00:37:18.280] You just get it.
[00:37:18.280 --> 00:37:18.920] You just do it.
[00:37:18.920 --> 00:37:25.640] You spend a few months and you pay the money and you just do it because it will win you more deals if you're selling an enterprise.
[00:37:25.640 --> 00:37:28.360] The balance is: what if I'm not sure yet?
[00:37:28.360 --> 00:37:29.720] How do I know when to justify it?
[00:37:29.720 --> 00:37:40.840] And I think that's kind of what we're talking about: is like, yeah, I'd probably try to figure out if there is an ICP that can also use the product that's not in the enterprise, or you just got to go all in and make that decision.
[00:37:40.840 --> 00:37:52.440] Yeah, I've been doing HIPAA compliance framework for my new product line that's doing kind of appointment scheduling for medical is one type of customer where they value that.
[00:37:52.440 --> 00:37:56.360] So I think it has quite a bit of overlap actually with Zock 2.
[00:37:56.360 --> 00:38:04.920] But the nice thing about HIPAA is it's self-attesting, so you don't pay for an external audit or it's not required to basically claim HIPAA compliance.
[00:38:05.240 --> 00:38:17.640] But there's a bunch of controls that you want to have in place so that in the event that something happens and so that you can demonstrate to your end customers that we have all these controls in place to support our claim of HIPAA compliance.
[00:38:17.640 --> 00:38:21.400] But in general, I found a lot of these things seem like overkill.
[00:38:21.400 --> 00:38:24.120] They are overkill for the size company that we are.
[00:38:24.120 --> 00:38:30.200] You know, most of the default policies have eight different roles kind of by default in them.
[00:38:30.200 --> 00:38:32.400] So these are the responsibilities of the CEO.
[00:38:32.400 --> 00:38:37.880] These are the responsibilities of the IT manager, the VP of global sales, the VP of Global HR, the da-da-da.
[00:38:38.040 --> 00:38:41.560] And these are like the default roles enumerated in a lot of these things.
[00:38:41.560 --> 00:38:47.680] And in most, most cases, I collapse all of them down into these are the responsibilities of the CEO, you know?
[00:38:47.680 --> 00:38:53.840] So it's like clearly these things are kind of designed by default for larger companies.
[00:38:53.840 --> 00:39:06.400] But that being said, a lot of the practices that they're asking for are actually good things to have in place, you know, good, good kind of from a legal perspective and from a liability perspective.
[00:39:06.400 --> 00:39:13.600] So there are kernels of good in there, even though like it's well known that having SOC2 compliance doesn't actually mean that your product is secure.
[00:39:13.600 --> 00:39:16.240] It just means you've gotten the check mark.
[00:39:16.560 --> 00:39:26.000] But there's still good in there to infuse into the way you handle data, the way employees engage with it and all that.
[00:39:26.000 --> 00:39:27.360] So thanks for that question.
[00:39:27.360 --> 00:39:28.880] Hope it was helpful.
[00:39:28.880 --> 00:39:38.240] Our last question for the day comes to us from Misha on building a lasting culture with a bias toward action.
[00:39:43.040 --> 00:39:43.840] Hi, Rob.
[00:39:43.840 --> 00:39:47.760] This is Mike, frequent listener, occasional question answer.
[00:39:47.760 --> 00:39:49.680] So another question for you.
[00:39:50.640 --> 00:39:58.560] Building out a startup, it's growing well, getting friends to help us, looking to hire some engineers soon.
[00:39:58.640 --> 00:40:05.680] As we're doing that, one conversation we've had a few times is about building a culture with a bias towards action.
[00:40:05.840 --> 00:40:07.920] Bit of a corporate speak there.
[00:40:07.920 --> 00:40:12.000] It's a conversation that I've been part of throughout my career.
[00:40:12.320 --> 00:40:23.600] It's rare to find that in my experience, whether it's a large company or a five-person startup, there's no guarantee that that'll be the case.
[00:40:23.600 --> 00:40:29.760] So, how do you think about that being a conscious decision?
[00:40:29.800 --> 00:40:45.880] So, instead of focusing just on we're going to hire people who deliver over ship frequently or introgue for people who ship, but really thinking about the culture of the organization from the start, where we can focus on go-build stuff, go ship things.
[00:40:45.880 --> 00:40:47.560] You don't need permission.
[00:40:47.960 --> 00:40:51.080] Don't go breaking stuff, don't go break the law.
[00:40:51.080 --> 00:40:53.000] However, go experiment.
[00:40:53.000 --> 00:40:53.880] What are your thoughts on that?
[00:40:53.880 --> 00:41:03.880] What have you seen work as a, again, as a conscious decision by the founders and by the leadership of the startups, the companies that you've invested in, been part of?
[00:41:04.200 --> 00:41:05.320] Thank you.
[00:41:05.640 --> 00:41:09.400] All right, Eric, what are your thoughts here as someone who has a bias towards action?
[00:41:09.400 --> 00:41:21.560] It's interesting because oftentimes when I have a trait or when I have the urgency, a lot of founders do, it can sometimes be hard to get other people to do that because it's so intrinsic to you.
[00:41:21.560 --> 00:41:23.960] You're not even sure how I motivate them to do this.
[00:41:23.960 --> 00:41:31.160] So, I've given a ton of thought to this concept and idea over the years, but I'm curious to hear your thoughts first.
[00:41:31.160 --> 00:41:31.880] Yeah, yeah.
[00:41:31.880 --> 00:41:35.240] In my mind, it comes down to kind of two pieces, I think.
[00:41:35.240 --> 00:41:38.040] Like, how do you get this instilled into your company?
[00:41:38.040 --> 00:41:47.720] Well, I think it comes down to who you hire, what's the personality traits of those people and their past experience, you know, and also like what are the ways that you operate?
[00:41:47.720 --> 00:41:56.760] Like, it's one thing to say in like a mission statement, we bias towards action, but like, do the way you ways you operate actually align with that?
[00:41:56.760 --> 00:42:14.560] Um, so like on the on the who piece, I think the big thing is, like, I've found in talking to you know, developers who have worked for larger companies almost exclusively tend to have sort of this sort of slow, methodical way of operating, they err on the side of caution.
[00:42:14.280 --> 00:42:20.240] It's it's you know, create something, but then wait for full consensus and everyone to check off on it.
[00:42:20.400 --> 00:42:27.920] And it's kind of just this, it's the way you need to operate in a lot of larger companies because maybe they're more risk averse and that's just how they do it.
[00:42:27.920 --> 00:42:34.720] And I think that can be really difficult to work out of somebody to pull it out of their mind.
[00:42:34.720 --> 00:42:44.720] I'm not saying it's impossible, and maybe you're talking to someone who's like, I've worked in these environments and I hate it and I just want to be able to, you know, take initiative and move faster.
[00:42:45.040 --> 00:42:59.760] So that maybe you find someone who's been in large company environments and is kind of reacting against it and looking for seeing your company as like a breath of fresh air where they can actually stretch their legs and do their craft without all that ceremony and stuff.
[00:42:59.760 --> 00:43:05.200] But yeah, I think that's something really important to kind of suss out in just the who.
[00:43:05.520 --> 00:43:06.560] What are they motivated by?
[00:43:06.560 --> 00:43:07.520] What are they comfortable with?
[00:43:07.520 --> 00:43:15.520] Because I think there's a lot of people who maybe are just more comfortable in that larger corporate environment where there's a lot of safeguards and there's a lot of cross-checking.
[00:43:15.520 --> 00:43:26.240] And so trying to put someone who that's their DNA into your company, it's probably going to be tough to get someone to bias to action.
[00:43:26.240 --> 00:43:33.200] And then I think just the way you operate, like, I think it requires you to trust people a lot to take ownership of things.
[00:43:33.200 --> 00:43:36.960] And that's something I think you have to evaluate in yourself to make sure.
[00:43:36.960 --> 00:43:41.040] Like a lot of times, people who are biased to action also can be control freaks.
[00:43:41.040 --> 00:43:42.960] So I think that's something you have to be careful.
[00:43:43.200 --> 00:43:51.760] Like, are you hamstringing the people that you want to have trust in, and you want to give them a lot of leash to do things and move fast?
[00:43:51.760 --> 00:43:53.760] But are you trying to micromanage stuff?
[00:43:54.080 --> 00:44:02.360] Because that can counter against this narrative of like, we want to bias towards action, but I also want to maintain strict control over everything.
[00:43:59.760 --> 00:44:03.640] You're going to hamstring yourself.
[00:43:59.840 --> 00:44:04.680] So I think that's the other piece.
[00:44:04.760 --> 00:44:09.160] That one's more about you as the founder or as the person leading the company.
[00:44:09.160 --> 00:44:13.080] Like, are you actually allowing people to ship code?
[00:44:13.080 --> 00:44:16.520] Do you require multiple code reviews on every single feature?
[00:44:16.520 --> 00:44:22.520] If you do, you might be working against your desire to have biased action.
[00:44:22.520 --> 00:44:24.680] So those are just a few thoughts.
[00:44:24.680 --> 00:44:26.520] I had all of those written down.
[00:44:26.520 --> 00:44:29.000] Derek and I do not compare notes before we do these.
[00:44:29.000 --> 00:44:35.880] And oftentimes I make notes as you talk because I'm like thinking, you know, thinking out loud or thinking in my head, I guess in this case.
[00:44:35.880 --> 00:44:40.360] But I especially like the last piece you said of like, you can say you want a bias towards action.
[00:44:40.360 --> 00:44:42.440] Are you ready for people to make mistakes?
[00:44:42.440 --> 00:44:48.840] Are you ready for people to do things that you don't agree with or that you, you know, they took the action and you're like, why did you waste eight hours doing that?
[00:44:48.840 --> 00:44:50.840] And it's like, well, I was acting in the way I thought I would.
[00:44:50.840 --> 00:44:51.320] You know what I mean?
[00:44:51.320 --> 00:44:55.720] And so are you ready for there to be miscommunications or for you to lose control of things?
[00:44:55.720 --> 00:45:04.120] Because, and then that a lot comes back to who you hire because people's judgment, if they're going to have a bias towards action, you want their judgment to be good.
[00:45:04.120 --> 00:45:09.640] Because there are some folks we know, their judgment, just in general on certain areas, is just not good and they can't get out of their own way.
[00:45:09.640 --> 00:45:17.080] And I wouldn't want them to have a bias towards action at my company because I think the things that they're going to work on are not going to move the needle or are going to be misdirected, you know?
[00:45:17.080 --> 00:45:22.600] So similarly, I kind of broke it down in my head into three parts, two of which you said.
[00:45:22.600 --> 00:45:25.560] You said it's who you hire, and that was one of mine.
[00:45:25.560 --> 00:45:27.800] And then you said, it's how you operate.
[00:45:27.800 --> 00:45:41.080] I have who you hire, and specifically, just like you said, small companies, I have in parentheses, meaning I pretty much, if I run a five-person team, almost without exception, I will not hire someone from a 500-person team.
[00:45:41.080 --> 00:45:48.560] Just won't do it because retraining that culture, that thinking that there is no process, you have to do your stuff is so very hard.
[00:45:48.560 --> 00:45:54.480] And so, again, I say almost without exception, I want people from other small teams who have worked on teams of five to 20.
[00:45:54.480 --> 00:45:54.880] Period.
[00:45:54.880 --> 00:45:55.520] End of story.
[00:45:55.520 --> 00:45:57.600] And that kind of helps limit that.
[00:45:57.600 --> 00:46:06.880] You talked about how you operate, which came to this phrase that I wrote down, which was, you can't punish people for making mistakes if you want everybody to have a bias towards action.
[00:46:06.880 --> 00:46:11.040] Mistakes are not bad on their own because they show that people are moving in a direction.
[00:46:11.040 --> 00:46:19.280] Now, if someone makes either the same mistake over and over, or they're just constantly, again, this comes back to their judgment that they kind of are just always not doing things really well.
[00:46:19.280 --> 00:46:22.240] Well, then you made a mishire, you know, or you're not communicating well.
[00:46:22.240 --> 00:46:28.000] The other couple things that I thought about were communicating this on a frequent basis.
[00:46:28.000 --> 00:46:37.120] And you touched on this when you said if it's in a mission statement or a vision statement or whatever, bias towards action, or value, I guess it would be values, but it's like no one cares.
[00:46:37.120 --> 00:46:44.240] It's every week or every day or whatever, are you communicating that there is an urgency to what you're doing?
[00:46:44.240 --> 00:46:46.400] And actually, John Tedesco did a pretty good job of this.
[00:46:46.400 --> 00:46:51.200] He was the CEO who took over DRIP, I guess, after me and Clay Collins.
[00:46:51.200 --> 00:46:59.680] And he would say in the weekly meetings, like, every, we're going to start up, every month is like a quarter, every week is like a month, we got to get stuff done.
[00:46:59.680 --> 00:47:01.680] You know, he, that's how he communicated it.
[00:47:01.680 --> 00:47:02.640] I communicate it differently.
[00:47:02.640 --> 00:47:05.440] Like, the Tiny Seed Microconf team feels a sense of urgency.
[00:47:05.440 --> 00:47:06.160] They all do.
[00:47:06.160 --> 00:47:10.000] And I don't use that same metaphor that John did, but we all know we got to get stuff done.
[00:47:10.080 --> 00:47:13.120] The team is small and we're super, how do I say?
[00:47:13.120 --> 00:47:14.240] We punch above our weight.
[00:47:14.240 --> 00:47:15.360] You know, we're very efficient.
[00:47:15.360 --> 00:47:18.240] We do the work of a team that's twice our size.
[00:47:18.240 --> 00:47:20.480] There's an urgency because we're just getting it done.
[00:47:20.480 --> 00:47:26.240] And there's a constant communication of, here's the other thing: what we're doing matters.
[00:47:26.240 --> 00:47:40.040] If you are a mid-level developer, engineer, manager at Target or best buyer, general mill, whatever, I'm not trying to throw shade at any individual company, but just some big company of 5,000 people, you're often working on stuff that just kind of doesn't matter.
[00:47:40.040 --> 00:47:44.440] And how much bias towards action do you want to have when you just don't give a shit about what you're building?
[00:47:44.440 --> 00:47:54.360] The luxury, one of the luxuries we have as small companies is any individual person, engineer, whatever can have a huge impact and ship stuff to production and interact with customers.
[00:47:54.360 --> 00:47:55.240] And do you remember?
[00:47:55.240 --> 00:48:00.840] Like these days, like with Microcomput Tiny Seed, I say we're trying to multiply the world's population of independent, self-sustaining startups.
[00:48:00.840 --> 00:48:01.320] That's cool.
[00:48:01.320 --> 00:48:03.400] If you're on board with that, it's really fun.
[00:48:03.400 --> 00:48:04.440] That's the urgency.
[00:48:04.440 --> 00:48:05.800] And we communicate that often.
[00:48:05.800 --> 00:48:09.480] There's a vision there, it's an interesting problem, and there's urgency to get stuff done.
[00:48:09.480 --> 00:48:10.760] So there's a bias towards action.
[00:48:10.760 --> 00:48:15.960] But even with Drip, we were building email marketing software, marketing automation software.
[00:48:15.960 --> 00:48:17.000] Is that that interesting?
[00:48:17.000 --> 00:48:17.800] You know what?
[00:48:17.800 --> 00:48:21.880] The team, the 10 of us, you know, when we got acquired, people were really into it.
[00:48:21.880 --> 00:48:25.320] We were into it because there was something really interesting about being close to the metal.
[00:48:25.320 --> 00:48:27.000] We all believed in this scrappy team.
[00:48:27.000 --> 00:48:31.560] We were number 12 on Venture Beats or, you know, list of the best marketing automation platforms.
[00:48:31.560 --> 00:48:38.120] And we were like seven people in a closet in Fresno, and all the 11 ahead of us had raised tens of millions, if not hundreds of millions of dollars.
[00:48:38.120 --> 00:48:38.760] That was cool.
[00:48:38.760 --> 00:48:39.480] We were the underdog.
[00:48:39.480 --> 00:48:43.800] And there was something about the bias toward action was part who we hired.
[00:48:43.800 --> 00:48:45.800] You think of everybody on the team at that time.
[00:48:45.800 --> 00:48:47.960] And also, we just felt it.
[00:48:47.960 --> 00:48:52.680] We felt like we were doing something interesting and we were each of us making a difference.
[00:48:52.680 --> 00:48:59.320] And collectively, we were like making a dent somehow in the broader market that people were paying attention.
[00:48:59.320 --> 00:49:08.840] There was a feedback loop of like, you did something this week, and next week, like customers are raving or ranting about it, as the case may be, but at least we did something interesting, right?
[00:49:08.840 --> 00:49:10.440] So that's kind of a long way of saying it.
[00:49:10.440 --> 00:49:14.480] And I almost want to put all of the stuff I just said into Chat GPT and say, give me four bullets.
[00:49:14.720 --> 00:49:16.160] But you kind of, you know what I mean?
[00:49:16.160 --> 00:49:17.280] Like really summarize that.
[00:49:14.280 --> 00:49:21.120] But I think you touched on hiring and operationally, and I think both those are valid.
[00:49:21.280 --> 00:49:25.360] But I also would put forth that there's that vision and that interesting problem.
[00:49:25.360 --> 00:49:26.640] And SavvyCal has the same thing.
[00:49:26.640 --> 00:49:29.920] It's like, I'm building scheduling links and scheduling software.
[00:49:29.920 --> 00:49:35.840] And one could say, well, you could do that in a very boring way and be like, oh, cool, come work for us and build stuff.
[00:49:35.840 --> 00:49:39.520] But the people who work with you are like, let's do this.
[00:49:39.680 --> 00:49:40.480] Why is that?
[00:49:40.480 --> 00:49:46.800] Because it's cool, because they're making an impact, because it's fun, and because they see the customers using it, you know, there's this virtuous feedback loop.
[00:49:46.800 --> 00:49:57.840] Yeah, I think it's the like the people who are working with you should also be kind of enamored with this notion of being able to have an impact on your corner of the industry.
[00:49:57.840 --> 00:50:02.800] Like that's like, I think most companies out there would say that they're trying to have an impact.
[00:50:02.800 --> 00:50:11.440] The 5,000 person company, 10,000 person company, it's moving in a direction and it's making some kind of impact as it continues to chug along.
[00:50:11.440 --> 00:50:21.520] But when you're one of 5,000, one of 10,000, your ability to move the needle is very low versus being in a smaller environment.
[00:50:21.520 --> 00:50:28.320] And so I think that should be probably like top of the list on the reason why someone wants to join your team.
[00:50:28.320 --> 00:50:30.000] Like, do they care about that?
[00:50:30.000 --> 00:50:35.360] Because if they don't, then they're not going to be necessarily motivated by that.
[00:50:35.360 --> 00:50:42.320] And you need a lot of that motivation to move at the pace that's required on a really small company.
[00:50:42.320 --> 00:50:43.440] Good stuff, man.
[00:50:43.760 --> 00:50:46.720] So thanks for that question, Michelle.
[00:50:46.720 --> 00:50:48.160] I hope that was helpful.
[00:50:48.160 --> 00:50:54.240] Derek Reimer, if folks want to keep up with you, you, of course, are Derek Reimer on XTwitter.
[00:50:54.240 --> 00:50:58.000] And the best scheduling link on the internet is savvycal.com.
[00:50:58.000 --> 00:51:03.080] But give us an elevator pitch for the new functionality because you teased it in the episode.
[00:51:03.080 --> 00:51:07.000] And it's about its appointment booking, and that's different than scheduling.
[00:51:07.000 --> 00:51:14.280] And so, if you know, who should reach out to you, or at a minimum, should sign up if they're interested in kind of revamping their stuff?
[00:51:14.280 --> 00:51:31.080] Yeah, so something that we've been we've heard over the years is from people who are who are building something kind of like scheduling related in their business that requires them to take appointments from people, but they need to build all these custom flows around it.
[00:51:31.080 --> 00:51:37.000] And so they're not necessarily looking for an off-the-shelf SavvyCal meetings, meeting booking type of thing.
[00:51:37.000 --> 00:51:42.760] They're looking for more of scheduling infrastructure that they can weave into their platform.
[00:51:42.760 --> 00:51:50.360] And so we finally decided to tackle that problem in addition to our meeting scheduling software that everyone knows and loves, hopefully.
[00:51:50.360 --> 00:51:53.880] You know, we have this kind of new appointment scheduling software.
[00:51:53.880 --> 00:52:05.720] And we're trying to, in this initial rollout phase, trying to talk specifically to agencies that are building these types of custom flows that involve scheduling.
[00:52:05.720 --> 00:52:22.440] We've already onboarded our first customer and they're a fertility clinic that needs to take initial consultations from their website and they had this very manual process that involved calling the office and putting something on the schedule in the medical record system.
[00:52:22.440 --> 00:52:32.040] And so we worked with our kind of first agency partner to build this kind of custom intake flow that includes the SavvyCal appointments booking widget embedded right into it.
[00:52:32.040 --> 00:52:33.080] And it's gone well.
[00:52:33.080 --> 00:52:38.360] So, we're looking for more, basically, more people who are kind of building these types of projects.
[00:52:38.360 --> 00:52:41.000] Could be medical, could be for law firms.
[00:52:41.000 --> 00:52:47.600] There's a bunch of different, you know, types of kind of service-based industries that might be able to make use of this.
[00:52:44.600 --> 00:52:48.000] Amazing.
[00:52:48.160 --> 00:52:51.440] And if they want to reach out to you, what's the best way for them to get a hold of you?
[00:52:51.440 --> 00:52:52.720] Yeah, hit me up over email.
[00:52:52.720 --> 00:52:56.560] It's derek at savvycal.com, and I would, uh, yeah, I'd love to chat.
[00:52:56.560 --> 00:52:56.960] Amazing.
[00:52:56.960 --> 00:53:00.640] That's D-E-R-R-I-C-K at savvycal.com.
[00:53:00.640 --> 00:53:01.120] Yes.
[00:53:01.120 --> 00:53:02.480] Thanks again, Derek.
[00:53:02.480 --> 00:53:03.440] Thank you.
[00:53:03.440 --> 00:53:06.000] Thanks again to Derek for coming back on the show.
[00:53:06.000 --> 00:53:09.920] And thank you for sending in all those amazing listener questions.
[00:53:09.920 --> 00:53:17.200] If you have a question you'd like to hear us answer on the show, you can head to startups with the restofus.com, click ask a question in the top nav.
[00:53:17.200 --> 00:53:25.680] Video and voicemail questions go to the top of the stack, as well as more intermediate and advanced questions.
[00:53:25.680 --> 00:53:28.800] But we do get to all the questions at some point.
[00:53:28.800 --> 00:53:31.200] So thanks again for listening this week and every week.
[00:53:31.200 --> 00:53:35.200] This is Rob Walling signing off from episode 788.
[00:54:13.440 --> 00:54:18.000] Listener, you have found the hidden track of this podcast episode.
[00:54:18.000 --> 00:54:20.000] I am springing this on Derek.
[00:54:20.000 --> 00:54:28.400] He has no idea that he's going to be answering espresso trivia from frothy to hardcore.
[00:54:28.400 --> 00:54:29.600] It's going to be good.
[00:54:29.600 --> 00:54:29.840] Okay.
[00:54:29.960 --> 00:54:33.320] All right, let's do a few of these courtesy of Chat GPT.
[00:54:33.320 --> 00:54:38.040] So here's the best part: if it hallucinated any of the answers, you get to tell me, oh no, that's actually wrong.
[00:54:38.280 --> 00:54:39.720] But I asked it.
[00:54:39.720 --> 00:54:43.000] For folks who don't know, you are like, you're my go-to.
[00:54:43.000 --> 00:54:53.560] If I'm going to ask someone about espresso, about, you know, what is the perfect temperature for the, how many PSI should I tamp the you have like a manual espresso?
[00:54:53.560 --> 00:54:54.520] Am I saying this thing right?
[00:54:54.520 --> 00:54:56.040] Am I using the right terms?
[00:54:56.040 --> 00:54:57.000] Yeah, yeah.
[00:54:57.000 --> 00:55:01.880] Like a like a miniature version of a of an espresso machine you'd see at a coffee shop.
[00:55:01.880 --> 00:55:02.600] Got it.
[00:55:02.600 --> 00:55:08.520] So like super legit and you make the best lattes I've had at someone's house.
[00:55:08.520 --> 00:55:09.160] All right.
[00:55:09.480 --> 00:55:10.360] First question.
[00:55:10.360 --> 00:55:13.000] This goes from easy to hard.
[00:55:13.000 --> 00:55:20.360] What is the name of the creamy caramel colored foam that forms on top of a properly pulled espresso shot?
[00:55:21.000 --> 00:55:22.680] What is crema?
[00:55:23.320 --> 00:55:24.840] Yeah, Alex.
[00:55:25.160 --> 00:55:26.360] Alex, what is crema?
[00:55:26.600 --> 00:55:27.720] Yes, indeed, sir.
[00:55:27.720 --> 00:55:28.680] Ding.
[00:55:28.680 --> 00:55:32.360] That gives us one correct answer.
[00:55:32.360 --> 00:55:37.080] What's the ideal brew temperature range for extracting espresso?
[00:55:37.080 --> 00:55:39.160] You can answer in Fahrenheit or Celsius.
[00:55:39.160 --> 00:55:39.720] I have both.
[00:55:39.720 --> 00:55:42.200] Or Kelvin, and I can do the conversion.
[00:55:42.840 --> 00:55:44.120] Add 50,000 to it.
[00:55:44.440 --> 00:55:45.080] Exactly.
[00:55:45.640 --> 00:55:47.640] 273, I believe.
[00:55:47.640 --> 00:55:48.280] Yeah.
[00:55:48.280 --> 00:55:48.760] Okay.
[00:55:49.000 --> 00:55:55.560] I'm trying not to cheat right now because if I look across my office, there's a little readout that's blinking the temperature.
[00:55:56.200 --> 00:56:03.640] It's like the PID unit that constantly keeps a constant temperature in the boiler.
[00:56:03.960 --> 00:56:04.760] And this has a range.
[00:56:06.120 --> 00:56:12.600] This has a range of 10 degrees, but you could, if you name the exact middle of the range or something, and the park, I think we could do it.
[00:56:12.600 --> 00:56:18.800] This is somewhere around in the high 190s to 205, something like that.
[00:56:18.960 --> 00:56:19.360] There you go.
[00:56:19.360 --> 00:56:19.840] Perfect.
[00:56:20.160 --> 00:56:24.880] It says between 195 and 205 degrees Fahrenheit.
[00:56:25.520 --> 00:56:33.920] For those of you anywhere in the world but the U.S., that's between 90.5 Celsius to 96 degrees Celsius in case you were curious.
[00:56:35.200 --> 00:56:36.080] Very good, dude.
[00:56:36.080 --> 00:56:37.600] That's two out of two so far.
[00:56:37.600 --> 00:56:41.600] What's the generally accepted pressure in bars?
[00:56:41.600 --> 00:56:43.920] It says, but you can do PSI if you want.
[00:56:43.920 --> 00:56:48.640] What's a generally accepted pressure used for extracting espresso?
[00:56:48.960 --> 00:56:51.680] I want to say it's around 15 bars.
[00:56:51.680 --> 00:56:52.640] I have nine.
[00:56:52.960 --> 00:56:53.280] Nine?
[00:56:53.520 --> 00:56:54.320] Nine bars.
[00:56:54.320 --> 00:56:54.800] Yep.
[00:56:54.800 --> 00:56:55.360] Yeah.
[00:56:55.360 --> 00:56:56.000] Okay.
[00:56:56.000 --> 00:56:56.640] All right.
[00:56:56.640 --> 00:56:58.560] Maybe we'll do one more.
[00:56:58.880 --> 00:57:00.400] I mean, is this even fair?
[00:57:00.400 --> 00:57:01.760] Do you know espresso history?
[00:57:01.760 --> 00:57:06.160] Which Italian company is often credited with inventing the modern espresso machine?
[00:57:06.720 --> 00:57:07.680] Yes, that's what you guess.
[00:57:07.680 --> 00:57:08.640] La Marzoco?
[00:57:09.360 --> 00:57:10.800] La Pavoni.
[00:57:10.800 --> 00:57:11.360] Okay.
[00:57:11.360 --> 00:57:11.760] Yeah.
[00:57:12.080 --> 00:57:13.040] Let's count that one.
[00:57:13.040 --> 00:57:14.720] That one feels like it's like, I don't know.
[00:57:15.040 --> 00:57:23.040] What's the recommended weight range in pounds or kilograms for tamping espresso to ensure even extraction?
[00:57:23.040 --> 00:57:24.480] 30 pounds of pressure.
[00:57:24.480 --> 00:57:25.440] There it is.
[00:57:25.440 --> 00:57:30.640] Ladies and gentlemen, this is why Derek Reimer has a permanent guest spot on Startups for the Rest of Us.
[00:57:30.640 --> 00:57:32.000] It's not that.
[00:57:32.160 --> 00:57:34.080] I thought I was going to make you lose my espresso cred.
[00:57:34.560 --> 00:57:36.240] I was a little nervous.
[00:57:36.640 --> 00:57:37.360] Really sweating.
[00:57:37.760 --> 00:57:39.760] I just throw things at you without even telling you.
[00:57:39.760 --> 00:57:46.800] You know, all the startup knowledge that we've just shared in this episode doesn't compare to what you've just dropped to all the listeners.
[00:57:46.800 --> 00:57:48.160] Thanks for participating.
[00:57:48.160 --> 00:57:48.880] It's good stuff.