SBenegaL

Blog

  • Interview – SecurityXploded.com

    Sachi: Good evening. Today we have with us NagareshwarTalekar who runs the community website called SecurityXploded.
     
    Nagareshwar, could you please begin the interview with a brief introduction about yourself and then explain what SecurityXploded is about?
    Nagareshwar: Thanks, I am a Computer Science Graduate from KREC – Surathkal of the 2004 batch. I joined Novell before moving on to Citrix where I worked on virtualization technology.
    Since my college days, I used to do a lot research and publish articles in sites like Codeguru, Codeproject etc. Most of the tools I built during that time were all free. I grew more passionate about this, I felt I would need to have a portal of my own where  I could share the work I did – so I finally launched my own website – the primary objective being to share the research work which revolved around reverse engineering and security tools. The site was named – SecurityXploded.
    The first tool I wrote was – “FirePassword” which was incidentally the first password recovery tool for Firefox, I then wrote another tool, FireMaster to recover the master password of Firefox. I would constantly add tools to this website based on the reverse engineering – so the website continued to grow.
    I was more involved in Reverse Engineering stuff figuring out hidden things under Windows, undocumented stuff and write tools around these discoveries to make the system better.For example: One of the tools I developed was the ProcHeapViewer – whichcan enumerate process heap memory on Windows  much faster than the documented API functions – reducing the time from 20-30 minutes to just 10 seconds!
    This quality work began getting attention from a lot of people. The users were steadily rising.
    Around the same time, the work at Citrix was draining a lot of my energy and I couldn’t focus my energies on my passion of reverse engineering and tool development – This was around 2010. Around the same time – the movie “3 Idiots” inspired me to make the choice of taking this passion fulltime.
    I guess the timing was also right – I had completed 7 years of corporate career; I decided to go full time to work on SecurityXploded and also had intention to run a Startup later on if things go well. That is when I decided to quit my work at Citrix.
    I made this my first priority to complete the tools in my long to-do list and began working full time on it. These helped the website rating increase too –We grew from “Alexa Rating” of top 500,000 websites to coming in the top 100,000 websites.
    Today we also promote a lot of local and international security conferences bringing more focus and success to these events.We also have local monthly meets along with other security communities such as null, g4h, owasp etc. Since this January we have also started a free training on ‘Reverse Engineering & Malware Analysis’ delivered by experts from corporate firms and some of our core team members. This is extremely beneficial for anyone either students or professionals working in this field.
    Sachi: Tell us more about building community and how challenging it wasto start with?
    Nagareshwar:  Looking at the work I was doing, my friends approached – then some more people to put their stuff on the website. But that time it was more of personal knowledge sharing site. Then it stuck me that I can make it like Community Website where other passionate folk’s mainly young security geeks can showcase their work. It can not only help them to utilize the popularity of the website but also take their work to wider audience in shortest span of time.
    So I transformed it to a Platform for contributors to freely publish their work.To make it easy for the contributors, I adopted detached model (rather than volunteer-ship) where they neither have to work for SecurityXploded nor have any commitment from their side.
    The intension was never to increase the contributors, but to help youngsters get early recognition and grow at the international level. Today we have instances where people have got very good jobs having put up their work on the website. We cannot take the complete credit for this but it has definitely helped them to grow from no-one to some-one. That makes the difference!
    So we are not like any community that runs on numbers and volunteers – this model mostly works as a medium to inspire youngsters to aspire for more – become role models for others. This is where I derive my satisfaction and motivation to live for another extra day J
    This website has taken a lot of my effort into it – it is not easy. For Example: When someone submits and article, I proofread it, fine tuneit, add graphics etc–giving it that professional touch. This makes the article look far more professional than the original one. This takes a dedicated 4-5 hours of effort from the draft to final article. At the end of the day it is worth it.
    Some of the contributors are now part of our core management team and they work on Training, leading local meets etc. All these efforts have immensely helped us to cut across the Indian boundaries and to grow at international level with strong community support.
    Sachi: Your site operates on a completely free basis – so the consumes of your website have given extremely good testimonies to signify the work you are doing. Could you explain a bit about that?
    Nagareshwar: Currently, the portal contains tool written by me as well as other contributors. I specialize in writingtools; I can write tools faster than writing an article. Of course excluding the research work which takes significant amount of time.As of today we have over 80 security tools, nearly 70 of them developed by me alone. Some of these are also comparable to professional software from Elcom Soft. A major portion of these are password recovery tools, and most of the users are from the US, Europe and India. Over the last year, the downloads have also increase in line with the growth of the site ranking.
    Our tools are recognized & published by leading downloading sites like Softpedia, Brothersoftetc and given 5 star rating, editor pick awards etc. Around 5 of the tools have crossed over 100,000 download mark. Our best tool, Facebook password tool has crossed over 800,000 downloads in just 14 months! Imagine if we had charged $1 for each download and assume 10% conversion – we would have been far wealthierJ.
    Our users are either home users or professionals spanned across the world, but last year we had one special person – who works in Forensic investigation at Police Dept of Delaware County, USA. He wrote to us thanking for our Password Recovery tools and how they have helped in his forensic investigation. That was one of the special moments and he later sent us testimonial also which is featured on our site. Another memorable testimony was from the president of CompUSA – for our SpyDLLRemover tool. We have also received nice words from couple of security community founders citing our good work.
    These testimonies inspire and keep us on our tows all the time.
    Sachi: Your website operates on a completely free model, and you haven’t worked for the last one and half year. How do you manage your finance?
    Nagareshwar: Yeah, frankly it has been difficult period. It is not easy to convince people at home – saying you are on our own, running a community etc. especially in the Indian context. More than the money part, convincing at home was most difficult task and people are still not convinced.
    I had planned that; this activity would take substantial amount of time and so had been saving for a while. I am not married Jand have noother financial liabilities too. The internal urge was getting stronger, and I knew I had to jump in full time at some point. I expected it to be difficult and had planned my finances for a year or so.
    At the SecurityXploded end – the major cost for us was the hosting – it doesn’t come free. Initially I paid it from my pocket, but later on it become difficult when last year we moved from shared hosting to dedicated-hosting. Now the advertisements and promotions help us to cover the hosting cost.
    It is the satisfaction at the moment that I derive. And finally what goes around comes back around.
    Sachi:  You have been doing this for the past 4-5 years, it takes a passion to do something like this.What drives the energy for you?
    Nagareshwar: Yes it has been nearly 5 years. Initially, it was a difficult especially when you try to manage your full time job along with it.
    The sort of reverse engineering I do, generally goes for days often weeks together –you constantly concentrate on the binary numbers on your screen.Once the research work is completed, it will lead to new tool or article. This takes a lot of work and energy. It is primarily the passion that has kept me kicking all these years. Inherently I am blessed with lot of energy and passion that drives me to do things – I guess it’s a God’s gift to me which helps me keep running.
    Sachi: What is your message for aspiring entrepreneurs?
    Nagareshwar:  The most important is – pursue your passion.
    An entrepreneur needs to look beyond the monetary gains. An enterprise cannot be built with only money as the motive. You would have to be passionate and believe in your ability to pull off things that you dream of. Only this can help you sail in the tough times and surge ahead!
    Sachi: Thanks Nagareshwar, thank you once again.

  • Why do we require organization?

    In the last blog we
    began our journey towards understanding the various organizational economic
    theories. In today’s blog we initiate a discussion on “why organizations
    exist?”
    For many this
    question would raise some odd feeling – Why even as such a question? We know
    organizations exist, so why did into this at all? It is important to understand
    this question – since in many ways this forms the starting point of
    organizational analysis and there by organizational economics.
    We shall begin
    attempting to answer this question with Adam Smith’s insight that – economy
    could be coordinated by a decentralized system of prices – “the invisible
    hand”. Economics post this aimed at identifying the necessary conditions
    for the effective use of the invisible hand, and designing changes in these
    settings where the conditions are lacking. Continuing on the same lines, it
    would be interesting to ask – since the market is so effective in coordinating
    economic exchanges why would we ever need firms to manage this?
    The answer to this
    question of the existence of firm was provided for the first time by Coase (1937)
    who suggested that sometimes the cost of managing economic exchanges across
    markets is greater than the cost of managing economic exchanges within the organizational
    boundaries. – This argument essentially placed “transaction costs” at
    the center of the analysis of the reason for firm’s existence. In a way the
    theory put markets and organizations as alternatives to managing the same
    transaction.
    Over the next few
    blogs we look at understanding the various theories that fall into this stream
    of organizational economics

  • Organizational Economics – and streams

    In the last blog, we discussed about the reduction of “transaction cost” if there is a trust that is built between the firms. The term “transaction cost” has been discussed multiple times thus far, and it would be apt if we describe the term – starting from this blog we begin a discussion on “organizational economics” that would continue over the next few blogs. The primary resource for our discussion over the next few blogs would be a chapter from the book “Handbook or organizational studies – S R Clegg, C hardy and W R Nords from Sage publications”. In this blog, we look at the understanding the nature of organizational economics since the term is pretty new to most readers. 
    Organizational Economics is a type of organizational analysis that generally relies on equilibrium analysis, assumes profit maximizing managers and uses abstract assumptions and models, but having said these we always would find exceptions to this. The real underlying commonalities in all the theories of organizational economics are 
    1. The interest in structure, functioning and implication of firms
    2. Relation between competition and organizations
    3. The probability of organizational survival
    Having said that competition is a subject matter of interest, it doesn’t preclude discussion on cooperation within and between firms. For the sake of study, literature on organizational economics has been classified into following streams
    1. Transaction cost economics
    2. Agency theory
    3. Strategic management theory
    4. Cooperative organizational economics
    We shall discuss these 4 streams and the theories in them over the next few blogs.

  • Role of Trust in an outsourcing scenario

    In the last blog, we looked at the possible reasons that could prevent a company from choosing to go ahead with outsourcing. In the current blog, we look at how the alignment of the economics related to outsourcing would change when one begins to consider the factor of trust.
    It is common knowledge that Airtel has outsourced most of the network tower maintenance and equipment setting up to companies like Ericsson and IBM. Does it change anything in the equation when we have a pretty well known company to partner with? A careful look at the detail and we would begin realizing the benefits possible.
    I read the following on a recent update on facebook status – “Trust is like an eraser, it becomes smaller after each mistake” I guess it’s also true that every time we adhere to what was promised the trust would grow! The brands we know today are not just a marketing head start – it is a good match of what was marketed with good operational execution. – IBM and Ericsson have built the brand this way.
    When Airtel gets into an outsourcing agreement with these majors towards implementing the network – Airtel doesn’t have to really worry about hedging the opportunistic behavior to a great extent. A history of acceptable behavior by an organization generates a reputation of trustworthiness; this intern creates confidence in the companies that align with the organization. The trust that the 2 parties have on each other reduced the otherwise high “transaction cost” associated with such an outsourcing. 
    In summary, it makes a lot more sense for a company to build a reputation – as a hedge against the possible opportunistic behavior. This reduces the transaction costs the 2 parties in the outsourcing would have to incur.

  • When not to consider outsourcing


    In the last blog, we looked at the risk of possible opportunistic behavior in an outsourcing scenario. In the current blog, we look at some of the reasons why the organizations would have attempted to avoid outsourcing of tasks in spite of the economic benefits that the company would gain.

    We can identify 3 possible reasons for companies to stick to carrying out these tasks in-house instead of outsourcing:

    1. Knowledge Spillover
    2. Poor performance by the supplier 
    3. Retain and Build competency for long term competitiveness

    Companies generally use contracts to ensure that the outsourced tasks could be forced, however there are many scenarios where some tacit and complex knowledge would have to be revealed to the supplier – the company that has outsourced the activity incurs the risk of such information being leaked to the competitor – this is one reason where outsourcing is not preferred. However making a sweeping statement wouldn’t be appropriate – it is again dependent on the industrial context. While in the Indian advertisement industry companies do not engage the same agency, it is pretty common for the large competing companies to engage the same consulting firm (obviously for reasons the teams working would be different on these projects)

    Companies would also consider doing the task in house when poor performance by the supplier has the potential to damage other organizational resources. If companies find that food served in the cafeteria has been the reason of displeasure of its employees, there have been instances where the change of these companies has been extremely frequent and in some cases the company has initiated the step of getting the cafeteria managed in-house!

    The third point of retaining and building the resources that the company feels are important for the long term survival is pretty obvious. It doesn’t need any great depth of explanation. The critical interdependence of the tasks of a company is important considerations that a company would consider while making an outsourcing decision.

  • Entrepreneurs’s Interview – Sen6

    Sachi: Good evening, today we have with us Smruti Parida. He is the founder of this company called Sen6 networks along with his batch mate from NITK Suratkal – Vinuth
     
    Welcome Smruti to this interview. Could you please let us know your background and then tell us about your company?
    Smruti: Hi, my name is Smruti; I am computer science graduate from NITK Suratkal, from 2005 batch. Immediately after my graduation, I was joined United Online.
    United Online was a small 400 people company in Hyderabad which works in the area of email protection, spamming etc. For two years, it was a very good experience working on the basis of internet infrastructure; and definitely a high learning phase. I really experienced the potential of internet and its ability to bring convenience on a scale unthought-of.
    After this, I moved on to Microsoft, where I worked for 3 year; I had the opportunity to work on “Bing” – the search engine. While working on this project I understood the way in which large projects are handled – how the efficient strategies could help achieve significant results. These learning were always happening.
    I also began thinking – what does ambition mean for me? What would be my vision for life etc? After 5 years of working for these companies, and thanks to circumstances – I decided to take the plunge into entrepreneurship.
    Along with my cofounders, I started Sen6. The idea of Sen6 has changed since the initial thoughts we had. All of us cofounders were technical people and with a background in internet technologies. We firmly believed that internet had the potential to break barriers and make people act smarter and more productive. Since one of the cofounders had an inclination towards arts, we decided to start working with this focus. Our objective then focused on empowering the artist so that the artists in remote areas can reach out to the rest of the world easily. We now envision ourselves as creating an e-bay like platform for Indian art.
    Through this platform we would be democratizing the whole art scene in India and get to the forefront many talented artists and their original works which are inaccessible otherwise. The platform would attempt to put the middlemen and advisors, consultants etc – this could thus disrupt the existing structure and make the whole scene transparent.
    Sachi: You told your cofounder was instrumental in getting to operate in this domain, Could you just tell us about how you met your co-founder and how it started off?
    Smruti: I didn’t do too much homework in choosing the cofounder – he was my batch-mate at my engineering college. Both of us joined United Online together and while there, we were also housemates.
    We found that our frequencies matched. We tried doing things part time, however since our interest would quickly shift from one to another, we failed. That is when both of us came to the understanding that starting off something would be only possible when we are full time on it.
    While there could be an analytical way to find a co-founder, for met it is the pre-established connections that helped. We used to complement each other well and that was something that helped find the right team for us.
    Sachi: Since you operate in the business that deals with Art Industry. Could you just brief tell us art and how the art work?
    Smruti: I would be very frank that we do not understand art industry completely. The understanding we have got is by reading, meeting artist, and people who deals with architect, interior designs, art galleries etc. So we would like to say that our understanding could pretty much be wrong but I shall talk about the problem we address.
    The consumers of art could be at any place, at your home, hotels, resorts, or art gallery – where you see paintings. It is generally the interior designers who really get these art pieces into these places. The kind of art that these interior designers get is called affordable art. But still art in general hasn’t been accessible to common people.
    One of the reasons for this is that Artists are generally not the people who would like to market their work – they are happier exploring their skill. There are people who purchase art at a value which is much lesser than the market value of the art and make profits out of the deals. The price differential between the 2 is extremely broad.
    There are lots of middle men who operate in this business, and generally art continues to remain accessible only to a small set of people. We want art to be accessible to common man – we do not want art to be considered as something that could decorate the walls of your home. There is lot of very talented artists whose work doesn’t get recognized – primarily due to the accessibility or lack of discovery platform. We want to be that discovery platform.
    Reports say there are nearly 30,000 not so noted artists and trough the online platform we intend to give them a larger customer base to derive value for their art pieces.
    Sachi: In the last one and half year of operations, what has been the major learning? Do let us know some of the major mistakes you have done and how you overcome these?
    Smruti: If I am to look back and think if the work that I have done this far – I feel I have taken longer than usual to accomplish this.
    One of the initial mistakes was with us taking a long time to open up our minds – As said earlier, we were technical people and when starting off a business it requires a complete change in the thought process. It took us quite some time to get this realization. It would be of enormous help if this mindset shift occurs before you start your business.
    As a business man, you would need to get to meet various people; understand their minds and only then will you realize that the way your consumers perceive your business. You need to be a salesman of sorts. In our case, we had to meet a lot of interior designers who are comfortable with the current way they do their business, then you go to them and talk about the platform which has features they might not need! You need to be persuasive, and not expect that things would happen naturally. It always helps if you can make a strict routine.
    What we had done was building the product that we believed had to be the best in the world – but we now feel it would have been better if we began entering the market and showcasing the platform to people much earlier. Dividing the work and continuously being persuasive is what we learnt in this exercise. We are now smarter with this experience.
    Having said that, as an entrepreneur, one is generally curious and wouldn’t follow the book; it is only when he has attempted and learnt from the mistake that he really learns it. It is really this characteristic that differentiates them.
    Sachi: Your business has 2 parts to bridge – one is the artist and the other is the purchaser of these art pieces. How did you go about bridging this?
    Smruti: It wasn’t really a big problem for us, since our business was attempting to get a business model that had worked in the west, it was useful to learn from their experience and use it into the Indian context.
    We found quite a few Indians who use these international websites to sell their work – we wrote to them and able to get them signed onto the platform. The appreciated our efforts to target the Indian Market. There are nearly 5 lakh other people across the world who also used the same platform and when we started sen6, they felt there could be a good recognition for their creations.
    Given our culture and traditions, only an Indian could understand and appreciate Indian Art, the larger western audience couldn’t appreciate this to a large extent. So this problem wasn’t a very difficult one.
    Sachi: How did you get through to the paying customer?
    Smruti: Once the artists signed in, they asked their regular purchasers to use this platform to make the purchase of their art. So the initial set of our orders were received that way.
    We did some online marketing through Google Ads, Facebook etc and these campaigns helped us get a few more orders.
    We are currently working on building a B2B connect for the online portal.
    Sachi: How would Sen6 be in say three years time?
    Smruti: Our study indicates that there are 30,000 artists in India who constantly generate new art, so we are targeting having around 15,000 of these artists on this platform.
    We want to create a brand for our self in the home-buyer section of the business through the convenience that Sen6 intends to provide.
    We also want the large B2B buyers using sen6 for their business and professional needs.
    Sachi: the customer of you platform could be anywhere across the world, how do you manage the logistic if you do manage it?
    Smruti: Currently we operate only in the re-production print and fine art prints of original works business and not in the original painting sales. This is to keep our self in line with the affordability focus we have. In this model, the digital copy resides in our secure store and when a sale is concluded, we take care of printing and shipping the product. We accept the payment and then transfer the artist his share with a 15 day time period.
    For original painting, the costs of these would be much higher and we would handle the logistics when we get into this segment of the market. Currently we are staying away from this.
    Sachi: What is your message for the aspiring entrepreneurs?
    Smruti: If you are aspiring to be an entrepreneur, this is probably the best time for that in India. If you have a curious mind, you will find lots of problems in India, which need to be solved. Be patient and continue perusing – you will definitely make enough money – and in fact even more than what you could have earned otherwise in a job. It is all about taking the bold step of leaving your comfort zone and coming out. And then keep learning, be courageous, know your mistakes and adapt to the changes.
    Sachi: Thank you Smruti, for coming down to this interview

  • Risk of Opportunistic Behavior in Outsourcing model

    In the last blog, we looked at how Outsourcing enables a diversification of risk for a supplier company amongst its customers. In the current blog we continue this discussion of supplier and consumer in the context of outsourcing but moving beyond the benefits and considering the case of an opportunistic behavior by the customer.
    Many a time, when it comes to the decision of making it in-house or buying it from outside – we rush through our decisions. Is there a possible framework for these things? Yes there is definitely when you consider the whole process in economic terms – however that is not what we shall discuss here – In case someone might be interested in this, it is best to read the whole paper “Outsourcing: Practice in search of a Theory – by Prof Sourav Mukherji and Prof J Ramachandran”. In this blog we focus on the possibility of an opportunistic behavior in an outsourcing transaction.
    A specialized supplier would be more efficient at producing than the organization producing it in-house. The underlying premise is that there would be a strong binding contract that could be well enforced. However if there is lot of information asymmetry, uncertainty and almost no competition, the transactions might not get through pretty well. It is in these situations that the opportunistic behavior – “self seeking behavior with guile”. This would also need to be factored in while drafting the contract.
    In a supplier makes a “transaction specific investment” to meet the buyer’s demand then the possibility of opportunistic behavior is higher. The supplier in such situations where he makes a transaction specific investment would ask for a price premium over the competitive rates to guard himself from the opportunistic behavior. 
    So the next time you intend to look out at an investment that is transaction specific do look at the possibility of an opportunistic behavior and hedge yourself.

  • Looking at Outsourcing from the angle of risk

    In the last blog, we looked at outsourcing from the ability of the organization to leverage the resources for the better. In today’s blog we look at the concept of outsourcing from the aspect of risk.
    To understand this, let’s begin with a small example. Let us assume a bank decides to set up a small team towards building a system to handle all the banking related tasks that could be automated. The estimated time for the project for a team of 100 people was 20 months. Around 6 months after starting off the project, there is a huge banking slump and the bank now has issues which threaten its very existence. The project of computerization of its activities invariably would take the back seat. If the software system being developed was done by a larger software company – the risk of the banking slump wouldn’t be too high for the software company. The software company possibly has a larger portfolio of clients and would be able to manage these sorts of risks better than the bank that took up the project of developing the software system in house!
    To summarize the learning – a supplier aggregates demand from multiple customers and therefore can diversify risk better than the customer can on their own – creating higher value for the customers. The supplier’s ability to aggregate demand across businesses and industries would have to be a set of uncorrelated risk profiles. This uncorrelated risk profiles of the suppliers create a portfolio of companies which resemble in many ways to a mutual fund. The fund mitigates the unsystematic risk of an organization or an industry by associating it with customer-portfolio diversification.
    An organization would have to think if would increase its risk by keeping the function in house or would be better off by outsourcing the function.

  • How outsourcing assists organizations leverage their resources better

    In the last blog we looked at the access to resource that outsourcing enables. In today’s blog we look at how organizations are able to better leverage their existing resources and there by create an advantage for themselves.
    To understand what resource leverage means, let’s begin with a small example – having almost every established company today has an HR department within itself – catering to the various human resource related issues. Some leading organizations today have looked at their human resource department more from a value adding angle and have decided to outsource of the non-value adding aspects. Pay roll processing for example is an activity of the HR department, however this is one aspect that is extremely standardized but still consumes a lot of time. These sorts of activities are now being outsourced to other companies offering these sorts of services; this doesn’t just add in the lower cost factor but frees the HR department of these large organizations towards addressing the more challenging tasks that are more organization specific say – cultural transformation or building the leadership pipeline etc. 
    In the above discussion we saw that in addition to cost minimization, the companies have now begun looking at the task that could be outsourced as a value-maximization perspective. By outsourcing the “non-critical” functions that the organization performs, the organization sharpens it focus, channelizes the resources it has towards achieving excellence in the “crucial” functions. 
    This ability of organizations to leverage their resources also provides a long term benefit of channelizing the research in the crucial aspects of business and gain a competitive advantage of the future.

  • Resource Access as a reason for outsourcing

    In the last blog, we attempted to understand the rationale of outsourcing from the dimension of cost minimization. In today’s blog we look at the second dimension of the logic of companies outsourcing – Resource Access.
    To understand this aspect of resource access, let’s assume a product company is intending to enter a new market territory. When a company makes at attempt to enter this new territory it has 2 primary tasks to take care of 
    • creating the brand awareness
    • having a good support of the distribution network

    If the company is to be really successful in the new market, both these aspects have to be dealt along well. What the company would always aim to do is to enter the market quickly – its focus would be a very short time to market – and it is this that would be the key to its success. If the company attempts to do both the tasks in-house, it is extremely possible that the business could be slower to enter into the market! So it is seen that companies find logic to outsource one of these 2 tasks from its kitty. 
    In outsourcing of such a nature discussed above, it is also that the company is able to access the resources that their partner company would have already created. This could potentially give rise to a win-win situation to both the parties involved in the outsourcing agreement.
    There is also another dimension, if we have a careful look at the possible reason for outsourcing. Though might not be the case with all outsourcing of the nature of resource access – in some cases it could be seen that the resource these companies would need to use for the specific task is only transient in nature. It would definitely be efficient to outsource a sporadic or one-off activity given that the recovery of the overhead expenses could be difficult when conducted in-house