A Day In The Life of an Entrepreneur

AI Generated Summary

This podcast interview from LeaderSpeak’s “A Day In The Life of an Entrepreneur” series features Anant Shrivastava discussing his journey into cybersecurity, certifications, entrepreneurship, and career advice.

Guest Background

• Anant Shrivastava: Contributed huge amount of efforts to NULL community, OWASP, and many more
• Journey described as: “A notebook, not a playbook”

Key Topics Discussed

Journey into Cybersecurity:

2010 - The Turning Point:

• Relooking at: Where am and what do next
• Time frame: Kind of had two years time frame in company
• Wanted to see: Where next gig could be
• Anyways doing: Server admin work
• Anyways defending: Systems
• Thought: “Okay what is other side of equation? What else is there?”
• Didn’t want: To be programmer, didn’t want to write code all throughout day - “That’s not who I am”
• Jumped in: Joined company where did bunch of SOC-related activities
• Log monitoring automation: Was always backbone
• Lot of automation work: Went in that company also
• In that process: Moved and realized “Okay yeah this sounds interesting, more challenging, more fun”
• That’s kind of: Start of journey
• Since 2010: Have been into information security industry

Certifications - The Spiciest Take:

CISSP is Worth Doing:

• Spiciest take: CISSP is worth doing
• Lot of people: Not going to agree to it - “Hey what load of crap, should not be suggesting CISSP”
• Look at it: On very basic level
• What is CISSP?: Tool which actually does not teaches anything
• But gives visibility: Into every single keyword that normal lay person needs to know about information security
• For lot of job profiles: Just knowing that these keywords exist is good starting point
• Compare with other certificates: Let’s say OSCP or whole OffSec category of certificates or other specialized certificates
• They’re talking: About niche area, giving context into that specific area
• But if want: To get one certificate which gives keywords of infosec, that’s CISSP is one
• Security Plus: Maybe does job but no job right now has Security Plus as requirement
• Lot of jobs: Have CISSP as requirement
• That aside: Don’t recommend people doing certifications at all
• Suggest people: Do certifications if they are becoming barrier to get through job, or do them if company is paying for them

Company’s Role:

• Other quib: If company requires OSCP, find people who are good at their tech, then pay them to get OSCP
• Why trying: To hunt for OSCP?
• Just by changing: This narrative, can actually tap into larger pool
• Obviously: Interview process have to be stringent so can identify people who are capable of it
• Other thing: Current way of doing interview by asking standard set of questions, then everyone knowing those questions and repeating answers does not helps
• Need to be able: To identify gems in interview pool
• If identified good person: Their certifications should not be barrier for them
• If not having certification: Need that certification, pay them, they’ll do it
• Done that countless times: Where asked employees “Hey need to show that have these many OSCPs, these many CISSPs” - who is interested in becoming one of those? People have raised hands, paid them money, gone ahead and done certifications because they were capable people
• Instead of certificate fixation: That should be angle

Individual Perspective:

• From individual point of view: When look at something in order to achieve certificate
• Brain operates: In way that wants to achieve goal
• If goal: To clear certificate, will clear certificate
• If goal: To learn something, will learn something
• Simplest example: Friend back in 2010 time frame, organization where working on was more into networking
• Cisco certified: Network architect and network admin CCNA certificates very common at that time
• CCNA and then: CCNA routing and switching, then CCNP, CCSE, whole set of Cisco certified certifications
• One friend: Had four years of experience in networking, sat on exam
• Another friend: Fresh out of college, sat for exam
• Fresher achieved: 100 out of 100
• Experienced person: Achieved about 80-90, whatever was passing score, just achieved bit more than passing score
• Ground reality: Person who got 100 out of 100 was not able to actually configure any of switches because did not know how actual thing works
• Other person: On other hand was able to do all things in right manner but was lazy, was not in mood to write everything correctly, didn’t go through and got 100% score
• Certificate scores: Not going to tell what person is capable of
• Going to tell: What that person thought at that particular point in time and was able to match answer what expecting, and that’s about it

Entrepreneurship Journey:

The Hack - Under Commit, Overperform:

• When comes to hack: Under commit, overperform
• If able to do: 100 things, claim that able to do 70
• Even if finish: 80 of them, have overperformed
• That’s kind of: What need to look at
• Always overestimate: Ourselves, commit based on overestimation
• Instead: Under commit
• Don’t commit: All things that can do
• Commit part: Of things that can do
• Then if able: To achieve them within time frame, have achieved it
• If able to do more: Than what claimed going to do, have overachieved
• One trick: That has generally helped overall

Why Start Entrepreneurship:

• This not first time: Tried this
• Come from background: Where father used to have workshop of own
• Kind of entrepreneur gig: To be honest that had going on
• Seen that: Even before joined corporate world
• Seen ups: Seen downs
• 2008: Not most pretty years when comes to job opportunities
• That’s year: Graduated, joined company
• Before Diwali break: Told “Hey may be able to finish trainings but won’t be able to absorb you by December”
• Christmas break: Told “Hey will be able to finish trainings, will be able to absorb some of you, not everyone, but by February you’ll all have to go back home, wait for orders, then if and when feel like need you, will call you”
• 2009: First attempted to do entrepreneur gig
• About two months: Of planning went in
• Couple of friends: Were there, all wanted to start something
• At that time: Cafes were buzz everywhere in world, find lot of internet cafes
• Trying to build: Some sort of automation gatekeeping setup for cafes
• Things didn’t work out: Plus company offered position, started back with corporate world
• 2014: Again attempted another round for about one and half year as doing freelance work
• Better than 2009: Because this time actually getting work, getting enough money on plate rather to level where think earned double what used to earn from corporate job in single year while doing freelancing
• That kind of ended: Because one of biggest client basically said “Hey Anant you anyways spent 20 days a month with us, why don’t start paying fixed fees and save some money at end, some hassle at end, and join us as first person in company”
• That’s kind of: How joined NotSoSecure
• 2021: Decided “Okay had enough again, another insect bite” - “Okay let’s try again”
• Third round: Where trying
• First round: Lasted for 3 months or so
• Next: Lasted for about one and half year
• 2025 right now: Let’s see how long this one lasts

Lifestyle Business:

• Company created: Reading about it - what call this?
• Jargon: Comes up is there are two types of businesses - growth business and lifestyle business
• Building right now: What call as lifestyle business
• Growth business: Would hire, would accumulate number of people, angle would be year over year need to grow by X number, need to acquire more clients, need to have more work coming in, need to expand company, need to grow beyond borders, have more revenue numbers
• Lifestyle business: Different approach

Entrepreneur Notebook - Mixtape:

Side A and Side B:

• If had title: For entrepreneur notebook like mixtape, what would be side A and side B?
• Been on both journeys: Whether corporate life, whether entrepreneurial journey, seen both phases
• Especially: When talk about side where now, this third time thinking about it, spent good amount of time with it, sure it’ll go for long
• What would be names: For it?
• Answer: “Grass is always greener on the other side”

Landmines for Founders:

Two Things People Generally Have Problem:

1. People assume: Solution that have built for own problem is good enough to get people to pay for it

• That is not: How world works
• One angle: Trying to create solution to problem
• Another angle: Someone else is willing to pay money to solve their problems
• If able to crack: These two, that’s where fun begins
• Again: Not everyone needs to sell things, not everyone needs to build product
• Entrepreneur generally: Does not necessarily means has to be product
• Does not necessarily means: Need to be doing something for large number of people
• Entrepreneur journey: Also does not means there is altruistic means for everything
• In it for making money: Then in it for making money
• What is important: There is view that everyone gets about what company is, and there is clarity that founder has on what doing
• Can fool world: Let me put it this way - can fool world but should not be fooling yourself
• If in it for money: If in it for growth, then be clear about it
• There are ways: Which may not look good to me which are perfectly valid ways of growth, but at different junction, you at different junction
• That’s kind of reason: Why keep saying it - there’s no playbook
• Can’t write: Set of steps and say “Follow these steps and done” because nothing like that
• Keep using phrase: “Your mileage will most definitely vary”
• Use it: For any number of things - for DevSecOps pipelines, to software supply chain equations, to entrepreneur journey
• Every single person: Starting in that journey, even though give same amount of money to start with, same facilities, same location, both would have different journeys
• Journey: What is fun

2. Assuming technology is answer: “Let me shoehorn more technology into it and get things done” is not right approach

• For people from IT world: Assume if able to program something, if able to create product, done
• Once get into entrepreneur world: Realize “Oh so product that built was about 5% of work, remaining 95% is totally not tech”
• Need to talk: To people
• Need to show: Them value that is there for them, not for me
• Value for other person: Is different for every individual
• Time spent: In trying to convey “Hey product can actually do things better than other person” or rather “If product is taking five minutes, they giving answer in 2 minutes, both giving similar looking answers, actually doing more”
• Those parts: About marketing, sales, finance, talking to VCs for that matter is entirely different ball game than writing code
• Need to understand: What they’re looking for, then talk in their language
• That’s what people don’t realize: “Hey have built something”
• This is how put it: Open-source product or created something, put it on GitHub, bunch of people using it does not means able to directly one-to-one map them into paid customers
• Expectation of paid customer: Going to be totally different from product standpoint
• From services world also: Fun thing about services industry
• Personal observation: So far has been if person is paying premium, would expect premium service but would be more considerate about whatever doing
• If person paying pennies: Would be more picky about where penny is going
• Again prospective scenario: But feel there is value in both of them
• Person who is pennywise: Can actually drive to reach point where product is optimized for people
• Person paying premium: And letting do job, then come up with answer, giving confidence and trust to take answer on face value - probably giving more responsibility, that drives in direction
• Whatever works: For you - if someone’s trust gives motivation, or if someone’s mistrust gives motivation, pick that, leverage that to improve outcome

Final Advice:

Two Things Every Individual Needs Clarity About:

• From overall point of view: Would suggest
• Jokingly said: “Grass always looks greener on other side”
• What would suggest: There are two things that every individual needs to have clarity about

1. Why doing: What doing

• If doing: Because friends are doing it, it’s okay - that’s how may want to go about
• But should have clarity: That this is why doing
• Don’t fool yourself: Person looking back from mirror should be confident in you and words as confident in those yourself
• That’s one: Crux of all things

Key Insights:

• Journey into cybersecurity started in 2010 from server admin background
• CISSP is worth doing for keyword visibility, but certifications should only be done if barrier or company paying
• Companies should find good people and pay them to get certifications, not hunt for certified people
• Under commit, overperform - key hack for success
• Third attempt at entrepreneurship (2009, 2014, 2021)
• Building lifestyle business, not growth business
• Two landmines: assuming solution for own problem is good enough to get paid, assuming technology is answer
• Product is 5% of work, remaining 95% is marketing, sales, finance, talking to people
• Need clarity on why doing what doing - don’t fool yourself

Actionable Takeaways:

1. Under commit, overperform - if can do 100, claim 70
2. Certifications only if barrier or company paying
3. Companies should find good people and pay for certifications
4. Solution for own problem ≠ solution people will pay for
5. Technology is 5% - rest is people, marketing, sales, finance
6. Need clarity on why doing what doing
7. Don’t fool yourself - person in mirror should be confident
8. Premium customers more considerate, penny customers more picky - both have value
9. No playbook - your mileage will vary
10. Grass is always greener on other side