Disclaimer
None of the companies, organizations, nor people referenced herein should be implied to endorse SuperSafe and neither does SuperSafe endorse or take any commision from any references I make herein. Neither are any thoughts below investment nor legal advice. The below contains purely my honest thoughts and recollections.
Preliminaries
In our last article, I discussed the origins of SuperSafe from my background in astrophysics and web3 in 2022, leading into diving down the rabbit hole in all things quantum in late 2022. In December of 2022, I asked my lawyer to file SuperSafe's Articles of Organization with the California Secretary of State. A couple of notes here for folks thinking of founding a company:
- Basically everyone I talked to recommended not establishing in California and instead doing so in Delaware since their laws are corporate-friendly, or to do so in a state without income taxes. However, I love my home state of California. It also seems like a pretty natural state to establish a tech company with Silicon Valley not too far away (although Austin, Seattle, and Boise also seem like great choices). I also think it seems dodgy to establish a corporation in a different state than one intends to HQ. Regarding taxes, I figure pay unto Caesar what is Caesar's (more on Caesar -- specifically the Caesar Cipher coming soon!). All that said, I've also heard it's pretty easy to switch states, so I might have to if I develop a board of advisors (funders?) that recommend/require it.
- I later went through the process of filing Articles of Organization with the California's Secretary of State using their onlineBizfile platform. It's super easy to use, no real reason to use a lawyer (I thought it'd be more work). The one annoying thing is their security provider sometimes blocks traffic from IPs outside the US - which is a problem if you use a VPN. I found if I switch my VPN connection to a server in the US, use bizfile for a minute or so, and then switch my VPN back to Europe, it seems to be okay with it.
Networking Part 1: Emails (Warm Contacts)
After reading droves of quantum computing and post-quantum-cryptography articles in November 2022, I started putting together my business plan for SuperSafe and emailing one person a day, both to practice my pitch, ask for advice, and to give some exposure to SuperSafe. The first dozen or so emails I sent to family, for a few reasons:
- Might as well start with some friendly, familiar faces :)
- My Dad's side of the family mostly owns and runs answering service companies, and one of my uncles is a real privacy queen, so I expected to learn a lot on the business side from them and definitely did!
- My Mom's side of the family mostly works for an answering service equipment company that my grandfather founded (it used to be hardware, now it's mostly software), and they primarily sell to hospitals. Since a major target market for SuperSafe is healthcare, I thought it'd be great to gain some general business advice, as well as hear more about how providing solutions to hospitals works.
I asked each person I contacted for additional contacts they recommended and as a result, I started contacting folks outside of my immediate network, while I also expanded beyond family to also discussing SuperSafe with friends.
Networking Part 2: CES 2023
Shortly after incorporating SuperSafe as an LLC, I heard the Consumer Electronics Show (CES) in early Janauary was still open for registration. So after spending some time trying to come up with my own business cards, I went with a template from VistaPrint, and I'm super glad I did because I love them! I ended up buying some pens and a business card holder to qualify for free shipping (of course that's never worth it in-and-of-itself, but I wanted some pens to give away and I've really enjoyed the business card holder too :)).
I also put together a website, which went live towards the end of December. That isn't the simplest thing for me as all the web3 minting dapps I put together in 2022 were in collaboration with an artist or I was otherwise handed the image assets; I much prefer backend to frontend dev!
However, I found a NextJS template I liked fairly well and from there tailored the content to SuperSafe. For the domain name, I originally wanted supersafe.com or supersafe.io but those are all "premium" domains (AKA, the domain registrars or speculators bought them during the dot com bubble and are trying to massively upsell them now) so I grabbed supersafelabs.com from NameCheap for $9.76 for a year, since I figured I might switch to a premium (shorter) domain if advised to do so (and with funding). The reason I went with NameCheap is they typically have the cheapest domains when I was price-shopping, but now it's more likely because I've used them to manage DNS of dozens of websites now so I feel quite comfortable using their platform.
This was the first time I decided to set up an email account with a domain name (I previously went down the rabbit hole of setting up my own server for self-hosting mail, but that was a somewhat painful process...), and I went with Google since I already enjoy using Gmail and more particularly Google Drive etc. I went with the cheapest Google Workspace option (Business Starter) for $6/mo/user (was just me to start but I've added a user earlier this month (March), more on that later).
With my business cards arrived and website up, I was able to register for CES just in time! (Which was great because I had already booked the flight and hotel so I was going either way - even if it had to be Steven Spielberg-style ;))
CES was quite a fun experience! In addition to floor access (I didn't pay for the higher tier which gives access to most talks) I signed up for their Cybersecurity track and went to all four of the presentations that gave me access to. And I'm glad I did!
The first session was a conversation between one of the higher-ups at CES and Katerina Megas, the Program Manager for NIST's Cybersecurity for IoT (internet of things - think roombas and other gadjets ;)). They largely talked about different FIPS(Federal Information Processing Standards) that manufacturers should follow. I chatted with the speakers and a few folks after the session.
In between sessions I made use of the CES Member's lounge. The main plus was their water station and that it was close to the auditorium for the cybersecurity sessions. Otherwise, I haven't used CES Member benefits so far; I originally grabbed it hoping to get into their networking service at CES, but registration was already past - mayber for 2024 though!
One of the most interesting sessions was a panel discussion related to human-based cybersecurity led by Army veteran and Strategic Cyber Ventures (SCV)'s CEO Hank Thomas, which included Hack NoticeCEO and Co-Founder Steve Thomas,T-Mobile Chief Security Officer Timothy Youngblood, and Army veteran and former Director of Cybersecurity and Secure Digital Innovation at The White House Carole House.
That panel captivated me particularly due to the human element involved in most (if not all) hacks in the NFT space. Typically, a Discord moderator would be trying to help someone and the moderator would be lead to a scam website, tricked into adding a bookmarklet, which is really just JS code that could then control their machine and fire off Discord messages, typically in the announcements channel linking to a wallet drainer ("hurry now, free/discounted mint!"). As a result of that problem I created Roo Tech's Dauthy, a discord bot that requires moderators to pass an authentication step before posting messages in specified channels (and more generally enables just-in-time permission granting). So it was quite interesting to hear about how Hack Notice trained employees on phishing campaigns, and how T-Mobile set up a "Honeypot" and it was pinged thousands of times almost instantly (attackers are at the ready).
After the session I got a chance to chat with Steve, who was the original creator of pwnedlist! as well as Hank regarding the epoch apocalpyse and Y2Q (more on those in future articles ;)).
At the last session (which I almost skipped!) Deloitteinvited everyone to an after-hours networking event. While the free bar and endless appetizers were quite the treat, I unfortunately ended up chatting so much I hardly ate (luckily I attended a pre-scheduled dinner afterwards)!
Amongst the many folks there I met Criss Bradbury who leads the US Cyber Data Risk team at Deloitte, and we chatted about post-quantum-cryptography, which Deloitte hadn't offered to clients yet (at least at that time) but knew they'd need to dive in sometime soon!
Networking Part 3: Qubits
Just one week after CES in Vegas, I ventured off to the other side of the country for a much more intimate conference: Dwave Systems'annual Qubits conference, which this year was in Miami Beach!
Dwave was the first commercial quantum computing provider, established in 1999. They specialize in quantum annealers and recently released 5000 qubit machines. In comparison, IBM holds the record for quantum-gate devices at 433 qubits with their Osprey processor, unveiled November 2022. Anyway, more on quantum computing hardware and history in a future article ;)
Whereas CES had tens of thousands of participants and such a 'big city' feel made it rather difficult to chat with very many folks, Qubits had of order 100 (maybe a few hundred) participants; at the very least, it was cozy enough that I saw the same faces after breaks and accross days. So it was quite nice for meeting people. Although I wore my astrophysicist hat there mostly and it seemed like most people wanted to hire me - on the plus side, good to know an Astrophysics PhD is not undesirable (I still expect a Physics PhD would be more so though...)
On the last day of Qubits during their afternoon networking event, I met Damir Bogdan who is the CEO of Quantum Baseland CTO of the parent company Uptown Basel Infinity.
Networking Part 4: Emails, Zooms, and Coffee (Tea)
Throughout CES, Qubits, and in between, I sent one new contact email a day - including a few cold contacts, such as asking for a tour of Riscure which conveniently has its North American HQ in San Francisco! As it turned out, the Managing Director Maarten Bron met me and we chatted about side-channel analysis and post-quantum cryptography over coffee and tea (I don't drink coffee except for exceptional circumstances).
I also zoomed with Chris Ahern,SCV's Principal (partner without a CPA), with Michael van Ommen, Senior Manager of Cyber Risk & Security at Deloitte, as well as a few friends of family.
In total, I met with 39 folks from December 1st - March 1st including two potential funders (VC, incubator), three potential partnerships, three potential clients, and three potential collaborators / team-members. I'll discuss those meetings in more detail another time, possibly, if there's interest.
Next time I'll chat about what I've been up to beyond networking: patents, government contracting, and coding, oh my!