Connect with us


An interview with Solwey’s Andrew Drach – TechCrunch



Software consultant Andrew Drach’s two companies Callentis and Solwey demonstrate his entrepreneurial skills, but his clients also value his educational background, as we learned through TechCrunch’s survey to identify the best software consultants for startups.

Telling us why her company picked Solwey, eDiscovery Assistant’s Kelly Twigger cited “Andrew’s Ph.D. and analytical background related to data,” as well as the consulting expertise for startups that he provides.

Expertise is only useful when it’s implemented, though — and Solwey does this too, Twigger said. “We don’t just add tasks to a Trello board for them to complete, we discuss the goals, why and how best to achieve them with cost/benefit analysis in mind.” This point was seconded by other survey respondents, so we reached out to Drach and his team to learn more.

Editor’s note: This interview has been edited for length and clarity.

Can you tell us a bit about your recent background and current companies?

Andrew Drach: I have been doing consulting in engineering and software on and off pretty much ever since I started coding. And after a few years working in academia, I realized that I did not want to go the tenure-track faculty route. I told my wife [Monika Jociunaite] that as much as I was passionate about science, I had decided to leave academia and grow freelance consulting into an agency and that she should join me.

Monika was a perfect co-founder with complementary experience and skill set. Her background includes two master’s degrees — in international business and marketing — and she spent 5+ years working in large international corporations. She was curious to explore a more creative side of marketing as she enjoyed working on UX/UI projects in the past; and I knew firsthand that for the end users, high-quality code without good UX/UI is no different from broken code.

In December of 2016, Monika and I established two sister companies: Solwey Consulting, focused on technology strategy and execution, UX/UI design and business intelligence; and Callentis Consulting Group, a research and development business focused on translational research and technology transfer from academia to industry practice.

More specifically, Solwey provides consulting in all stages of software design and development strategy and execution. We work with our clients on architecture and infrastructure design, optimization of UX/UI design and user flows, back-end and front-end software development for web and mobile, and business intelligence/data analytics to enable our clients to rapidly grow and move forward.

Why did you choose the boutique consultancy model?

We both had strained experiences working with large agencies and staffing agencies and feeling abandoned or not important enough to have the full attention of the managers or project owners. Furthermore, we both had seen firsthand how terrifyingly crippling waterfall and broken agile could be for the progress of a project. So we set out to build Solwey and Callentis as small-by-design agencies. We directly engage with our clients, and Monika and I take personal responsibility for every single deliverable from our team.

How is your team structured?

We wanted to build a virtual-first, remote-first agency from day one. While it seemed unconventional in pre-pandemic days, this allowed us to stay as lean as the best startups out there, while drastically improving our hiring prospects. We have been incredibly lucky with the talent that joined our team and to celebrate several of our employees’ fourth anniversary while being just a five-year-old agency.

Currently, we have eight full-time developers, a DevOps manager and our Chief Operating Officer Nima [Kargah-Ostadi] who has a Ph.D. in engineering with a decade of experience leading engineering and research teams and is a certified Project Management Professional (PMP).

How have you been finding clients?

When we started, I just googled platforms for remote contracts for software developers and registered on a few of them. In a couple of days, we had already got a contract, so we immediately got hooked on the freelancing platforms; Upwork was a primary source of projects because it was so quick to find a contract there. But over time as we grew and increased the rates and team size, Upwork became less of a fit for us. Nowadays, we get referrals from former clients, new contracts from returning clients, quite a few requests from organic and paid search, and listings on B2B platforms like Clutch.

My focus in 2021 has been on diversifying our source of leads and we have been experimenting with many different approaches. So far, the least successful has been hiring business development reps and trying out cold outreach (emails and LinkedIn) but maybe we were just doing it wrong. On the other side of the spectrum, we have had great success establishing partnerships with VC funds and marketing agencies. Other approaches (social media, paid ads, content marketing, networking) also provided interesting results.

Help TechCrunch find the best software consultants for startups.

Provide a recommendation in this quick survey and we’ll share the results with everybody.

Are startups your main clients, and what do they require?

60% to 70% of our clients are startups or small companies at various stages. We have helped startups at pre-seed stage to create prototypes and guide their technology development plans. At seed stage, we work with them to develop their minimum viable product (MVP), and in subsequent stages, we get to help them with some of their many newly formed initiatives.

Some of these companies approach us before even having a technology team, some are starting to hire and grow their development team, and some have a fully staffed technology team that is swamped with existing work and cannot take on more initiatives.

We always strive to help startups hire and complete their technology team, especially if they have an idea that revolves around technology. In fact, I have served as interim chief technology officer (CTO) for three startups.

Why do you think architecture design advice is important?

Early-stage clients are typically focused on their MVP and launch schedules. Too often, we need to walk this delicate path of helping them move as fast as possible to beat the competition and impress their investors, while at the same time try to stop them from rushing into architectural or strategy decisions that could come back to bite them hard when it is time to enhance some features, add new functionality, iterate or aggressively scale. Meanwhile, we are doing our best to provide guidance, prevent some common issues and explain why early investments in architecture or formal operational processes would help in the near future.

We tend to focus our recommendations on the time span of roughly six to 12 months so that we do not get stuck with premature optimization. A custom-tailored architectural design allows for a more efficient development process, fast iteration and gets to the robust and scalable software solution leaner and with fewer bumps along the way.

What is your billing model?

Monika and I strongly believe that transparency and easy-to-understand billing have helped us a lot in building trust and strong relationships with our clients. We use a project-based billing model with a flat hourly rate.

During the preliminary diagnostic conversations with our prospective clients, we try to understand their priorities and carve out a reasonable scope for projects divided into stepwise phases. Nima and I then put together a Gantt chart to visualize a realistic schedule of tasks and estimate the number of hours it would take to design, develop, test and deploy the anticipated solution given client and resource conditions. The proposed budget is simply this number of hours multiplied by our hourly flat rate, which includes all overhead costs.

What’s your typical timeline?

For a typical startup product that is at initial phases of developing an MVP, we typically recommend two weeks for discovery and requirements gathering, four weeks for UX/UI design along with infrastructure and architecture design, eight weeks for agile development and continuous testing to implement the major functionality and finally two weeks for deploying the MVP solution and last-minute tweaks.

Solwey's timeline

Image Credits: Solwey

We work with our clients to postpone any tasks that were collectively identified as non-blocking or non-critical to keep the MVP lean enough to have a successful launch within such a short timeline. This is because in our experience, four months is long enough time to develop most MVPs and short enough to enable rapid launch and get much needed feedback from users and investors that guarantee the success of the startup in subsequent phases.

Two of your clients mentioned coming to you after not-so-great experiences with other firms. Could you explain what this is like? And do you have any advice for startups wanting to avoid bad experiences?

The very first thing I tell our clients in the diagnostics call, is that sometimes things do not work out, but their negative experience does not mean that working with external teams is always going to fail or that their previous technology partner was unqualified or had bad intentions. I joke sometimes that our team should be called “iteration #3.” A majority of projects that we take over usually went through two iterations: once with an agency outside of the United States, due to cheaper rates, and another time with a junior or midlevel freelancer. And while there is absolutely nothing wrong with either approach, founders tend to underestimate the level of hands-on coordination required to complete the project in those scenarios.

Advice on avoiding a bad experience? Setting clear expectations and communication. Whether a startup is engaged with a staff-augmentation agency, or a temporary hire, or a freelancer, or an agency like us, it all boils down to having clear delineation of tasks and frequent check-ins to ensure that any potential issues surface quickly and the team can pivot quickly. Will there be unexpected issues, delays, complications? Certainly. But it matters how these obstacles are communicated and addressed.

Do you have any thoughts on fake agile versus real agile? And why do you believe in the latter?

In my opinion, the word “agile” has been loosely applied to many different approaches and strategies to manage projects so the discussion of “fake” versus “real” agile is tricky without a specific context or example. Through our interactions with different teams, we have encountered cases when the agile process ended up being extremely inefficient for a number of reasons. Sometimes, a manager or team lead would be laser-focused on agile ceremonies designed for large distributed teams while the total team size is just two developers working in the same room. In other cases, the process was set to be so fluid that the priorities would shift several times a day. And sometimes, the team would define weekly or biweekly sprints, but then would have a rigid quarterly plan that looks exactly like a waterfall approach.

To be honest, I am not sure that our process would fall into the strict definition of agile because we adjust it and try to accommodate client preferences to reduce any potential friction. We have several important requirements, including daily check-ins with our designers and developers, weekly sprints with well-defined tasks, regular release schedules, continuous integration flows, striving to have design assets be ready 1-2 sprints ahead of development, etc. But beyond those, we do our best to accommodate and provide recommendations to the client as the process would be quite different for a one-person team versus a late-stage startup with dozens of team members spread across multiple time zones.

Source link


Better together: Offsetting cybersecurity’s labor challenges with API integrations



The labor challenges afflicting cybersecurity teams far and wide are no secret. A razor-tight hiring market coupled with surging demand and an accelerating threat landscape has created a perfect storm of complexity, resulting in a widening skills gap that is driving higher levels of burnout and human error across the sector. In fact, Verizon’s independently commissioned 2022 Data Breach Investigations Report found that 82% of breaches today involve some degree of human error. Whether it’s an unsuspecting end user or a bleary-eyed analyst, the vulnerabilities caused by cognitive overload shouldn’t be overlooked.  

Take the recent high-profile Uber data breach. A malicious actor, posing as an internal IT administrator, used digital collaboration channels to trick an Uber employee into giving up their VPN credentials, leading to a total compromise of the rideshare giant’s network infrastructure. The breach exemplified the consequences of a social engineering attack targeting the always-on hybrid workforce. And with the rate of such attacks accelerating in volume and velocity, it’s clear that more visibility of these threats is needed for security teams to effectively remediate them.

Many organizations are investing in a plethora of new, best-in-class security products in response to staffing shortages. However, reactive patchwork spending on the industry’s latest niche products shouldn’t be viewed as the answer, as the tool sprawl often creates additional complexity that hurts organizations more than it helps. Enterprises, on average, have 60 to 80 different security monitoring tools in their portfolio, many of which go unused, underutilized or forgotten. Forcing security teams to master a myriad of tools, consoles and workflows shifts priorities from managing risk to managing technology.

An integrated cybersecurity framework

The companies best positioned to offset cybersecurity’s labor challenges are those adopting best-of-breed security tools and platforms that offer a deep library of API and third-party integrations. Above all, an integrated framework empowers organizations to effectively navigate their unique environments by consolidating tools and reducing human error through the following three processes:


Intelligent Security Summit

Learn the critical role of AI & ML in cybersecurity and industry specific case studies on December 8. Register for your free pass today.

Register Now

  • Improved protection via security intelligence and threat sharing: This enables rapid recognition and response to incoming threats via machine learning analytics tools, strengthening a human analyst’s ability to formulate swift and comprehensive cyberdefense measures.
  • Improved efficiency via automation: This enables offloading of repetitive and mundane manual tasks to AI-enabled tools, streamlining human workflows by accelerating and improving key facets of incident response and vulnerability management.
  • Improved prevention via sharing and consolidating tool data: This enables complete, real-time visibility into an organization’s entire security environment to promote the creation of targeted alerts that uncover unknown threats.

In collaborating with a wider range of security vendors, organizations leveraging API integrations benefit from the combined knowledge of all integrated platforms to greatly improve overall security posture. The extensive access to timely threat intelligence allows security teams to align prevention, investigation and response plans across multiple security controls, as well as increase the speed of their detection and remediation efforts.

Amid the widespread adoption of cloud-based hybrid work environments, it’s increasingly clear that organizational security architectures must consist of scalable, tightly integrated solutions that combine the right balance of automated prevention, detection and response capabilities to effectively protect data across its lifecycle.

Enhancing detection and increasing cybersecurity efficacy

An open API integration framework is the embodiment of unlocking strength in numbers. It stitches together the critical functions and processes performed by foundational security tools — email security, endpoint security, web security, NDR, data security — into a single meshed framework that operates in unison and shares centralized threat intelligence data across its ecosystem. By connecting all the pieces of the puzzle, organizations gain the resources to enhance their prevention and detection capabilities in complex environments.

In one scenario, an API framework could enable automated processes to continuously flow between an email gateway and security service edge (SSE) to corresponding SIEM/XDR systems. This would allow security teams to share rich logging, metadata, indicators of compromise, malicious URLs, user activity, data movement and machine learning analytics in real time. The AI-powered SIEM platform automates the analysis of that threat data, sifting through the noise to generate actionable alerts with contextual information for security teams. Meanwhile, the real-time contextual insights provide simplified guidance for analysts to alleviate potential threats and, if needed, formulate a swift response to an attack.

With access to a wider range of threat data touchpoints, cybersecurity teams can also create customized scripts within the overarching API library. This gives them “targeted capabilities” that more directly align with their specific needs and skillsets. For instance, the team could create a script that simultaneously analyzes email security logs from Vendor A, data protection logs from Vendor B, web security click logs from Vendor C, and spam filter logs from Vendor D, based on which intel is most relevant to their specific use case. Filtering the exceedingly high volumes of incoming alerts enhances the efficiency of the entire team, empowering analysts to identify needles in the haystack by prioritizing the right alerts at the right times for maximized protection.

Automating manual processes and workflows

Despite the growing number of innovative, best-in-class products available on the market today, it’s important to remember that a multi-vector social engineering attack is exceedingly difficult for hybrid security teams to combat regardless of the tools in their stack. Quick and agile responses are non-negotiable in these situations, but with resources stretched thin and employees working from multiple locations, executing swift corrective action free of human error is easier said than done. Even the most experienced and skilled security teams are susceptible to mistakes while trying to remediate an attack. Therefore, identifying how to automate well-defined processes wherever possible is imperative for tightening these response durations and ensuring security teams can remediate quickly and effectively.

With access to an open API library, organizations can integrate the capabilities of additional AI/ML security tools into their existing security architecture to automate the repetitive steps of protection, detection, response, mitigation and intelligence sharing. Whether it’s informing an endpoint security provider of an emerging alert, or securely moving data from one storage solution to another, API-driven automation can handle the routine, error-prone tasks cybersecurity teams perform every day. Streamlining these otherwise human-centric workflows allows overstretched analysts to instead focus on more critical threat assessments requiring extensive time and attention. That, on a macro level, strengthens the security posture of the greater organization.

There’s no magic bullet that will completely reverse cybersecurity’s labor challenges in the immediate future. But there are proactive steps organizations can take now to provide the critical support their security teams need today. For effectively navigating a complex threat landscape, there’s no better place to start than with the applied adoption of a deep API integration framework.

After all, cybersecurity is a team sport. Why defend alone when you can defend together? 

Joseph Tibbetts is senior director for tech alliances and API at Mimecast.

Source link

Continue Reading


It’s foie gras season in unicorn land • TechCrunch




elcome to the TechCrunch Exchange, a weekly startups-and-markets newsletter. It’s inspired by the daily TechCrunch+ column where it gets its name. Want it in your inbox every Saturday? Sign up here.

With most startups getting repriced behind closed doors, we love getting data that gives us a glimpse of what’s going on. This week, our new information comes from EquityZen, which shared insights on secondary stock sales. EquityZen also put up a few IPO predictions that gave us food for thought. Let’s explore. — Anna

A glimpse of repricing

How do you know when a unicorn has lost its billion-dollar valuation? Usually you only find out long after the fact, when — and if — the company raises a down round that makes it clear that its equity valuation is no longer in the unicorn realm.

The thing is, not many founders want to advertise that they have raised capital at a lower valuation than their previous round; in most cases, they just won’t disclose their new valuation.

As market observers, this leaves us with little data on a topic that our readers do care about: What kind of repricing they could expect. This is why we were grateful for Instacart, which made it public that it reduced its valuation through a 409A price change. This wasn’t good news, but it was a helpful data point for everyone involved. However, that was back in March.

Source link

Continue Reading


This Top-Rated PDF Solution Is 66% Off Now



Opinions expressed by Entrepreneur contributors are their own.

Paper has made its way largely out of business, but that doesn’t mean you don’t still work with documents regularly. Instead, we’re just working with them differently: with the dreaded PDF. These static files can be great if you’re positive that a document is ready, but a serious nightmare when you have to make changes. When you’re working with a lot of PDFs, you need a quality digital solution.


We’ve got a deal you’ll like. For a limited time, you can get a lifetime subscription to UPDF Pro for 66% off.

UPDF Pro is one of the top-rated PDF solutions on the market. Geeky Gadget writes, “UPDF is a potent PDF editor and PDF converter designed to stay up with advanced technologies. It ensures that whichever features you use are up to date. UPDF not only converts PDF to Word but can perform many advanced editing.” Fossbytes adds, “UPDF doesn’t have a boring interface like other PDF software. The design is stunning and eye-catching. On top of it, it is convenient to use. You wouldn’t be bothered with a complex design that is very time-consuming.”

These are just the tip of the iceberg of positive reviews for this all-in-one PDF solution for individuals and businesses. With it, you can edit any PDF document across Windows, Mac, iOS, and Android devices, adding or deleting text, editing fonts and color, and much more. The tool allows you to add, crop, rotate, replace, extract or delete images, watermark documents, and password-protect them for elevated confidentiality. You can also easily annotate PDFs, highlight, underline, or strike out text, add shapes and notes, and much more. Finally, it’s even easy to convert any PDF to Word, Excel, PowerPoint, and a ton of other file types in just a click.

Working with PDFs has never been easier than with a lifetime subscription to UPDF Pro. Grab it on sale for 66% off $149 at just $49.99, the best price you’ll find online.

Prices subject to change.

Continue Reading