What Keeps Growth-Stage CTOs Up at Night

To build the next great product or service, every company will require its Chief Technology Officer (CTO) to place bets on the right priorities. Last week, I had the pleasure to join CTOs from 40 Edison portfolio companies – past and present -- at Edison’s

annual CTO event, an intimate half-day forum at the Trenton Country Club for CTOs to pool experiences and collective thoughts, bounce ideas off of one another, and share their strategies and challenges. Much of the discussions this year revolved around important issues that keep CTOs up at night. The standout issues: Recruiting and retaining talent; Scaling SaaS; and Security, security, security.

1. Finding and retaining technical talent

A-players are critical for every entrepreneurial organization, yet finding and keeping them is ever- challenging. Location, compensation and upward mobility are primary factors at play, but one can only hope that your not competing on these terms with large tech firms (Apple, Google, Facebook, etc.). Large techs today offer six-figure salaries and attractive benefits to experienced hires and fresh college graduates alike. Having had spent three years at Microsoft as program manager right out of college, I’ve witnessed first-hand how large tech companies attract and keep talent.

At the event, Manny Berrios, CTO of MediaBrix, shared his three greatest motivating factors for technical employees:

• job role and responsibilities
• compensation and benefits
• work environment and culture

Today, many large tech recruits decide to pursue an alternative career path after just a few years (e.g., many of my Microsoft colleagues, who joined when I did, have left to join startups). One advantage of signing on with a startup is that there are always more and new things that need to get done, so there is never a lack of important things to do. As such, A-players entrusted with important roles and responsibilities are more likely to be satisfied about his/her job, succeed further, and grow with the company for years to come.

2. Scaling Software-as-a-Service (SaaS) businesses

As traditional businesses move to offering their products and services online, the SaaS business model is becoming the preferred way to deliver software content and services to customers. Just as we witnessed the rise and decline of compact discs as a dominant media storage solution in the past 25 years, same can be expected of on-premises data centers. However, SaaS as a high-margin, high-serviceability business model is not without its own share of challenges. CTOs today actively look for a better way to scale while maintain service levels and performance metrics.

In a typical architectural environment with multiple database servers, and multiple shared and customer-specific tables, hotspots will exist. “Adding servers solves for scalability”, Mark Heys, CTO of Vocus, explains, “but investment in a good framework is the key”. Mark and team at Vocus built a custom framework that abstracts the complexity of multi-database architecture to provide developers a simplified approach to scaling horizontally. In addition, the framework enables servicing of the production environment on demand without scheduled maintenance. Furthermore, the framework approach to scalability instills more confidence with customers by allowing them to test with production environments (with phantom accounts) rather than QA environments. All in all, CTOs agree that a good scaling paradigm starts with a good framework.

3. Security

From denial of service to phishing, malicious cyber-attacks are common for businesses of any size, sector, and function. Businesses will only experience more cyber-attacks as they grow and mature. Jim Eichmann, CTO of Billtrust, motivated the group to “build a culture around security, instead of doing the minimum to pass regulations and audits”. He provided the following musts for building that security culture:

• Employee awareness. The first step to upholding security is phishing your employees. Employers today can use services, such as PhishGuru or Simple Phishing Toolkit, to send phishing emails to employees in order to assess their ability to detect and react to malicious attacks. Employers are often surprised to discover through these exercises how easily information can leak out of their organization.
• Robust infrastructure. Software developers should be closely integrated with IT officers. Standard logging practices should be established, and logs should be kept often, be centralized, rolled on a regular cadence, and never be left on an island. Log forensics is your best friend when you need to construct the crime scene. Furthermore, software developers should be familiar with firewall, routers, and application firewall procedures and settings during deployment, testing, remote access, and other aspects of their development process.
• Proper programming etiquettes. A bug caught during the development process is very cheap to fix (development and QA time), while a bug caught in the field can cost millions (service patches, recalls, etc.). To catch most of bugs during development (thus drive quality upstream), static analysis tools should be run against source code from the developer’s desk regularly. Post development, run-time verification tools should be run from QA’s desk to test functionality and gauge performance. Finally, prior to shipping the product, certification tests, if applicable, should be run to ensure proper protocols are followed. Alan Page, a colleague of mine from Microsoft published a book on how testing is done at Microsoft, which provides many more insights and tips on ensuring software quality.

I hope you and your CTOs find these tips will result in fewer restless nights … (well, at least until the next product release cycle).