Rezilion raises $30M help security operations teams with tools to automate their busywork

Security operations teams face a daunting task these days, fending off malicious hackers and their increasingly sophisticated approaches to cracking into networks. That also represents a gap in the market: building tools to help those security teams do their jobs. Today, an Israeli startup called Rezilion that is doing just that — building automation tools for DevSecOps, the area of IT that addresses the needs of security teams and the technical work that they need to do in their jobs — is announcing $30 million in funding.

Guggenheim Investments is leading the round with JVP and Kindred Capital also contributing. Rezilion said that unnamed executives from Google, Microsoft, CrowdStrike, IBM, Cisco, PayPal, JP Morgan Chase, Nasdaq, eBay, Symantec, RedHat, RSA and Tenable are also in the round. Previously, the company had raised $8 million.

Rezilion’s funding is coming on the back of strong initial growth for the startup in its first two years of operations.

Its customer base is made up of some of the world’s biggest companies, including two of the “Fortune 10” (the top 10 of the Fortune 500). CEO Liran Tancman, who co-founded Rezilion with CTO Shlomi Boutnaru, said that one of those two is one of the world’s biggest software companies, and the other is a major connected device vendor, but he declined to say which. (For the record, the top 10 includes Amazon, Apple, Alphabet/Google, Walmart and CVS.)

Tancman and Boutnaru had previously co-founded another security startup, CyActive, which was acquired by PayPal in 2015; the pair worked there together until leaving to start Rezilion.

There are a lot of tools out in the market now to help automate different aspects of developer and security operations. Rezilion focuses on a specific part of DevSecOps: large businesses have over the years put in place a lot of processes that they need to follow to try to triage and make the most thorough efforts possible to detect security threats. Today, that might involve inspecting every single suspicious piece of activity to determine what the implications might be.

The problem is that with the volume of information coming in, taking the time to inspect and understand each piece of suspicious activity can put enormous strain on an organization: it’s time-consuming, and as it turns out, not the best use of that time because of the signal to noise ratio involved. Typically, each vulnerability can take 6-9 hours to properly investigate, Tancman said. “But usually about 70-80% of them are not exploitable,” meaning they may be bad for some, but not for this particular organization and the code it’s using today. That represents a very inefficient use of the security team’s time and energy.

“Eight of out ten patches tend to be a waste of time,” Tancman said of the approach that is typically made today. He believes that as its AI continues to grow and its knowledge and solution becomes more sophisticated, “it might soon be 9 out of 10.”

Rezilion has built a taxonomy and an AI-based system that essentially does that inspection work as a human would do: it spots any new, or suspicious, code, figures out what it is trying to do, and runs it against a company’s existing code and systems to see how and if it might actually be a threat to it or create further problems down the line. If it’s all good, it essentially whitelists the code. If not, it flags it to the team.

The stickiness of the product has come out of how Tancman and Boutnaru understand large enterprises, especially those heavy with technology stacks, operate these days in what has become a very challenging environment for cybersecurity teams.

“They are using us to accelerate their delivery processes while staying safe,” Tancman said. “They have strict compliance departments and have to adhere to certain standards,” in terms of the protocols they take around security work, he added. “They want to leverage DevOps to release that.”

He said Rezilion has generally won over customers in large part for simply understanding that culture and process and helping them work better within that: “Companies become users of our product because we showed them that, at a fraction of the effort, they can be more secure.” This has special resonance in the world of tech, although financial services, and other verticals that essentially leverage technology as a significant foundation for how they operate, are also among the startup’s user base.

Down the line, Rezilion plans to add remediation and mitigation into the mix to further extend what it can do with its automation tools, which is part of where the funding will be going, too, Boutnaru said. But he doesn’t believe it will ever replace the human in the equation altogether.

“It will just focus them on the places where you need more human thinking,” he said. “We’re just removing the need for tedious work.”

In that grand tradition of enterprise automation, then, it will be interesting to watch which other automation-centric platforms might make a move into security alongside the other automation they are building. For now, Rezilion is forging out an interesting enough area for itself to get investors interested.

“Rezilion’s product suite is a game changer for security teams,” said Rusty Parks, senior MD of Guggenheim Investments, in a statement. “It creates a win-win, allowing companies to speed innovative products and features to market while enhancing their security posture. We believe Rezilion has created a truly compelling value proposition for security teams, one that greatly increases return on time while thoroughly protecting one’s core infrastructure.”

#agile-software-development, #alphabet, #amazon, #apple, #articles, #artificial-intelligence, #automation, #ceo, #cisco, #computer-security, #crowdstrike, #cto, #cyactive, #devops, #ebay, #energy, #entrepreneurship, #europe, #financial-services, #funding, #google, #ibm, #jp-morgan-chase, #kindred-capital, #maryland, #microsoft, #paypal, #security, #software, #software-development, #startup-company, #symantec, #technology

Trade promotion management startup Cresicor raises $5.6M to keep tabs on customer spend

Cresicor, a consumer packaged goods trade management platform startup, raised $5.6 million in seed funding to further develop its tools for more accurate data and analytics.

The company, based remotely, focuses on small to midsize CPG companies, providing them with an automated way to manage their trade promotion, a process co-founder and CEO Alexander Whatley said is done primarily manually using spreadsheets.

Here’s what happens in a trade promotion: When a company wants to run a discount on one of their slower-selling items, the company has to spend money to do this — to have displays set up in a store or have that item on a certain shelf. If it works, more people will buy the item at the lower price point. Essentially, a trade promotion is the process of spending money to get more money in the future, Whatley told TechCrunch.

Figuring out all of the trade promotions is a complicated process, Whatley explained. Companies receive data feeds on the promotions from several different places, revenue data from retailers, accounting source data to show how many units were shipped and then maybe data directly from retailers. All of that has to be matched against the promotion.

“No API is bringing this data back to brands, so our software helps to automate and track these manual processes so companies can do analytics to see how the promotions are doing,” he added. “It also helps the finance team understand expenses, including which are valid and those that are not.”

What certain companies spend on trade promotions can represent their second-largest cost behind manufacturing, and companies often end up reinvesting between 20% and 30% of their revenue into trade promotions, Whatley said. This is a big market, representing untapped growth, especially with U.S. CPG sales topping $720 billion in 2020.

“You can see how messy the whole industry is, which is why we have a bright future and huge TAM,” he added. “With this new funding, we can target other parts of the P&L like supply chain and salaries. We also provide analytics for their strategy and where they should be spending it — which store, on which supply. By allocating resources the right way, companies typically see a 10% boost in sales as a result.”

Whatley started the company in 2017 with his brother, Daniel, Stuart Kennedy and Nikki McNeil while a Harvard undergrad. Since raising the funding back in February, the company has grown 2.5x in revenue, while employee headcount grew 4x over the past 12 months to 20.

Costanoa Ventures led the investment and was joined by Torch Capital and a group of angel investors including Fivestars CTO Matt Doka and Hu’s Kitchen CEO Mark Ramadan.

John Cowgill, partner at Costanoa, said though Cresicor raised a seed round, the company was already acquiring brands and capital before releasing a product and grew to almost a Series A company without any outside capital, saying it “blew me away.”

Cresicor is the “perfect example” of a company that Costanoa would get excited about — a vertical software company using data or machine learning to augment a pain point, Cowgill added.

“The CPG industry is in the middle of a rapid change where we see all of these emerging, digital native and mission-driven brands rapidly eating share from incumbents,” he added. “For the next generation of brands to compete, they have to win in trade promotion management. Cresicor’s opportunity to go beyond trade is significant. It is just a starting point to build a company that is the core enabler of great brands.”

The new funding will be used mainly to hire more talent in the areas of engineering and customer success so the company can hit its next benchmarks, Alexander Whatley said. He also intends to use the funding to acquire new brands and on software development. Cresicor boasts a list of customers including Perfect Snacks, Oatly and Hint Water.

The retail industry is valued at $5.5 trillion, and one-fifth of it is CPG, Whatley said. As a result, he has his eye on going after other verticals within CPG, like electronics and pet food, and then expanding into other areas.

“We are also going to work with enterprise companies — we see an opportunity to work with companies like P&G and General Mills, and we also want to build an ecosystem around trade promotion and launch into other profit and loss areas,” Whatley said.

#advertising-tech, #alexander-whatley, #api, #artificial-intelligence, #brand, #business-intelligence, #costanoa-ventures, #cresicor, #enterprise, #food, #funding, #john-cowgill, #machine-learning, #marketing, #recent-funding, #software, #software-development, #startups, #tc, #torch-capital

Make accessibility part of your startup’s products and culture from day one

The world of accessibility has experienced a tipping point thanks to the pandemic, which drove people of all abilities to do more tasks and shopping online.

For the last year, the digital world was the only place brands could connect with their customers. A Forrester survey found that 8 in 10 companies have taken their first steps toward working on digital accessibility.

What’s driving this change besides the increased digital interactions? Fortune 500 companies are finally starting to realize that people with disabilities make up 1 billion of the world’s market. That population and their families control more than $13 trillion in disposable income, according to Return on Disability’s “The Global Economics of Disability.”

However, only 36% of companies in Forrester’s survey are completely committed to creating accessible digital experiences.

Although digital accessibility has been around for decades, companies have not caught on to its benefits until recently. In its latest survey, the WebAIM Million analysis of 1 million home pages found accessibility errors on 97.4% of the websites evaluated.

What does this mean for you? Why should you care about this? Because this is an opportunity for your company to get ahead of the competition and reap the rewards of being an early adopter.

The benefits of digital accessibility

Companies are now realizing the advantages of creating accessible products and properties that go beyond doing the right thing. For one, people are living longer. The World Health Organization says people aged 60 and older outnumber children under 5. Moreover, the world’s population of those who are 60 and older is expected to reach 2 billion by 2050, up from 900 million in 2015.

W3C Web Accessibility Initiative provides an overview on Web Accessibility for Older Users. Here’s what it reveals.

  • Hearing loss affects 47% of people aged 61 to 80.
  • Vision decline affects 16% of people aged 65 to 74.
  • Mild cognitive impairment affects 20% of people over 70.
  • Arthritis affects more than 50% of people over 65.

In short, developing accessible digital products helps you reach a much larger audience, which will include you, your co-workers and your family. Everyone is going to become situationally, temporarily or episodically impaired at some point in their lives. Everyone enters a noisy or dark environment that can make it harder to see or hear. An injury or an illness can cause someone to use the internet differently on a temporary basis. People with arthritis, migraines and vertigo experience episodes of pain and discomfort that affect their ability to interact with digital devices, apps and tools.

Additionally, no one has ever advocated against making products and websites accessible to more people. Despite this, the relative universal appeal of accessibility as a principle does not mean that it will be as easy as explaining the need and getting people on board to make major organizational changes. A lot of work remains in raising awareness and educating people about why we need to make these changes and how to go about it.

You have the why. Now here are five things to help you with how to make changes in your company to integrate accessibility as a core part of your business.

1. Tap the right people to create accessible experiences

According to the second annual State of Accessibility Report, only 40% of the Alexa Top 100 websites are fully accessible, proving the needs of people with disabilities are, more often than not, being overlooked when creating web experiences.

To design for people with disabilities, it’s important to have an understanding of how they use your products or web properties. You’ll also want to know what tools will help them achieve their desired results. This starts with having the right people on board.

Hiring accessibility experts to advise your development team will proactively identify potential issues and ensure you design accessibly from the start, as well as create better products. Better yet, hiring people with disabilities brings a deeper level of understanding to your work.

2. Hire designers passionate about accessibility

Having accessibility experts on your team to provide advice and guidance is a great start. However, if the rest of your team is not passionate about accessibility, that can turn into a potential roadblock. When interviewing new designers, ask about accessibility. It’ll gauge a candidate’s knowledge and passion in the area. At the same time, you set an expectation that accessibility is a priority at your organization.

Being proactive about your hires and making sure they will contribute to a culture of accessibility and inclusion will save you major headaches. Accessibility starts in the design and user experience (UX) phase. If your team doesn’t deliver there, then you will have to fix their mistakes later, essentially delaying the project and costing your organization. It costs more to fix things than to build them accessibly in the first place.

3. Remember that accessibility is for everyone

People deciding whether to invest in accessibility often ask themselves how many people are going to use the feature. The reasoning behind the question is understandable from a business perspective; accessibility can be an expense, and it’s reasonable to want to spend money responsibly.

However, the question is rooted in one of the biggest misconceptions in the field. The myth is that accessibility only benefits people who are blind or deaf. This belief is frustrating because it greatly underestimates the number of people with disabilities and minimizes their place in society. Furthermore, it fails to acknowledge that people who may not have a disability still benefit greatly from accessibility features.

Disability is a spectrum that all of us will find ourselves on sooner or later. Maybe an injury temporarily limits our mobility that requires us to perform basic tasks like banking and shopping exclusively online. Or maybe our vision and hearing change as we age, which affects our ability to interact online.

When we understand that accessibility is about designing in a way that includes as many people as possible, we can reframe the conversation around whether it’s worth investing in. This approach sends a clear message: No business can afford to ignore a fast-growing population.

Think about it this way: If you have a choice of taking an elevator or the stairs, which would you take? Most pick the elevator. Those ramps on street corners called curb cuts? They were initially designed for allowing wheelchairs to cross the street.

Yet, many use these ramps, including parents pushing strollers, travelers pulling luggage, skateboarders rolling and workers moving heavy loads on dollies. A feature initially designed for accessibility benefits far more people than the original target audience. That’s the magic of the curb-cut effect.

4. Hire agencies that build accessibly by default

Whether you have a small team or are expanding an in-house accessibility practice, working with an agency can be an effective way to embrace and adopt accessible practices. The secret to a successful partnership is choosing an agency that will help your team grow into its accessibility practice.

The key to finding the right agency is selecting one that builds accessibly by default. When you know you are working with an agency that shares your organization’s values, you have a trusted partner in your mission of improving accessibility. It also removes any guesswork or revisions down the line. This is a huge win, as many designers overlook details that can make or break an experience for a user with a disability.

Working with an agency focused on providing accessible experiences narrows the likelihood of errors going unnoticed and unremedied, giving you confidence that you are providing an excellent experience to your entire audience.

5. Integrate accessibility into your supply chain

On any given day, enterprises and large organizations often work with dozens of stakeholders. From vendors and agencies to freelancers and internal employees, the nature of business today is far-reaching and collaborative. While this is valuable for exchanging ideas, accessibility can get lost in the mix with so many different people involved.

To prevent this from happening, it’s important to align these moving pieces of a business into a supply chain that is focused on accessibility at every stage of the business. When everyone is completely bought in, it cuts the risk of a component being inaccessible and causing issues for you in the future.

The startup advantage

A major challenge that comes up repeatedly is the struggle to change the status quo. Once an organization implements and ingrains inaccessible processes and products into its culture, it is hard to make meaningful change. Even if everyone is willing to commit to the change, the fact is, rewriting the way you do business is never easy.

Startups have an advantage here: They do not bear years of inaccessible baggage. It’s not written into the code of their products. It’s not woven into the business culture. In many ways, a startup is a clean slate, and they need to learn from the trials of their more established peers.

Startup founders have the opportunity to build an accessible organization from the ground up. They can create an accessible-first culture that will not need rewriting 10, 20 or 30 years from now by hiring a diverse workforce with a passion for accessibility, writing accessible code for products and web properties, choosing to work with only third parties who embrace accessibility and advocating for the rights of people with disabilities.

Many of these considerations here have a common denominator: culture. While most people in the technology industry will agree that accessibility is an important and worthy cause to champion, it has a huge awareness problem.

Accessibility needs to be everywhere in software development, from requirements and beyond to include marketing, sales and other non-tech teams. It cannot be a niche concern left to a siloed team to handle. If we, as an industry and as a society, recognize that accessibility is everyone’s job, we will create a culture that prioritizes it without question.

By creating this culture, we will no longer be asking, “Do we have to make this accessible?” Instead, we’ll ask, “How do we make this accessible?” It’s a major mindset shift that will make a tangible difference in the lives of 1 billion people living with a disability and those who eventually will have a disability or temporary, situational or episodic impairments affecting their ability to use online and digital products.

Advocating for accessibility may feel like an uphill battle at times, but it isn’t rocket science. The biggest need is education and awareness.

When you understand the people you build accessible products for and the reasons they need those products, it becomes easier to secure buy-in from people in all parts of your organization. Creating this culture is the first step in a long quest toward accessibility. And the best part is, it gets easier from here.

#accessibility, #column, #disability, #diversity, #software-development, #startups, #tc, #web-accessibility

With liberty and privacy for some: Widening inequality on the digital frontier

Privacy is emotional — we often value privacy the most when we feel vulnerable or powerless when confronted with creepy data practices. But in the eyes of the court, emotions don’t always constitute harm or a reason for structural change in how privacy is legally codified.

It might take a material perspective on widening privacy disparities — and their implication in broader social inequality — to catalyze the privacy improvements the U.S. desperately needs.

Apple’s leaders announced their plans for the App Tracking Transparency (ATT) update in 2020. In short, iOS users can refuse an app’s ability to track their activity on other apps and websites. The ATT update has led to a sweeping three-quarters of iOS users opting out of cross-app tracking.

Whenever one user base gears up with privacy protections, companies simply redirect their data practices along the path of least resistance.

With less data available to advertisers looking to develop individual profiles for targeted advertising, targeted ads for iOS users look less effective and appealing to ad agencies. As a result, new findings show that advertisers are spending one-third less in advertising spending on iOS devices.

They are redirecting that capital into advertising on Android systems, which account for just over 42.06% of the mobile OS market share, compared to iOS at 57.62%.

Beyond a vague sense of creepiness, privacy disparities increasingly pose risks of material harm: emotional, reputational, economic and otherwise. If privacy belongs to all of us, as many tech companies say, then why does it cost so much? Whenever one user base gears up with privacy protections, companies simply redirect their data practices along the path of least resistance, toward the populations with fewer resources, legal or technical, to control their data.

More than just ads

As more money goes into Android ads, we could expect advertising techniques to become more sophisticated, or at least more aggressive. It is not illegal for companies to engage in targeted advertising, so long as it is done in compliance with users’ legal rights to opt out under relevant laws like CCPA in California.

This raises two immediate issues. First, residents of every state except California currently lack such opt-out rights. Second, granting some users the right to opt out of targeted advertising strongly implies that there are harms, or at least risks, to targeted advertising. And indeed, there can be.

Targeted advertising involves third parties building and maintaining behind-the-scenes profiles of users based on their behavior. Gathering data on app activity, such as fitness habits or shopping patterns, could lead to further inferences about sensitive aspects of a user’s life.

At this point, a representation of a user exists in an under-regulated data system containing — whether correctly or incorrectly inferenced — data that the user did not consent to sharing. (Unless the user lives in California, but let’s suppose they live anywhere else in the U.S.)

Further, research finds that targeted advertising, in building detailed profiles of users, can enact discrimination in housing and employment opportunities, sometimes in violation of federal law. And targeted advertising can impede individuals’ autonomy, preemptively narrowing their window of purchasing options, even when they don’t want to. On the other hand, targeted advertising can support niche or grassroots organizations in connecting them directly with interested audiences. Regardless of a stance on targeted advertising, the underlying problem is when users have no say in whether they are subject to it.

Targeted advertising is a massive and booming practice, but it is only one practice within a broader web of business activities that do not prioritize respect for users’ data. And these practices are not illegal in much of the U.S. Instead of the law, your pocketbook can keep you clear of data disrespect.

Privacy as a luxury

Prominent tech companies, particularly Apple, declare privacy a human right, which makes complete sense from a business standpoint. In the absence of the U.S. federal government codifying privacy rights for all consumers, a bold privacy commitment from a private company sounds pretty appealing.

If the government isn’t going to set a privacy standard, at least my phone manufacturer will. Even though only 6% of Americans claim to understand how companies use their data, it is companies that are making the broad privacy moves.

But if those declaring privacy as a human right only make products affordable to some, what does that say about our human rights? Apple products skew toward wealthier, more educated consumers compared to competitors’ products. This projects a troubling future of increasingly exacerbated privacy disparities between the haves and the have-nots, where a feedback loop is established: Those with fewer resources to acquire privacy protections may have fewer resources to navigate the technical and legal challenges that come with a practice as convoluted as targeted advertising.

Don’t take this as me siding with Facebook in its feud with Apple about privacy versus affordability (see: systemic access control issues recently coming to light). In my view, neither side of that battle is winning.

We deserve meaningful privacy protections that everyone can afford. In fact, to turn the phrase on its head, we deserve meaningful privacy protections that no company can afford to omit from their products. We deserve a both/and approach: privacy that is both meaningful and widely available.

Our next steps forward

Looking ahead, there are two key areas for privacy progress: privacy legislation and privacy tooling for developers. I again invoke the both/and approach. We need lawmakers, rather than tech companies, setting reliable privacy standards for consumers. And we need widely available developer tools that give developers no reason — financially, logistically or otherwise — to implement privacy at the product level.

On privacy legislation, I believe that policy professionals are already raising some excellent points, so I’ll direct you to some of my favorite recent writing from them.

Stacey Gray and her team at the Future of Privacy Forum have begun an excellent blog series on how a federal privacy law could interact with the emerging patchwork of state laws.

Joe Jerome published an outstanding recap of the 2021 state-level privacy landscape and the routes toward widespread privacy protections for all Americans. A key takeaway: The effectiveness of privacy regulation hinges on how well it harmonizes among individuals and businesses. That’s not to say that regulation should be business-friendly, but rather that businesses should be able to reference clear privacy standards so they can confidently and respectfully handle everyday folks’ data.

On privacy tooling, if we make privacy tools readily accessible and affordable for all developers, we really leave tech with zero excuses to meet privacy standards. Take the issue of access control, for instance. Engineers attempt to build manual controls over which personnel and end users can access various data in a complex data ecosystem already populated with sensitive personal information.

The challenge is twofold. First, the horse has already bolted. Technical debt accumulates rapidly, while privacy has remained outside of software development. Engineers need tools that enable them to build privacy features like nuanced access control prior to production.

This leads into the second aspect of the challenge: Even if the engineers overcame all of the technical debt and could make structural privacy improvements at the code level, what standards and widely available tools are available to use?

As a June 2021 report from the Future of Privacy Forum makes clear, privacy technology is in dire need of consistent definitions, which are required for widespread adoption of trustworthy privacy tools. With more consistent definitions and widely available developer tools for privacy, these technical transformations translate into material improvements in how tech at large — not just tech of Brand XYZ — gives users control over their data.

We need privacy rules set by an institution that is not itself playing the game. Regulation alone cannot save us from modern privacy perils, but it is a vital ingredient in any viable solution.

Alongside regulation, every software engineering team should have privacy tools immediately available. When civil engineers are building a bridge, they cannot make it safe for a subset of the population; it must work for all who cross it. The same must hold for our data infrastructure, lest we exacerbate disparities within and beyond the digital realm.

#android, #apple, #california, #column, #developer-tools, #digital-rights, #facebook, #human-rights, #ios-devices, #opinion, #policy, #privacy, #software-development, #tc, #united-states

After raising $10M, Breeze breathes fresh air into a stagnant disability insurance market

Working in the world of disability insurance for a decade, Colin Nabity felt not everyone could access this type of insurance due to its nature of it being difficult to understand and underwrite.

Disability and critical illness insurance is typically income protection should someone be too sick or hurt to work. An average of 5.6% of working Americans each year will experience a short-term disability during a period of six months or less due to illness, injury or pregnancy. At the same time, 1 in 4 Americans currently live with a disability that impacts their major life activities.

Similar to other insurance products, disability insurance was sold the same way for more than 20 years: using outdated technology, data science and underwriting that didn’t provide consumers an appropriate policy based on their occupation and health. In addition, there was not a digital platform to sell this type of insurance directly to consumers, Nabity said.

Enter Omaha, Nebraska-based Breeze, the company Nabity started in 2019 with Cody Leach to enable individuals to go online and complete in 10 minutes the application process to receive a personalized quote for either disability insurance or critical illness insurance.

There are large incumbents in the space — for example Aflac, but Nabity said Breeze’s platform offers a digital approach to disability and critical illness applications, quotes and policy-making that offers consumers protection during events like cancer, heart attacks, strokes and other medical conditions that can lead to a loss of income if someone is unable to work.

The U.S. market for disability insurance was valued at $19.1 billion as of this year and was declining slightly since 2016, IBIS World reported. Breeze is reimagining these products to make them more affordable — a policy for several thousand dollars costs, on average, around $20 a month — and to provide consumer education so that purchasing this type of insurance is less intimidating, he added.

“We want a way for people to understand this type of insurance, make it more affordable and be bought completely online,” Nabity told TechCrunch. “These illnesses and injuries wreck families because they can be so financially devastating.”

Breeze raised $10 million in Series A funding in a round led by Link Ventures that Nabity boasts is the “largest first round of institutional capital ever invested in a Nebraska-based software startup.” Northwestern Mutual Ventures, Silicon Valley Bank, M25, Fiat Ventures and Invest Nebraska also participated in the financing.

Lisa Dolan, managing director at Link Ventures, said she found the company while examining web traffic data, where Breeze was listed among industry incumbents among consumers searching for disability.

Dolan admits that even she was not familiar, at the time, with disability insurance and has since learned that the market is larger than originally thought. She believes that by using technology to route the appropriate customer to the approach insurance, Breeze is able to reach customers that incumbent insurance carriers can’t get to.

Nabity did not disclose any growth metrics, but said he intends to use the new funding — the company’s first round of institutional capital — to grow its core products and add new products, carriers and agents to the platform. He will also increase Breeze’s headcount in the areas of software development, customer service and marketing.

“We are in the process of opening up our platform to agents that have not sold these products before, and we will need product and support teams to handle that increased volume,” he added.

 

#breeze, #colin-nability, #disability-insurance, #funding, #health, #health-insurance, #link-ventures, #lisa-dolan, #northwestern-mutual-ventures, #recent-funding, #software-development, #startups, #tc

True ‘shift left and extend right’ security requires empowered developers

DevOps is fundamentally about collaboration and agility. Unfortunately, when we add security and compliance to the picture, the message gets distorted.

The term “DevSecOps” has come into fashion the past few years with the intention of seamlessly integrating security and compliance into the DevOps framework. However, the reality is far from the ideal: Security tools have been bolted onto the existing DevOps process along with new layers of automation, and everyone’s calling it “DevSecOps.” This is a misguided approach that fails to embrace the principles of collaboration and agility.

Integrating security into DevOps to deliver DevSecOps demands changed mindsets, processes and technologies. Security and risk management leaders must adhere to the collaborative, agile nature of DevOps for security testing to be seamless in development, making the “Sec” in DevSecOps transparent. — Neil MacDonald, Gartner

In an ideal world, all developers would be trained and experienced in secure coding practices from front end to back end and be skilled in preventing everything from SQL injection to authorization framework exploits. Developers would also have all the information they need to make security-related decisions early in the design phase.

If a developer is working on a type of security control they haven’t worked on before, an organization should provide the appropriate training before there is a security issue.

Once again, the reality falls short of the ideal. While CI/CD automation has given developers ownership over the deployment of their code, those developers are still hampered by a lack of visibility into relevant information that would help them make better decisions before even sitting down to write code.

The entire concept of discovering and remediating vulnerabilities earlier in the development process is already, in some ways, out of date. A better approach is to provide developers with the information and training they need to prevent potential risks from becoming vulnerabilities in the first place.

Consider a developer that is assigned to add PII fields to an internet-facing API. The authorization controls in the cloud API gateway are critical to the security of the new feature. “Shifting left and extending right” doesn’t mean that a scanning tool or security architect should detect a security risk earlier in the process — it means that a developer should have all the context to prevent the vulnerability before it even happens. Continuous feedback is key to up-leveling the security knowledge of developers by orders of magnitude.

#agile-software-development, #api, #column, #computer-security, #computing, #cybersecurity, #developer, #devops, #ec-column, #ec-cybersecurity, #security, #security-testing, #software-development, #software-testing, #sql, #startups, #u-s-securities-and-exchange-commission, #vulnerability

Blameless raises $30M to guide companies through their software lifecycle

Site reliability engineering platform Blameless announced Tuesday it raised $30 million in a Series B funding round, led by Third Point Ventures with participation from Accel, Decibel and Lightspeed Venture Partners, to bring total funding to over $50 million.

Site reliability engineering (SRE) is an extension of DevOps designed for more complex environments.

Blameless, based in San Mateo, California, emerged from stealth in 2019 after raising both a seed and Series A round, totaling $20 million. Since then, it has turned its business into a blossoming software platform.

Blameless’ platform provides the context, guardrails and automated workflows so engineering teams are unified in the way they communicate and interact, especially to resolve issues quicker as they build their software systems.

It originally worked with tech-forward teams at large companies, like Home Depot, that were “dipping [their toes] into the space and now [want] to double down,” co-founder and CEO Lyon Wong told TechCrunch.

The company still works with those tech-forward teams, but in the past two years, more companies sought out resident SRE architect Kurt Anderson to advise them, causing Blameless to change up its business approach, Wong said.

Other companies are also seeing a trend of customers asking for support — for example, in March, Google Cloud unveiled its Mission Critical Services support option for SRE to serve in a similar role as a consultant as companies move toward readiness with their systems. And in February, Nobl9 raised a $21 million Series B to provide enterprises with the tools they need to build service-level-objective-centric operations, which is part of a company’s SRE efforts.

Blameless now has interest from more mainstream companies in the areas of enterprise, logistics and healthcare. These companies aren’t necessarily focused on technology, but see a need for SRE.

“Companies recognize the shortfall in reliability, and then the question they come to us with is how do they get from where they are to where they want to be,” Anderson said. “Often companies that don’t have a process respond with ‘all hands on deck’ all the time, but instead need to shift to the right people responding.”

Lyon plans to use the new funding to fill key leadership roles, the company’s go-to-market strategy and product development to enable the company to go after larger enterprises.

Blameless doubled its revenue in the last year and will expand to service all customer segments, adding small and emerging businesses to its roster of midmarket and large companies. The company also expects to double headcount in the next three quarters.

As part of the funding announcement, Third Point Ventures partner Dan Moskowitz will join Blameless’ board of directors with Wong, Accel partner Vas Natarajan and Lightspeed partner Ravi Mhatre.

“Freeing up engineering to focus on shipping code is exactly what Blameless achieves,” said Moskowitz in a written statement. “The Blameless market opportunity is big as we see teams struggle and resort to creating homegrown playbooks and point solutions that are incomplete and costly.”

 

#accel, #blameless, #dan-moskowitz, #developer, #devops, #enterprise, #funding, #google, #kurt-anderson, #lightspeed-venture-partners, #lyon-wong, #ravi-mhatre, #recent-funding, #san-mateo, #site-reliability-engineering, #software-development, #software-engineering, #startups, #third-point-ventures, #vas-natarajan, #venture-capital

Build a digital ops toolbox to streamline business processes with hyperautomation

Reliance on a single technology as a lifeline is a futile battle now. When simple automation no longer does the trick, delivering end-to-end automation needs a combination of complementary technologies that can give a facelift to business processes: the digital operations toolbox.

According to a McKinsey survey, enterprises that have likely been successful with digital transformation efforts adopted sophisticated technologies such as artificial intelligence, Internet of Things or machine learning. Enterprises can achieve hyperautomation with the digital ops toolbox, the hub for your digital operations.

The hyperautomation market is burgeoning: Analysts predict that by 2025, it will reach around $860 billion.

The toolbox is a synchronous medley of intelligent business process management (iBPM), robotic process automation (RPA), process mining, low code, artificial intelligence (AI), machine learning (ML) and a rules engine. The technologies can be optimally combined to achieve the organization’s key performance indicator (KPI) through hyperautomation.

The hyperautomation market is burgeoning: Analysts predict that by 2025, it will reach around $860 billion. Let’s see why.

The purpose of a digital ops toolbox

The toolbox, the treasure chest of technologies it is, helps with three crucial aspects: process automation, orchestration and intelligence.

Process automation: A hyperautomation mindset introduces the world of “automating anything that can be,” whether that’s a process or a task. If something can be handled by bots or other technologies, it should be.

Orchestration: Hyperautomation, per se, adds an orchestration layer to simple automation. Technologies like intelligent business process management orchestrate the entire process.

Intelligence: Machines can automate repetitive tasks, but they lack the decision-making capabilities of humans. And, to achieve a perfect harmony where machines are made to “think and act,” or attain cognitive skills, we need AI. Combining AI, ML and natural language processing algorithms with analytics propels simple automation to become more cognitive. Instead of just following if-then rules, the technologies help gather insights from the data. The decision-making capabilities enable bots to make decisions.

 

Simple automation versus hyperautomation

Here’s a story of evolving from simple automation to hyperautomation with an example: an order-to-cash process.

#artificial-intelligence, #business-process-management, #business-software, #column, #data-mining, #ec-cloud-and-enterprise-infrastructure, #ec-column, #ec-enterprise-applications, #enterprise, #machine-learning, #minimum-viable-product, #process-mining, #robotic-process-automation, #software-development, #tc

A startup’s guide to software delivery

One of the biggest factors in the success of a startup is its ability to quickly and confidently deliver software. As more consumers interact with businesses through a digital interface and more products embrace those interfaces as the opportunity to differentiate, speed and agility are paramount. It’s what makes or breaks a company.

As your startup grows, it’s important that your software delivery strategy evolves with you. Your software processes and tool choices will naturally change as you scale, but optimizing too early or letting them grow without a clear vision of where you’re going can cost you precious time and agility. I’ve seen how the right choices can pay huge dividends — and how the wrong choices can lead to time-consuming problems that could have been avoided.

The key to success is consistency. Create a standard, then apply it to all delivery pipelines.

As we know from Conway’s law, your software architecture and your organizational structure are deeply linked. It turns out that how you deliver is greatly impacted by both organizational structure and architecture. This is true at every stage of a startup but even more important in relation to how startups go through rapid growth. Software delivery on a team of two people is vastly different from software delivery on a team of 200.

Decisions you make at key growth inflection points can set you up for either turbocharged growth or mounting roadblocks.

Founding stage: Keep it simple

The founding phase is the exciting exploratory phase. You have an idea and a few engineers.

The key during this phase is to keep the architecture and tooling as simple and flexible as possible. Building a company is all about execution, so get the tools you need to execute consistently and put the rest on hold.

One place you can invest without overdoing it is in continuous integration and continuous deployment (CI/CD). CI/CD enables developer teams to get feedback fast, learn from it, and deliver code changes quickly and reliably. While you’re trying to find product-market fit, learning fast is the name of the game. When systems start to become more complex, you’ll have the practices and tooling in place to handle them easily. By not having the ability to learn and adapt quickly, you give your competitors a massive edge.

One other place where early, simple investments really pay off is in operability. You want the simplest possible codebase: probably a monolith and a basic deploy. But if you don’t have some basic tools for observability, each user issue is going to take orders of magnitude longer than necessary to track down. That’s time you could be using to advance your feature set.

Your implementation here may be some placeholders with simple approaches. But those placeholders will force you to design effectively so that you can enhance later without massive rewrites.

Very early stage: Maintain efficiency and productivity

At 10 to 20 engineers, you likely don’t have a person dedicated to developer efficiency or tooling. Company priorities are still shifting, and although it may feel cumbersome for your team to be working as a single team, keep at it. Look for more fluid ways of creating independent workstreams without concrete team definitions or deep specialization. Your team will benefit from having everyone responsible for creating tools, processes and code rather than relying on a single person. In the long run, it will help foster efficiency and productivity.

#agile-software-development, #column, #continuous-integration, #ec-column, #ec-how-to, #software-development, #startup-company, #startups, #tc

The rise of cybersecurity debt

Ransomware attacks on the JBS beef plant, and the Colonial Pipeline before it, have sparked a now familiar set of reactions. There are promises of retaliation against the groups responsible, the prospect of company executives being brought in front of Congress in the coming months, and even a proposed executive order on cybersecurity that could take months to fully implement.

But once again, amid this flurry of activity, we must ask or answer a fundamental question about the state of our cybersecurity defense: Why does this keep happening?

I have a theory on why. In software development, there is a concept called “technical debt.” It describes the costs companies pay when they choose to build software the easy (or fast) way instead of the right way, cobbling together temporary solutions to satisfy a short-term need. Over time, as teams struggle to maintain a patchwork of poorly architectured applications, tech debt accrues in the form of lost productivity or poor customer experience.

Complexity is the enemy of security. Some companies are forced to put together as many as 50 different security solutions from up to 10 different vendors to protect their sprawling technology estates.

Our nation’s cybersecurity defenses are laboring under the burden of a similar debt. Only the scale is far greater, the stakes are higher and the interest is compounding. The true cost of this “cybersecurity debt” is difficult to quantify. Though we still do not know the exact cause of either attack, we do know beef prices will be significantly impacted and gas prices jumped 8 cents on news of the Colonial Pipeline attack, costing consumers and businesses billions. The damage done to public trust is incalculable.

How did we get here? The public and private sectors are spending more than $4 trillion a year in the digital arms race that is our modern economy. The goal of these investments is speed and innovation. But in pursuit of these ambitions, organizations of all sizes have assembled complex, uncoordinated systems — running thousands of applications across multiple private and public clouds, drawing on data from hundreds of locations and devices.

Complexity is the enemy of security. Some companies are forced to put together as many as 50 different security solutions from up to 10 different vendors to protect their sprawling technology estates — acting as a systems integrator of sorts. Every node in these fantastically complicated networks is like a door or window that might be inadvertently left open. Each represents a potential point of failure and an exponential increase in cybersecurity debt.

We have an unprecedented opportunity and responsibility to update the architectural foundations of our digital infrastructure and pay off our cybersecurity debt. To accomplish this, two critical steps must be taken.

First, we must embrace open standards across all critical digital infrastructure, especially the infrastructure used by private contractors to service the government. Until recently, it was thought that the only way to standardize security protocols across a complex digital estate was to rebuild it from the ground up in the cloud. But this is akin to replacing the foundations of a home while still living in it. You simply cannot lift-and-shift massive, mission-critical workloads from private data centers to the cloud.

There is another way: Open, hybrid cloud architectures can connect and standardize security across any kind of infrastructure, from private data centers to public clouds, to the edges of the network. This unifies the security workflow and increases the visibility of threats across the entire network (including the third- and fourth-party networks where data flows) and orchestrates the response. It essentially eliminates weak links without having to move data or applications — a design point that should be embraced across the public and private sectors.

The second step is to close the remaining loopholes in the data security supply chain. President Biden’s executive order requires federal agencies to encrypt data that is being stored or transmitted. We have an opportunity to take that a step further and also address data that is in use. As more organizations outsource the storage and processing of their data to cloud providers, expecting real-time data analytics in return, this represents an area of vulnerability.

Many believe this vulnerability is simply the price we pay for outsourcing digital infrastructure to another company. But this is not true. Cloud providers can, and do, protect their customers’ data with the same ferocity as they protect their own. They do not need access to the data they store on their servers. Ever.

To ensure this requires confidential computing, which encrypts data at rest, in transit and in process. Confidential computing makes it technically impossible for anyone without the encryption key to access the data, not even your cloud provider. At IBM, for example, our customers run workloads in the IBM Cloud with full privacy and control. They are the only ones that hold the key. We could not access their data even if compelled by a court order or ransom request. It is simply not an option.

Paying down the principal on any kind of debt can be daunting, as anyone with a mortgage or student loan can attest. But this is not a low-interest loan. As the JBS and Colonial Pipeline attacks clearly demonstrate, the cost of not addressing our cybersecurity debt spans far beyond monetary damages. Our food and fuel supplies are at risk, and entire economies can be disrupted.

I believe that with the right measures — strong public and private collaboration — we have an opportunity to construct a future that brings forward the combined power of security and technological advancement built on trust.

#cloud-computing, #cloud-infrastructure, #cloud-management, #colonial-pipeline, #column, #cybersecurity, #cyberwarfare, #data-security, #developer, #encryption, #opinion, #security, #software-development, #tc

This one email explains Apple

An email has been going around the internet as a part of a release of documents related to Apple’s App Store based suit brought by Epic Games. I love this email for a lot of reasons, not the least of which is that you can extrapolate from it the very reasons Apple has remained such a vital force in the industry for the past decade. 

The gist of it is that SVP of Software Engineering, Bertrand Serlet, sent an email in October of 2007, just three months after the iPhone was launched. In the email, Serlet outlines essentially every core feature of Apple’s App Store — a business that brought in an estimated $64B in 2020. And that, more importantly, allowed the launch of countless titanic internet startups and businesses built on and taking advantage of native apps on iPhone.

Forty five minutes after the email, Steve Jobs replies to Serlet and iPhone lead Scott Forstall, from his iPhone, “Sure, as long as we can roll it all out at Macworld on Jan 15, 2008.”

Apple University should have a course dedicated to this email. 

Here it is, shared by an account I enjoy, Internal Tech Emails, on Twitter. If you run the account let me know, happy to credit you further here if you wish:

First, we have Serlet’s outline. It’s seven sentences that outline the key tenets of the App Store. User protection, network protection, an owned developer platform and a sustainable API approach. There is a direct ask for resources — whoever we need in software engineering — to get it shipped ASAP. 

It also has a clear ask at the bottom, ‘do you agree with these goals?’

Enough detail is included in the parentheticals to allow an informed reader to infer scope and work hours. And at no point during this email does Serlet include an ounce of justification for these choices. These are the obvious and necessary framework, in his mind, for accomplishing the rollout of an SDK for iPhone developers. 

There is no extensive rationale provided for each item, something that is often unnecessary in an informed context and can often act as psychic baggage that telegraphs one of two things:

  1. You don’t believe the leader you’re outlining the project to knows what the hell they’re talking about.
  2. You don’t believe it and you’re still trying to convince yourself. 

Neither one of those is the wisest way to provide an initial scope of work. There is plenty of time down the line to flesh out rationale to those who have less command of the larger context. 

If you’re a historian of iPhone software development, you’ll know that developer Nullriver had released Installer, a third-party installer that allowed apps to be natively loaded onto iPhone, in the summer of 2007. Early September, I believe. It was followed in 2008 by the eventually far more popular Cydia. And there were developers that August and September already experimenting with this completely unofficial way of getting apps on the store, like the venerable Twitterific by Craig Hockenberry and Lights Off by Lucas Newman and Adam Betts.

Though there has been plenty of established documentation of Steve being reluctant about allowing third-party apps on iPhone, this email establishes an official timeline for when the decision was not only made but essentially fully formed. And it’s much earlier than the apocryphal discussion about when the call was made. This is just weeks after the first hacky third-party attempts had made their way to iPhone and just under two months since the first iPhone jailbreak toolchain appeared. 

There is no need or desire shown here for Steve to ‘make sure’ that his touch is felt on this framework. All too often I see leaders that are obsessed with making sure that they give feedback and input at every turn. Why did you hire those people in the first place? Was it for their skill and acumen? Their attention to detail? Their obsessive desire to get things right?

Then let them do their job. 

Serlet’s email is well written and has the exact right scope, yes. But the response is just as important. A demand of what is likely too short a timeline (the App Store was eventually announced in March of 2008 and shipped in July of that year) sets the bar high — matching the urgency of the request for all teams to work together on this project. This is not a side alley, it’s the foundation of a main thoroughfare. It must get built before anything goes on top. 

This efficacy is at the core of what makes Apple good when it is good. It’s not always good, but nothing ever is 100% of the time and the hit record is incredibly strong across a decade’s worth of shipped software and hardware. Crisp, lean communication that does not coddle or equivocate, coupled with a leader that is confident in their own ability and the ability of those that they hired means that there is no need to bog down the process in order to establish a record of involvement. 

One cannot exist without the other. A clear, well argued RFP or project outline that is sent up to insecure or ineffective management just becomes fodder for territorial games or endless rounds of requests for clarification. And no matter how effective leadership is and how talented their employees, if they do not establish an environment in which clarity of thought is welcomed and rewarded then they will never get the kind of bold, declarative product development that they wish. 

All in all, this exchange is a wildly important bit of ephemera that underpins the entire app ecosystem era and an explosive growth phase for Internet technology. And it’s also an encapsulation of the kind of environment that has made Apple an effective and brutally efficient company for so many years. 

Can it be learned from and emulated? Probably, but only if all involved are willing to create the environment necessary to foster the necessary elements above. Nine times out of ten you get moribund management, an environment that discourages blunt position taking and a muddy route to the exit. The tenth time, though, you get magic.

And, hey, maybe we can take this opportunity to make that next meeting an email?

#api, #app-store, #apple, #apple-inc, #apple-university, #bertrand-serlet, #crisp, #epic-games, #ios, #iphone, #mobile-app, #mobile-phones, #science-and-technology, #scott-forstall, #software-development, #software-engineering, #steve-jobs, #svp, #tc, #technology

Microsoft uses GPT-3 to let you code in natural language

Unlike in other years, this year’s Microsoft Build developer conference is not packed with huge surprises — but there’s one announcement that will surely make developers’ ears perk up: The company is now using OpenAI’s massive GPT-3 natural language model in its no-code/low-code Power Apps service to translate spoken text into code in its recently announced Power Fx language.

Now don’t get carried away. You’re not going to develop the next TikTok while only using natural language. Instead, what Microsoft is doing here is taking some of the low-code aspects of a tool like Power Apps and using AI to essentially turn those into no-code experiences, too. For now, the focus here is on Power Apps formulas, which despite the low-code nature of the service, is something you’ll have to write sooner or later if you want to build an app of any sophistication.

“Using an advanced AI model like this can help our low-code tools become even more widely available to an even bigger audience by truly becoming what we call no code,” said Charles Lamanna, corporate vice president for Microsoft’s low-code application platform.

In practice, this looks like the citizen programmer writing “find products where the name starts with ‘kids’ ” — and Power Apps then rendering that as “Filter(‘BC Orders’ Left(‘Product Name’,4)=”Kids”)”.

Because Microsoft is an investor in OpenAI, it’s no surprise the company chose its model to power this experience.

Image Credits: Microsoft

It’s important to note that while this makes programming easier, Microsoft itself stresses that users still have to understand the logic of the application they are building. “The features don’t replace the need for a person to understand the code they are implementing but are designed to assist people who are learning the Power Fx programming language and help them choose the right formulas to get the result they need. That can dramatically expand access to more advanced app building and more rapidly train people to use low code tools,” the company explains in today’s announcement.

To some degree, this isn’t all that different from using the natural language query functions that are now available in tools like Excel, PowerBI or Google Sheets. These, too, translate natural language into a formula, after all. GPT-3 is probably a bit more sophisticated than this and capable of understanding more complex queries, but translating natural language into formulas isn’t all that new.

The long-term promise here, though, is for tools like this to become smarter over time and be able to handle more complicated programming tasks. But that’s a big step up from what is essentially a translation problem, though. More complex queries require more of an understanding of a program as a whole. A formula, for the most part, is a pretty self-contained statement but a similar model that could generate “real” code would have to contend with a lot more context.

These new features will go live in public preview in English to users in North America by the end of June.

read

#artificial-intelligence, #developer, #elon-musk, #google, #microsoft, #microsoft-build-2021, #microsoft-excel, #microsoft-power-platform, #north-america, #openai, #programmer, #programming-languages, #software-development, #software-engineering

The truth about SDK integrations and their impact on developers

The digital media industry often talks about how much influence, dominance and power entities like Google and Facebook have. Generally, the focus is on the vast troves of data and audience reach these companies tout. However, there’s more beneath the surface that strengthens the grip these companies have on both app developers and publishers alike.

In reality, software development kit (SDK) integrations are a critical component of why these monolith companies have such a prominent presence. For reference, an SDK is a set of software development tools, libraries, code samples, processes and guides that help developers create or enhance the apps they’re building.

Through a digital marketing lens, SDKs provide in-app analytics, insights on campaign testing, attribution information, location details, monetization capabilities and more.

Through a digital marketing lens, SDKs provide in-app analytics, insights on campaign testing, attribution information, location details, monetization capabilities and more. In the case of companies like Google and Facebook, their ability to provide these insights dovetails with their data and reach.

While that does deliver useful capabilities to developers and publishers alike, it also perpetuates the factors contributing to their perceived monopolistic status — and the detriments a lack of competition fosters.

Almost all (90%) ad-monetized Android apps have Google’s Admob SDK integrated, data from Statista showed. Additionally, the Facebook Audience Network SDK is present in 19% of all global Android apps utilizing mobile ads. It’s worth noting that the large majority of alternative “leading” advertising SDKs outside these two players are used less than 13% of the time in Android apps.

As the app ecosystem rapidly expands beyond the borders of mobile, app developers and publishers would benefit immensely from identifying economical and secure ways of adopting more SDKs.

The state of SDK adoption

While there are many SDKs available in the market today, a few key factors contribute to Google and Facebook’s overall dominance. The most basic is around the respective organizations’ reach and industry notoriety. However, a larger component here is the lack of resources and time app developers have.

#ad-networks, #android, #apps, #column, #developer, #ec-column, #ec-consumer-applications, #ec-marketing-tech, #facebook, #mobile, #sdk, #software-development, #startups

Swarmia raises $8M Seed to help software development teams deal with data

Swarmia, a B2B SaaS company for software development teams dealing with data, has raised a €5.7 M Seed round and a previously unannounced 1M€ pre-seed round, taking its raise to €6.7M ($8M). The Seed round was led by Alven Capital and joined by Jigsaw VC, Irena Goldenberg, Alex Algard, Lars Fjeldsoe-Nielsen, Jonathan Benhamou and Romain Huet. Lifeline Ventures, the sole investor in a previously unannounced 1M€ pre-seed round, also participated. The cash wil be used to scale to the US.

Founder Otto Hilska is a serial entrepreneur who started Flowdock (team collaboration product, acquired by Rally Software) and was Smartly.io’s Chief Product Officer.

Hilska says many software development organizations could be much more successful if they had a “better visibility to their work and a systematic approach for continuous improvement”.

Swarmia integrates with development tools such as GitHub, Jira, Linear and various CI tools to “create a holistic view to the engineering teams’ inner workings.”

Competitors include Pluralsight Flow (raised $192.5M) and CodeClimate Velocity ($15M).

However, Hilska says: “We’re the only product in the market that’s actually used by developers themselves. We don’t build features for stalking individual developers, but rather focus on how the team can improve. We’ve built the product together with our pilot customers (with shared Slack channels and daily iteration) to make sure that it actually scales with them. Every team is different, and our product adapts to these different ways of working by letting teams define their Working Agreements. That leads to much better data quality, since we actually understand how the teams work – while competitors are happy to plot any incorrect data. Our Slack bot also helps teams drive the behavioral change when teams choose to adopt a working agreement.”

Thomas Cuvelier, Partner at Alven commented: “Software is eating the world but software engineering, the largest cost center of the modern organization, is still a black box. Swarmia solves a considerable pain point by bringing visibility to engineering work and helping executives make the right business decisions based on data rather than anecdotal evidence. What Otto and his team have achieved so far is impressive and they’re well on their way to drive better working habits for the world’s 27m developers.”

#alven-capital, #computing, #europe, #github, #lars-fjeldsoe-nielsen, #lifeline-ventures, #operating-systems, #partner, #pluralsight, #rally-software, #romain-huet, #serial-entrepreneur, #slack, #software, #software-development, #software-engineering, #tc, #united-states

Cycode raises $20M to secure DevOps pipelines

Israeli security startup Cycode, which specializes in helping enterprises secure their DevOps pipelines and prevent code tampering, today announced that it has raised a $20 million Series A funding round led by Insight Partners. Seed investor YL Ventures also participated in this round, which brings the total funding in the company to $24.6 million.

Cycode’s focus was squarely on securing source code in its early days, but thanks to the advent of infrastructure as code (IaC), policies as code and similar processes, it has expanded its scope. In this context, it’s worth noting that Cycode’s tools are language and use case agnostic. To its tools, code is code.

“This ‘everything as code’ notion creates an opportunity because the code repositories, they become a single source of truth of what the operation should look like and how everything should function, Cycode CTO and co-founder Ronin Slavin told me. “So if we look at that and we understand it — the next phase is to verify this is indeed what’s happening, and then whenever something deviates from it, it’s probably something that you should look at and investigate.”

Cycode Dashboard

Cycode Dashboard. Image Credits: Cycode

The company’s service already provides the tools for managing code governance, leak detection, secret detection and access management. Recently it added its features for securing code that defines a business’ infrastructure; looking ahead, the team plans to add features like drift detection, integrity monitoring and alert prioritization.

“Cycode is here to protect the entire CI/CD pipeline — the development infrastructure — from end to end, from code to cloud,” Cycode CEO and co-founder Lior Levy told me.

“If we look at the landscape today, we can say that existing solutions in the market are kind of siloed, just like the DevOps stages used to be,” Levy explained. “They don’t really see the bigger picture, they don’t look at the pipeline from a holistic perspective. Essentially, this is causing them to generate thousands of alerts, which amplifies the problem even further, because not only don’t you get a holistic view, but also the noise level that comes from those thousands of alerts causes a lot of valuable time to get wasted on chasing down some irrelevant issues.”

What Cycode wants to do then is to break down these silos and integrate the relevant data from across a company’s CI/CD infrastructure, starting with the source code itself, which ideally allows the company to anticipate issues early on in the software life cycle. To do so, Cycode can pull in data from services like GitHub, GitLab, Bitbucket and Jenkins (among others) and scan it for security issues. Later this year, the company plans to integrate data from third-party security tools like Snyk and Checkmarx as well.

“The problem of protecting CI/CD tools like GitHub, Jenkins and AWS is a gap for virtually every enterprise,” said Jon Rosenbaum, principal at Insight Partners, who will join Cycode’s board of directors. “Cycode secures CI/CD pipelines in an elegant, developer-centric manner. This positions the company to be a leader within the new breed of application security companies — those that are rapidly expanding the market with solutions which secure every release without sacrificing velocity.”

The company plans to use the new funding to accelerate its R&D efforts, and expand its sales and marketing teams. Levy and Slavin expect that the company will grow to about 65 employees this year, spread between the development team in Israel and its sales and marketing operations in the U.S.

#access-management, #agile-software-development, #aws, #bitbucket, #checkmarx, #continuous-integration, #cycode, #devops, #enterprise, #funding, #fundings-exits, #github, #gitlab, #insight-partners, #israel, #jenkins, #recent-funding, #security, #security-tools, #software-development, #software-engineering, #startups, #tc, #united-states, #version-control, #yl-ventures

Avatar startup Genies scores $65 million in funding round led by Mary Meeker’s Bond

Over the past several years, I’ve covered my fair share of upstart avatar companies that were all chasing the same dream — building out a customizable platform for a digital persona that gained wide adoption across games and digital spaces. Few of those startups I’ve covered in the past are still around. But by netting a string of successful partnerships with celebrity musicians, LA-based Genies has come closer than any startup before it to realizing the full vision of a wide-reaching avatar platform.

The company announced today that they’ve closed a $65 million Series B led by Mark Meeker’s firm Bond. NEA, Breyer Capital, Tull Investment Group, NetEase, Dapper Labs and Coinbase Ventures also participated in the deal. Mark Meeker will be joining the Genies board. The company didn’t disclose the Genies’ most recent valuation.

This funding comes at an inflection point for the eight-year-old company, evidenced by the investments from NBA Top Shot-maker Dapper Labs and crypto giant Coinbase. As announced last week, the company is rolling out an NFT platform on Dapper Labs’ Flow blockchain, partnering closely with the startup who will be building out the backend for a Genies avatar accessories storefront. Like Dapper Labs has leveraged its exclusive deals with sports leagues to ship NFTs with official backing, Genies is planning to capitalize on its partnerships with celebrities in its roster including Justin Bieber, Shawn Mendes, Cardi B and others to create a platform for buying and trading avatar accessories en masse.

In October, the company announced a brand partnerships with Gucci, opening up the startup to another big market opportunity.

Genies’ business has largely focused on leveraging high-profile partnerships to give its entertainer clients a digital presence that can spice up what they’re sharing on social media and beyond. As they’ve rolled out avatar creation to all users through beta mobile apps, Genies has been focusing on one of the more explicit dreams of the avatar companies before it; building out a broad network of avatar users and a broad network of compatible platforms through its SDK.

“An avatar is a vehicle to be able to showcase more of your authentic self,” Genies CEO Akash Nigam tells TechCrunch. “It’s not limited by real world constraints, it’s an alter-ego personality.”

Trends in the NFT world have provided new realms of exploration for Genies, but so have broader pandemic era trends that have pushed more users to wholly digital spaces where they socialize and connect. “The pandemic accelerated everything,” Nigam says.

Nigam emphasizes that despite the major opportunity its upcoming NFT platform will present, Genies is still an avatar company first-and-foremost, not an NFT startup, though he does say he is believes crypto-backed digital goods are going to be around for a long time. He has few doubts that the current environment around digital goods helped juice Genies’ funding round which he says was “6-8X oversubscribed” and was an opportunistic play for the startup, which “could have gone years without having to raise.”

The company says their crypto marketplace will launch in the coming months, as early as this summer.

#akash-nigam, #artificial-intelligence, #avatar, #breyer-capital, #ceo, #coinbase, #coinbase-ventures, #cryptocurrency, #dapper, #dapper-labs, #films, #gaming, #genies, #gucci, #justin-bieber, #national-basketball-association, #nba, #nea, #netease, #software-development

Opsera raises $15M for its continuous DevOps orchestration platform

Opsera, a startup that’s building an orchestration platform for DevOps teams, today announced that it has raised a $15 million Series A funding round led by Felicis Ventures. New investor HMG Ventures, as well as existing investors Clear Ventures, Trinity Partners and Firebolt Ventures also participated in this round, which brings the company’s total funding to $19.3 million.

Founded in January 2020, Opsera lets developers provision their CI/CD tools through a single framework. Using this framework, they can then build and manage their pipelines for a variety of use cases, including their software delivery lifecycle, infrastructure as code and their SaaS application releases. With this, Opsera essentially aims to help teams set up and operate their various DevOps tools.

The company’s two co-founders, Chandra Ranganathan and Kumar Chivukula, originally met while working at Symantec a few years ago. Ranganathan then spent the last three years at Uber, where he ran that company’s global infrastructure. Meanwhile, Chivukula ran Symantec’s hybrid cloud services.

Image Credits: Opsera

“As part of the transformation [at Symantec], we delivered over 50+ acquisitions over time. That had led to the use of many cloud platforms, many data centers,” Ranganathan explained. “Ultimately we had to consolidate them into a single enterprise cloud. That journey is what led us to the pain points of what led to Opsera. There were many engineering teams. They all had diverse tools and stacks that were all needed for their own use cases.”

The challenge then was to still give developers the flexibility to choose the right tools for their use cases, while also providing a mechanism for automation, visibility and governance — and that’s ultimately the problem Opsera now aims to solve.

Image Credits: Opsera

“In the DevOps landscape, […] there is a plethora of tools, and a lot of people are writing the glue code,” Opsera co-founder Chivukula noted. “But then they’re not they don’t have visibility. At Opsera, our mission and goal is to bring order to the chaos. And the way we want to do this is by giving choice and flexibility to the users and provide no-code automation using a unified framework.”

Wesley Chan, a managing director for Felicis Ventures who will join the Opsera board, also noted that he believes that one of the next big areas for growth in DevOps is how orchestration and release management is handled.

“We spoke to a lot of startups who are all using black-box tools because they’ve built their engineering organization and their DevOps from scratch,” Chan said. “That’s fine, if you’re starting from scratch and you just hired a bunch of people outside of Google and they’re all very sophisticated. But then when you talk to some of the larger companies. […] You just have all these different teams and tools — and it gets unwieldy and complex.”

Unlike some other tools, Chan argues, Opsera allows its users the flexibility to interface with this wide variety of existing internal systems and tools for managing the software lifecycle and releases.

“This is why we got so interested in investing, because we just heard from all the folks that this is the right tool. There’s no way we’re throwing out a bunch of our internal stuff. This would just wreak havoc on our engineering team,” Chan explained. He believes that building with this wide existing ecosystem in mind — and integrating with it without forcing users onto a completely new platform — and its ability to reduce friction for these teams, is what will ultimately make Opsera successful.

Opsera plans to use the new funding to grow its engineering team and accelerate its go-to-market efforts.

#agile-software-development, #clear-ventures, #developer, #devops, #enterprise, #felicis-ventures, #google, #infrastructure-as-code, #opsera, #recent-funding, #release-management, #software-development, #startups, #symantec, #tc, #uber, #wesley-chan

Time-strapped IT teams can use low-code software to drive quick growth

Many emerging and mature organizations survive or die based on their ability to scale. Scale quicker. Scale cheaper. Scale right.

Typically the IT team bears that burden — on top of countless other demands. IT teams move mountains for their organizations while scaling the tech platform as fast as possible, putting out the latest infrastructure fire and responding to countless day-to-day requests.

The most helpful gift any chief information officer or chief technology officer can give their IT teams is more time. Many people think that means adding another team member. Maybe it does in some cases (if you can find a developer in this tough job market), but giving my team Boomi’s low-code integration platform was one of the best strategic moves for HealthBridge.

The best time to use low-code is when you need to add something to your organization that isn’t unique or doesn’t drive significant business value.

As the least skilled coder on the team, low-code let me develop and deliver four customer-centric self-service portals a year ahead of schedule while my team focused on building and scaling our revenue-driving, custom platform by hand-writing code.

Low-code is quickly becoming commonplace and a popular topic among IT decision-makers. Over the last few years, the market has exploded. Gartner expects it to total $13.8 billion in 2021. That means low-code technology, which we’ve been hearing about for years, is ready for widespread adoption. Today, low-code enables you to streamline (and scale) everything from integration to artificial intelligence.

It’s a secret only some organizations are clued in on, but it’s a great way to scale fast, save on resources and give your team more time. Here’s how.

When to use low-code and when to write code

The best time to use low-code is when you need to add something to your organization that isn’t unique or doesn’t drive significant business value.

For instance, a customer portal is not unique; don’t waste time hand-coding it.

While it’s certainly an extremely helpful feature for our customers, it’s unlikely to drive significant shareholder or investor value. However, it’s key for scaling. Using low-code for a must-have but undifferentiated feature will allow your team to work on more important projects while scaling.

When we started working on the timeline for a customer portal project at HealthBridge, we estimated it would take several sprints per portal to develop, but more pressing development work kept pushing it down the list in our backlog. Waiting a year for a basic feature didn’t seem reasonable to me, so we looked for a workaround.

#boomi, #chief-information-officer, #cloud-computing, #column, #developer, #ec-cloud-and-enterprise-infrastructure, #ec-column, #information-technology, #low-code, #software-development, #startups

Backdoored developer tool that stole credentials escaped notice for 3 months

Backdoored developer tool that stole credentials escaped notice for 3 months

Enlarge (credit: Getty Images)

A publicly available software development tool contained malicious code that stole the authentication credentials that apps need to access sensitive resources, in the latest revelation of a supply chain attack that has the potential to backdoor the networks of countless organizations.

The Codecov Bash Uploader contained the backdoor from late January to the beginning of April, developers of the tool said on Thursday. The backdoor caused developer computers to send secret authentication tokens and other sensitive data to a remote site controlled by the hackers. The uploader works with development platforms including Github Actions, CircleCI, and Bitrise Step, all of which support having such secret authentication tokens in the development environment.

A pile of AWS and other cloud credentials

The Codecov bash uploader performs what is known as code coverage for large-scale software development projects. It allows developers to send coverage reports that, among other things, determine how much of a codebase has been tested by internal test scripts. Some development projects integrate Codecov and similar third-party services into their platforms, where there is free access to sensitive credentials that can be used to steal or modify source code.

Read 19 remaining paragraphs | Comments

#bash-updater, #biz-it, #codecov, #software-development, #supply-chain-attack, #tech

Popular software development tool Docker gets Apple M1 support

Docker running on a Mac.

Enlarge / Docker running on a Mac. (credit: Docker)

Docker, a popular multi-platform application used by software developers, has released a version that runs natively on Apple Silicon hardware, including Macs released with Apple’s custom-designed M1 chip.

The M1 chip uses the ARM instruction set and cannot natively run software that was designed to run on the x86 architecture that the Intel processors in previously released Macs used. Though the previous version of Docker did work via Apple’s Rosetta solution, the introduction of an M1-native version of Docker contributes to a closing gap for developers concerned about running their entire suite of tools in an optimal way.

It follows the release of M1 versions of Homebrew, Visual Studio Code, and other developer tools and applications. But some gaps remain—for example, Microsoft’s Visual Studio 2019 IDE (which is distinct from the comparatively lightweight Visual Studio Code) has not been updated.

Read 6 remaining paragraphs | Comments

#apple, #apple-m1, #apple-silicon, #arm, #containers, #docker, #m1, #software-development, #tech

A ‘more honest’ stock market

Hello friends, and welcome back to Week in Review!

Last week, I talked about Clubhouse’s slowing user growth. Well, this week news broke that they had been in talks with Twitter for a $4 billion acquisition, so it looks like they’re still pretty desirable. This week, I’m talking about a story I published a couple days ago that highlights pretty much everything that’s wild about the alternative asset world right now.

If you’re reading this on the TechCrunch site, you can get this in your inbox from the newsletter page, and follow my tweets @lucasmtny.


The big thing

If you successfully avoided all mentions of NFTs until now, I congratulate you, because it certainly does seem like the broader NFT market is seeing some major pullback after a very frothy February and March. You’ll still be seeing plenty of late-to-the-game C-list celebrities debuting NFT art in the coming weeks, but a more sober pullback in prices will probably give some of the NFT platforms that are serious about longevity a better chance to focus on the future and find out how they truly matter.

I spent the last couple weeks, chatting with a bunch of people in one particular community — one of the oldest active NFT communities on the web called CryptoPunks. It’s a platform with 10,000 unique 24×24 pixel portraits and they trade at truly wild prices.

This picture sold for a $1.05 million.

I talked to a dozen or so people (including the guy who sold that one ^^) that had spent between tens of thousands and millions of dollars on these pixelated portraits, my goal being to tap into the psyche of what the hell is happening here. The takeaway is that these folks don’t see these assets as any more non-sensical than what’s going on in more traditional “old world” markets like public stock exchanges.

A telling quote from my reporting:

“Obviously this is a very speculative market… but it’s almost more honest than the stock market,” user Max Orgeldinger tells TechCrunch. “Kudos to Elon Musk — and I’m a big Tesla fan — but there are no fundamentals that support that stock price. It’s the same when you look at GameStop. With the whole NFT community, it’s almost more honest because nobody’s getting tricked into thinking there’s some very complicated math that no one can figure out. This is just people making up prices and if you want to pay it, that’s the price and if you don’t want to pay it, that’s not the price.”

Shortly after I published my piece, Christie’s announced that they were auctioning off nine of the CryptoPunks in an auction likely to fetch at least $10 million at current prices. The market surged in the aftermath and many millions worth of volume quickly moved through the marketplace minting more NFT millionaires.

Is this all just absolutely nuts? Sure.

Is it also a poignant picture of where alternative asset investing is at in 2021? You bet.

Read the full thing.


an illustration of a cardboard ballot box with an Amazon smile on the front

Other things

Here are the TechCrunch news stories that especially caught my eye this week:

Amazon workers vote down union organization attempt
Amazon is breathing a sigh of relief after workers at their Bessemer, Alabama warehouse opted out of joining a union, lending a crushing defeat to labor activists who hoped that the high-profile moment would lead more Amazon workers to organize. The vote has been challenged, but the margin of victory seems fairly decisive.

Supreme court sides with Google in Oracle case
If any singular event impacted the web the most this week, it was the Supreme Court siding with Google in a very controversial lawsuit by Oracle that could’ve fundamentally shifted the future of software development.

Coinbase is making waves
The Coinbase direct listing is just around the corner and they’re showing off some of their financials. Turns out crypto has been kind of hot lately and they’re raking in the dough, with revenue of $1.8 billion this past quarter.

Apple share more about the future of user tracking
Apple is about to upend the ad-tracking market and they published some more details on what exactly their App Tracking Transparency feature is going to look like. Hint: more user control.

Consumers are spending lots of time in apps
A new report from mobile analytics firm App Annie suggests that we’re dumping more of our time into smartphone apps, with the average users spending 4.2 hours a day doing so, a 30 percent increase over two years.

Sonos perfects the bluetooth speaker
I’m a bit of an audio lover, which made my colleague Darrell’s review of the new Sonos Roam bluetooth speaker a must-read for me. He’s pretty psyched about it, even though it comes in at the higher-end of pricing for these devices, still I’m looking forward to hearing one with my own ears.


 

Image Credits: Nigel Sussman

Extra things

Some of my favorite reads from our Extra Crunch subscription service this week:
The StockX EC-1
“StockX is a unique company at the nexus of two radical transitions that isn’t just redefining markets, but our culture as well. E-commerce upended markets, diminishing the physical experience by intermediating and aggregating buyers and sellers through digital platforms. At the same time, the internet created rapid new communication channels, allowing euphoria and desire to ricochet across society in a matter of seconds. In a world of plenty, some things are rare, and the hype around that rarity has never been greater. Together, these two trends demanded a stock market of hype, an opportunity that StockX has aggressively pursued.”

Building the right team for a billion-dollar startup
“I would really encourage you to take some time to think about what kind of company you want to make first before you go out and start interviewing people. So that really is going to be about understanding and defining your culture. And then the second thing I’d be thinking about when you’re scaling from, you know, five people up to, you know, 50 and beyond is that managers really are the key to your success as a company. It’s hard to overstate how important managers, great managers, are to the success of your company.

So you want to raise a Series A
“More companies will raise seed rounds than Series A rounds, simply due to the fact that many startups fail, and venture only makes sense for a small fraction of businesses out there. Every check is a new cycle of convincing and proving that you, as a startup, will have venture-scale returns. Moore explained that startups looking to move to their next round need to explain to investors why now is their moment.”

Until next week,
Lucas M.

And again, if you’re reading this on the TechCrunch site, you can get this in your inbox from the newsletter page, and follow my tweets @lucasmtny.

#alabama, #amazon, #app-annie, #apple, #bessemer, #blockchain, #bluetooth, #bluetooth-speaker, #christies, #coinbase, #cryptocurrency, #e-commerce, #extra-crunch, #gamestop, #google, #operating-systems, #oracle, #real-time-web, #smartphone, #software, #software-development, #sonos, #stockx, #supreme-court, #tc, #techcrunch, #text-messaging, #twitter, #week-in-review

NLPCloud.io helps devs add language processing smarts to their apps

While visual ‘no code‘ tools are helping businesses get more out of computing without the need for armies of in-house techies to configure software on behalf of other staff, access to the most powerful tech tools — at the ‘deep tech’ AI coal face — still requires some expert help (and/or costly in-house expertise).

This is where bootstrapping French startup, NLPCloud.io, is plying a trade in MLOps/AIOps — or ‘compute platform as a service’ (being as it runs the queries on its own servers) — with a focus on natural language processing (NLP), as its name suggests.

Developments in artificial intelligence have, in recent years, led to impressive advances in the field of NLP — a technology that can help businesses scale their capacity to intelligently grapple with all sorts of communications by automating tasks like Named Entity Recognition, sentiment-analysis, text classification, summarization, question answering, and Part-Of-Speech tagging, freeing up (human) staff to focus on more complex/nuanced work. (Although it’s worth emphasizing that the bulk of NLP research has focused on the English language — meaning that’s where this tech is most mature; so associated AI advances are not universally distributed.)

Production ready (pre-trained) NLP models for English are readily available ‘out of the box’. There are also dedicated open source frameworks offering help with training models. But businesses wanting to tap into NLP still need to have the DevOps resource and chops to implement NLP models.

NLPCloud.io is catering to businesses that don’t feel up to the implementation challenge themselves — offering “production-ready NLP API” with the promise of “no DevOps required”.

Its API is based on Hugging Face and spaCy open-source models. Customers can either choose to use ready-to-use pre-trained models (it selects the “best” open source models; it does not build its own); or they can upload custom models developed internally by their own data scientists — which it says is a point of differentiation vs SaaS services such as Google Natural Language (which uses Google’s ML models) or Amazon Comprehend and Monkey Learn.

NLPCloud.io says it wants to democratize NLP by helping developers and data scientists deliver these projects “in no time and at a fair price”. (It has a tiered pricing model based on requests per minute, which starts at $39pm and ranges up to $1,199pm, at the enterprise end, for one custom model running on a GPU. It does also offer a free tier so users can test models at low request velocity without incurring a charge.)

“The idea came from the fact that, as a software engineer, I saw many AI projects fail because of the deployment to production phase,” says sole founder and CTO Julien Salinas. “Companies often focus on building accurate and fast AI models but today more and more excellent open-source models are available and are doing an excellent job… so the toughest challenge now is being able to efficiently use these models in production. It takes AI skills, DevOps skills, programming skill… which is why it’s a challenge for so many companies, and which is why I decided to launch NLPCloud.io.”

The platform launched in January 2021 and now has around 500 users, including 30 who are paying for the service. While the startup, which is based in Grenoble, in the French Alps, is a team of three for now, plus a couple of independent contractors. (Salinas says he plans to hire five people by the end of the year.)

“Most of our users are tech startups but we also start having a couple of bigger companies,” he tells TechCrunch. “The biggest demand I’m seeing is both from software engineers and data scientists. Sometimes it’s from teams who have data science skills but don’t have DevOps skills (or don’t want to spend time on this). Sometimes it’s from tech teams who want to leverage NLP out-of-the-box without hiring a whole data science team.”

“We have very diverse customers, from solo startup founders to bigger companies like BBVA, Mintel, Senuto… in all sorts of sectors (banking, public relations, market research),” he adds.

Use cases of its customers include lead generation from unstructured text (such as web pages), via named entities extraction; and sorting support tickets based on urgency by conducting sentiment analysis.

Content marketers are also using its platform for headline generation (via summarization). While text classification capabilities are being used for economic intelligence and financial data extraction, per Salinas.

He says his own experience as a CTO and software engineer working on NLP projects at a number of tech companies led him to spot an opportunity in the challenge of AI implementation.

“I realized that it was quite easy to build acceptable NLP models thanks to great open-source frameworks like spaCy and Hugging Face Transformers but then I found it quite hard to use these models in production,” he explains. “It takes programming skills in order to develop an API, strong DevOps skills in order to build a robust and fast infrastructure to serve NLP models (AI models in general consume a lot of resources), and also data science skills of course.

“I tried to look for ready-to-use cloud solutions in order to save weeks of work but I couldn’t find anything satisfactory. My intuition was that such a platform would help tech teams save a lot of time, sometimes months of work for the teams who don’t have strong DevOps profiles.”

“NLP has been around for decades but until recently it took whole teams of data scientists to build acceptable NLP models. For a couple of years, we’ve made amazing progress in terms of accuracy and speed of the NLP models. More and more experts who have been working in the NLP field for decades agree that NLP is becoming a ‘commodity’,” he goes on. “Frameworks like spaCy make it extremely simple for developers to leverage NLP models without having advanced data science knowledge. And Hugging Face’s open-source repository for NLP models is also a great step in this direction.

“But having these models run in production is still hard, and maybe even harder than before as these brand new models are very demanding in terms of resources.”

The models NLPCloud.io offers are picked for performance — where “best” means it has “the best compromise between accuracy and speed”. Salinas also says they are paying mind to context, given NLP can be used for diverse user cases — hence proposing number of models so as to be able to adapt to a given use.

“Initially we started with models dedicated to entities extraction only but most of our first customers also asked for other use cases too, so we started adding other models,” he notes, adding that they will continue to add more models from the two chosen frameworks — “in order to cover more use cases, and more languages”.

SpaCy and Hugging Face, meanwhile, were chosen to be the source for the models offered via its API based on their track record as companies, the NLP libraries they offer and their focus on production-ready framework — with the combination allowing NLPCloud.io to offer a selection of models that are fast and accurate, working within the bounds of respective trade-offs, according to Salinas.

“SpaCy is developed by a solid company in Germany called Explosion.ai. This library has become one of the most used NLP libraries among companies who want to leverage NLP in production ‘for real’ (as opposed to academic research only). The reason is that it is very fast, has great accuracy in most scenarios, and is an opinionated” framework which makes it very simple to use by non-data scientists (the tradeoff is that it gives less customization possibilities),” he says.

Hugging Face is an even more solid company that recently raised $40M for a good reason: They created a disruptive NLP library called ‘transformers’ that improves a lot the accuracy of NLP models (the tradeoff is that it is very resource intensive though). It gives the opportunity to cover more use cases like sentiment analysis, classification, summarization… In addition to that, they created an open-source repository where it is easy to select the best model you need for your use case.”

While AI is advancing at a clip within certain tracks — such as NLP for English — there are still caveats and potential pitfalls attached to automating language processing and analysis, with the risk of getting stuff wrong or worse. AI models trained on human-generated data have, for example, been shown reflecting embedded biases and prejudices of the people who produced the underlying data.

Salinas agrees NLP can sometimes face “concerning bias issues”, such as racism and misogyny. But he expresses confidence in the models they’ve selected.

“Most of the time it seems [bias in NLP] is due to the underlying data used to trained the models. It shows we should be more careful about the origin of this data,” he says. “In my opinion the best solution in order to mitigate this is that the community of NLP users should actively report something inappropriate when using a specific model so that this model can be paused and fixed.”

“Even if we doubt that such a bias exists in the models we’re proposing, we do encourage our users to report such problems to us so we can take measures,” he adds.

 

#amazon, #api, #artificial-intelligence, #artificial-neural-networks, #bbva, #computing, #developer, #devops, #europe, #germany, #google, #hugging-face, #ml, #natural-language-processing, #nlpcloud-io, #public-relations, #software-development, #speech-recognition, #startups, #transformer

Argentina’s Digital House raises over $50M to help solve LatAm’s tech talent shortage

Digital House, a Buenos Aires-based edtech focused on developing tech talent through immersive remote courses, announced today it has raised more than $50 million in new funding.

Notably, two of the main investors are not venture capital firms but instead are two large tech companies: Latin American e-commerce giant Mercado Libre and San Francisco-based software developer Globant. Riverwood Capital, a Menlo Park-based private equity firm, and existing backer early-stage Argentina-based venture firm Kaszek also participated in the financing.

The raise brings Digital House’s total funding raised to more than $80 million since its 2016 inception. The Rise Fund led a $20 million Series B for Digital House in December 2017, marking the San Francisco-based firm’s investment in Latin America.

Nelson Duboscq, CEO and co-founder of Digital House, said that accelerating demand for tech talent in Latin America has fueled demand for the startup’s online courses. Since it first launched its classes in March 2016, the company has seen a 118% CAGR in revenues and a 145% CAGR in students. The 350-person company expects “and is on track” to be profitable this year, according to Duboscq.

Digital House CEO and co-founder Nelson Duboscq. Image Credits: Digital House

In 2020, 28,000 students across Latin America used its platform. The company projects that more than 43,000 will take courses via its platform in 2021. Fifty percent of its business comes out of Brazil, 30% from Argentina and the remaining 20% in the rest of Latin America.

Specifically, Digital House offers courses aimed at teaching “the most in-demand digital skills” to people who either want to work in the digital industry or for companies that need to train their employees on digital skills. Emphasizing practice, Digital House offers courses — that range from six months to two years — teaching skills such as web and mobile development, data analytics, user experience design, digital marketing and product development.

The courses are fully accessible online and combine live online classes led by in-house professors, with content delivered through Digital House’s platform via videos, quizzes and exercises “that can be consumed at any time.” 

Digital House also links its graduates to company jobs, claiming an employability rate of over 95%.

Looking ahead, Digital House says it will use its new capital toward continuing to evolve its digital training platforms, as well as launching a two-year tech training program — dubbed the the “Certified Tech Developer” initiative — jointly designed with Mercado Libre and Globant. The program aims to train thousands of students through full-time two-year courses and connect them with tech companies globally. 

Specifically, the company says it will also continue to expand its portfolio of careers beyond software development and include specialization in e-commerce, digital marketing, data science and cybersecurity. Digital House also plans to expand its partnerships with technology employers and companies in Brazil and the rest of Latin America. It also is planning some “strategic M&A,” according to Duboscq.

Francisco Alvarez-Demalde, co-founder & co-managing partner of Riverwood Capital, noted that his firm has observed an accelerating digitization of the economy across all sectors in Latin America, which naturally creates demand for tech-savvy talent. (Riverwood has an office in São Paulo).

For example, in addition to web developers, there’s been increased demand for data scientists, digital marketing and cybersecurity specialists.

“In Brazil alone, over 70,000 new IT professionals are needed each year and only about 45,000 are trained annually,” Alvarez-Demalde said. “As a result of such a talent crunch, salaries for IT professionals in the region increased 20% to 30% last year. In this context, Digital House has a large opportunity ahead of them and is positioned strategically as the gatekeeper of new digital talent in Latin America, preparing workers for the jobs of the future.”

André Chaves, senior VP of Strategy at Mercado Libre, said the company saw in Digital House a track record of “understanding closely” what Mercado Libre and other tech companies need.

“They move as fast as we do and adapt quickly to what the job market needs,” he said. “A very important asset for us is their presence and understanding of Latin America, its risks and entrepreneurial environment. Global players have succeeded for many years in our region. But things are shifting gradually, and local knowledge of risks and opportunities can make a great difference.”

#brazil, #digital-house, #digital-marketing, #e-commerce, #education, #funding, #fundings-exits, #globant, #latin-america, #marketing, #menlo-park, #mercado-libre, #mercadolibre, #online-courses, #private-equity, #recent-funding, #rise-fund, #riverwood-capital, #san-francisco, #software-development, #startups, #tc, #venture-capital, #venture-capital-firms, #web-developers

3 steps to ease the transition to a no-code company

Gartner predicts low/no-code will represent 65% of all app development by 2024. Clearly, it’s the future, but what is it, and how can you turn your organization into a no-code company to get ahead of the trend?

No-code is changing how organizations build and maintain applications. It democratizes application development by creating “citizen developers” who can quickly build out applications that meet their business-facing needs in real time, realigning IT and business objectives by bringing them closer together than ever.

Anyone can now create and modify their own tools without complex coding skills using no-code’s easy-to-use visual interfaces and drag-and-drop functionality.

Anyone can now create and modify their own tools without complex coding skills using no-code’s easy-to-use visual interfaces and drag-and-drop functionality. This creates organizational flexibility and agility, addresses growing IT backlogs and budgets, and helps fill the IT gap caused by a shortage of skilled developers.

Despite the many benefits, adopting a no-code platform won’t suddenly turn you into a no-code company. It’s a process. Here are three steps to help your transition:

1. Future-proof your tech strategy

For a long time, the threat of digital disruption and the subsequent need for digital transformation has been driving IT strategy. The pandemic made this threat all the more acute. Most organizations were forced to rapidly rethink their tech strategy in the new digital normal.

This strategy has been effective for many organizations, but it’s also been largely reactive. Organizations have been fighting to keep up with the acceleration of digital trends. The opportunity with no-code, which is still in its early days, is to make that tech strategy more proactive.

We find that many organizations still think about tech strategy from a predominantly IT lens without considering organizational structural changes that could be around the corner. Think about it: Having a critical mass of citizen developers in five years could dramatically change how your organization allocates resources, organizes departments and even hires talent.

Don’t future-proof your tech strategy for a slightly evolved version of your current organization, future-proof it for a fundamentally more democratized environment where everyone can build their own applications for their own needs. That’s a profound change. Here are three things to consider:

#business-process-management, #citizen-developers, #column, #developer, #digital-transformation, #ec-column, #ec-enterprise-applications, #ec-how-to, #no-code-software, #saas, #software-development, #startups

Nobl9 raises $21M Series B for its SLO management platform

SLAs, SLOs, SLIs. If there’s one thing everybody in the business of managing software development loves, it’s acronyms. And while everyone probably knows what a Service Level Agreement (SLA) is, Service Level Objectives (SLOs) and Service Level Indicators (SLIs) may not be quite as well known. The idea, though, is straightforward, with SLOs being the overall goals a team must hit to meet the promises of its SLA agreements, and SLIs being the actual measurements that back up those other two numbers. With the advent of DevOps, these ideas, which are typically part of a company’s overall Site Reliability Engineering (SRE) efforts, are becoming more mainstream, but putting them into practice isn’t always straightforward.

Noble9 aims to provide enterprises with the tools they need to build SLO-centric operations and the right feedback loops inside an organization to help it hit its SLOs without making too many trade-offs between the cost of engineering, feature development and reliability.

The company today announced that it has raised a $21 million Series B round led by its Series A investors Battery Ventures and CRV. In addition, Series A investors Bonfire Ventures and Resolute Ventures also participated, together with new investors Harmony Partners and Sorenson Ventures.

Before starting Nobl9, co-founders Marcin Kurc (CEO) and Brian Singer (CPO) spent time together at Orbitera, where Singer was the co-founder and COO and Kurc the CEO, and then at Google Cloud, after it acquired Orbitera in 2016. In the process, the team got to work with and appreciate Google’s site reliability engineering frameworks.

As they started looking into what to do next, that experience led them to look into productizing these ideas. “We came to this conclusion that if you’re going into Kubernetes, into service-based applications and modern architectures, there’s really no better way to run that than SRE,” Kurc told me. “And when we started looking at this, naturally SRE is a complete framework, there are processes. We started looking at elements of SRE and we agreed that SLO — service level objectives — is really the foundational part. You can’t do SRE without SLOs.”

As Singer noted, in order to adopt SLOs, businesses have to know how to turn the data they have about the reliability of their services, which could be measured in uptime or latency, for example, into the right objectives. That’s complicated by the fact that this data could live in a variety of databases and logs, but the real question is how to define the right SLOs for any given organization based on this data.

“When you go into the conversation with an organization about what their goals are with respect to reliability and how they start to think about understanding if there’s risks to that, they very quickly get bogged down in how are we going to get this data or that data and instrument this or instrument that,” Singer said. “What we’ve done is we’ve built a platform that essentially takes that as the problem that we’re solving. So no matter where the data lives and in what format it lives, we want to be able to reduce it to very simply an error budget and an objective that can be tracked and measured and reported on.”

The company’s platform launched into general availability last week, after a beta that started last year. Early customers include Brex and Adobe.

As Kurc told me, the team actually thinks of this new funding round as a Series A round, but because its $7.5 million Series A was pretty sizable, they decided to call it a Series A instead of a seed round. “It’s hard to define it. If you define it based on a revenue milestone, we’re pre-revenue, we just launched the GA product,” Singer told me. “But I think just in terms of the maturity of the product and the company, I would put us at the [Series] B.”

The team told me that it closed the round at the end of last November, and while it considered pitching new VCs, its existing investors were already interested in putting more money into the company and since its previous round had been oversubscribed, they decided to add to this new round some of the investors that didn’t make the cut for the Series A.

The company plans to use the new funding to advance its roadmap and expand its team, especially across sales, marketing and customer success.

#adobe,