Shhh. That's Classified
From the Front Lines
How do you hire new employees, lease a building, get financing, and develop a new product in total secrecy? A CIA veteran tells you how
Awhile back, some friends bestowed a new title upon me: the King of Stealth. I'm not sure I like it, because I don't enjoy being secretive. Admittedly, I've spent 10 years of my life working for three of the most secretive organizations in the world: the Office of Special Investigations (OSI -- known from The Six Million Dollar Man TV series, for those old enough to remember); the CIA; and the National Reconnaissance Office (NRO), an organization so secretive that one legend claims that just the letters N-R-O on a sheet of government paper would be considered classified.
In those organizations, multimillion-dollar programs can be affected if word leaks. Loose lips can lead to lethal results since espionage is punishable by death, or worse, in most countries. There is no room for error. Every employee from the janitor to the director undergoes a 15-year background investigation, takes repeated polygraphs, and is protected by armed guards and the most advanced security systems in the world. People never discuss classified information in public places. Conversations about work occur within special facilities and on secure encrypted telephones. And don't accidentally bring a cell phone or a computer into one of the buildings these agencies inhabit -- unless you want to donate it to the government, since it can never go back into the unclassified world. I come from a background where if someone said, "If I told you, I'd have to kill you," it wouldn't be funny (though I did mean that to be funny). "We in the government don't have a sense of humor," I used to say.
So when venture capitalist Vinod Khosla, whose firm -- Kleiner Perkins Caufield & Byers -- had just invested $5 million in our new Internet company, suggested that my cofounder, Brian Axe, and I should put the business into stealth, my first question was "How much stealth do you really want?" His answer: Enough. We were developing a whole new way of communicating on the Internet, and we feared that someone would copy our idea before we could protect it.
I'm sure I think about stealth and secrecy considerably differently from the way the average Silicon Valley entrepreneur views it. The word stealth means a lot of things to me, but here Vinod was talking about hiding the technology our new company was building from potential competitors. We'd watched as other dot-coms got funding and suddenly became surrounded by a whole field of copycats. Keeping our developing business under wraps would help us gain strategic advantage. We weren't going to let anyone know what we were doing -- not a potential employee, a partner, our neighbors, or our friends.
Here's what we were trying to keep secret: we were pretty sure that the new Internet platform we had invented, called Zaplets (available at www.zaplet.com), would be the next big thing after E-mail and instant messaging. The technology allows Web applications to be delivered by E-mail, thereby eliminating the greatest barrier to using the Web: having to visit a particular site. It's that reality that forces dot-coms to spend billions trying to attract people to their sites.
The opportunity was so big that we feared others would jump into it at a time when we were vulnerable.
A Zaplet works like this: I send one to a list of friends, inviting them to my office picnic and asking them to RSVP. As people respond, the Zaplet in my friends' in-boxes is updated to reflect who's coming. Or a financial service might send out a Zaplet in the morning with the stock quotes you've requested. Look at that Zaplet later in the day and the quotes have changed -- they're up-to-the-minute. Zaplets reduce E-mail clutter by consolidating messages, and they also support such things as secure messaging, self-destructing E-mail, project management, auctions, stocks -- the list is as big as everything that exists on the Web. And Zaplets bring it all to people's in-boxes.
Stealth was critical for us because the opportunity was so big that we feared others would jump into it at a time when we were vulnerable. (One study says that 96% of Internet users spend more time on their E-mail than they do browsing the Web.) At the time, we had filed only one patent. Though the network of copycats and potential competitors wasn't as dangerous as a hostile intelligence service, without maintaining some secrecy we could have inadvertently created a lot of unwanted exposure.
So we did a host of things designed to keep our company in "deep stealth" for more than nine months. We used some tactics that I had learned in my days at the CIA, the OSI, and the NRO, and some that I had learned from other entrepreneurs who were also hiding their new companies. During that time we grew the business from 2 to 120 people while we fully developed our product. We finally debuted in March to the complete surprise of the entire computer industry.
The key to good stealth is having people not notice the stealth. It's the difference between armor and concealment. The former protects you if you're found; the latter prevents you from being found in the first place.
First, we changed our name. Company names can be a dangerous source of speculation -- especially in our case, where it wouldn't have taken a rocket scientist to deduce that a Zaplet might be a combination of a "zap" (an E-mail) and an application. So we held a quick brainstorming session for a name that sounded like a cool company that you'd want to work for but that would say nothing about our business or what we did. FireDrop worked just fine.
Second, we kept our funding under wraps. That was awkward, because before Kleiner Perkins funded us, we'd pitched three other VCs. Brian received E-mail messages from the other firms asking, "How's the funding going?" He'd show me the messages, but we couldn't respond to them without revealing that we'd been funded. One persistent VC sent an E-mail message that said, "How's the funding, and why didn't you reply to our E-mail?" We couldn't answer that one, either.
Third, we had to hire fast and well, but without telling applicants what the company did. I didn't feel I had to worry about the people I'd already brought on board who had salaries and equity; their interests were aligned with mine. I worried about the people we would interview but not hire -- they could do a lot of damage. Naturally, it wasn't easy to get applicants in the door. Even our outside recruiters didn't know what we did. So after a few months, when we no longer had to keep our financing secret, we enticed potential hires by telling them about the people we'd already attracted. We told them that Kleiner Perkins had funded us, that Vinod was involved, and that some well-known Internet engineers, software developers, and marketing gurus had come to work for us. The fact that Vinod had taken all of 15 minutes to decide to invest in us -- and that Kleiner Perkins had given us a term sheet only four days after we started talking -- raised a few eyebrows. Nevertheless, at the end of the interviews, most applicants would look at me with some frustration and say, "I still don't know what you're doing." It takes tact to uphold stealth. I would empathize -- but I wouldn't answer. I would say, "I understand how someone would want to know what we're doing. You'll know soon."
"Soon" may not have been soon enough for our first few hires -- they knew little of the product until after they showed up for work. But most applicants didn't have to actually start working for us before they learned what a Zaplet was. Instead, to learn our secrets, they signed a nondisclosure agreement. NDAs aren't foolproof -- they are as trustworthy as people are. But NDAs set the tone for how seriously an organization takes its confidentiality. When government agents specify that information is classified, they determine how secret it should be by how much damage a leak would cause. The release of secret information, for instance, would cause grave damage to the country; the release of top-secret information would cause extremely grave damage.
So we drew up a tough NDA. It specified that breaking the agreement would cost the signer $100,000 in damages. Nondisclosures often cause messy court cases if they don't specify monetary damages; the judge or jury has to figure that out. And how much is competitive information worth? Agreeing on a number beforehand eliminates conjecture.
Coming up with the $100,000 figure simply took common sense. Since we had invented a new Internet platform, other people will use Zaplets and build applications on top of them. New communications tools like this one come around only once every few years, so its value was great. At the same time, the damages had to seem reasonable. For instance, it would have been hard to believe that leaking our secret should cost someone $1 million. On the other hand, the price had to be high enough to make the risk unpalatable. If we had been anyplace else in the country, we would have asked for only $20,000. But our company is in Silicon Valley, where we figured that $100,000 would be appropriately painful for everyone.
Some people fiercely resisted signing. One guy refused, so we didn't hire him. And he was a great Internet security officer! It was a loss; he had a stellar background. But if people aren't prepared to sign an NDA, you have to ask yourself what else they may not be prepared to do in the best interest of the company.
So why did anyone join us? It was all about execution. Most people's decision to join a company is actually based very little on the product itself and more on the people, the opportunity, the competitive advantages, the business model, and the company culture. We focused on those things and learned to tell only certain parts of our story. We practiced it like a military exercise, over and over, so anyone involved in recruiting had the drill down.
Flying under the Radar
Hiring was tough. But the real struggle came when we had to get financing, a home, and equipment. Our banker, our prospective landlord, and Sun Microsystems (from whom we wanted to lease more than $1 million worth of computers) legitimately needed to understand our business. They couldn't take a risk on us without knowing who we were and what we did.
That made sense, of course, and we had a fiscal and ethical responsibility to explain our business to them, including who our backers were and who our team was. But we didn't feel that outsiders needed to know the details of our product.
That's not how the Sun people felt. No way were they going to provide $1 million worth of equipment to us when they didn't know whether we could pay them back. They wanted a business plan. We said, "We're in stealth mode. We can't give you a business plan." Their leasing officer said, "No business plan, no lease." We tried to use our network to go around him, but it didn't work. Whatever we did, we ultimately came back to him, and every time that happened, he insisted on a plan. I thought that if we gave him a plan, he'd pass it on to a number of other Sun people we hadn't met -- people who were well connected in the industry. Finally, we wrote a short, generic plan -- and they accepted it. The whole process took about a month and slowed us down.
The generic plan saved us. That doesn't mean you can do anything to get a deal or keep a secret. I highly recommend never lying. Your integrity is the only thing you have that allows people to trust you; never give it up. We became experts at describing our business without giving away a single detail. And we made sure it didn't sound exciting. Calling it "B-to-B stuff" with a good yawn always helped keep the interest low. When we were asked for details, we somehow always remembered that we had some other urgent thing to do and made a hasty exit.
We'd retreat to a new building in a sparkling complex on a brand-new street that wasn't even on the map. We had planned to lease space in a new building that didn't have any other tenants (to eliminate casual elevator conversations with neighbors). We got lucky when it came to the address; if we were to do it again, I'd find such a street on purpose. (I've heard from a few people in the Valley that our complex is unofficially known as Stealth Alley because of its lack of signs and the presence of other in-the-dark Internet companies.) I look out of one-way-mirrored windows onto miles of marsh; there's no reason for anyone to stroll over here on their lunch-hour walk. We also leased the top floor, which added another level of security.
I've heard from a few people in the Valley that our complex is unofficially known as Stealth Alley because of its lack of signs.
Inside the company, we're very open with one another. Rather than using whiteboards, we write on the glass conference-room walls, a practice that the military uses in submarines and war rooms. (The idea of stealth is not to maintain secrecy everywhere, because that doesn't work. Once people were in here and trusted, we felt everyone should know nearly everything -- except things like salaries. That makes for an effective company.) Since one-way windows don't work well at night and we don't want people to see in, we hung shades on every window. It sounds paranoid, but many reporters drive by a company just to see what it looks like. And not that anyone would ever go through our trash, but trash happens; we still shred all our confidential documents and use a document-destruction company instead of throwing paper in the garbage.
Naturally, we hadn't listed FireDrop in the phone book or put any contact information on our Web site, so it was practically impossible for most people to get our address. Even if they had gotten it, they would have had a miserable time finding the place: we didn't put up any signs. We just told invited guests how to find us.
Since we had little practical information on our Web site, why have one at all? Because stealth creates a lot of buzz. People knew that FireDrop existed and that we were hiring quickly. (Today we're up to 230 people.) We started to work with advisers like Bill Joy and Esther Dyson. We wanted to be able to leverage the curiosity we'd generated. So on our Web site we asked people to sign in, and we promised to E-mail our big news to them when we launched. By the time we came out of stealth, we had a complete, working technology and had filed more than 12 patents. The only real leak was a Wall Street Journal article discussing our strict NDA, among other things.
Much of the stealth is gone these days -- except for our name. Our plan was to go back to Zaplet, but we had recruited everyone to work for a company called FireDrop, and the name was so good, people didn't want to change it. Maybe I should have picked a name like 3Com or Microsoft.
David Roberts is chief zaplet at FireDrop Inc., in Redwood City, Calif. The street where he works is now on the map.
Please e-mail your comments to email@example.com.