Hacker News new | past | comments | ask | show | jobs | submit login
How to De-Risk a Startup (codingvc.com)
240 points by lpolovets on Oct 28, 2016 | hide | past | web | favorite | 37 comments

I completely nodded along with this — as advice for a normal, sustainable business. But this is not what startups do.

The whole point of a "startup" as conceived in Silicon Valley and as desired by VCs is that risk is HIGH. Let's set aside whether this is good or bad (I would argue the drive for "100x or bust" returns is corrosive, but the word "startup" is tied to that kind of risk/return model right now in the commonly accepted definition).

So let's go through his principles and show what low risk means for hypothetical business idea "XYZ":

-Founder has proven track record doing XYZ

-Lots of potential customers WANT to do XYZ

-Startup is making many hard (cash, full price) sales of XYZ

-XYZ is fully functioning and "amazing" and customers are loyal

-Prices are high

-Incumbents are successful

etc etc

When you have these kinds of attributes you have a nice business in an established sector. By definition. Lots of customers, incumbents, and sales means the XYZ idea has been well exploited. Great.

The whole point of a startup is to make a bold bet on something not entirely proven and safe. That doesn't mean take DUMB risks, but this piece actually says you should try to get your business to the sort of low risk situations I list above.

But if you have an actually good idea you WANT to go into an area with few incumbents and where potential customers are skeptical and where you have no proven track record — because if something is genuinely NEW then guess what - there are no incumbents because no one is doing it yet - many of the customers don't know they need it because it doesn't exist yet - and you have no experience in it because no one on the planet has done it.

I mean you can definitely argue that many startups today take excessive risks and don't take basic steps to minimize risks. Absolutely. And you can also argue that the world needs more sustainable practical businesses and fewer 100x startup attempts. I personally agree with that. But a substantial degree of risk and of lack of "proof" for a business idea is what makes a startup a startup. So if you want to de-risk a startup, find the sort of business that will qualify you for a bank loan. Maybe a nice plumbing enterprise :-)

(I'm the post's author)

> The whole point of a startup is to make a bold bet on something not entirely proven and safe. That doesn't mean take DUMB risks, but this piece actually says you should try to get your business to the sort of low risk situations I list above.

I agree with you that startups are often making bold, unproven bets. The post was trying to say that yes, you're starting somewhere risky, but how can you de-risk your assumptions? How can you start proving the unproven? The proof might be a 5-10 year process, but it's important. The goal is not to reduce risk for safety's sake, but to validate that your end goals are reachable.

For example, if you came up with Snapchat 10 years ago, there would be many risks, including "do people want ephemeral messaging?" and "can an engineer build this product?" I would argue that the first risk is much more important to validate, but a lot of founders -- especially tech founders -- would focus on the 2nd risk. Using terminology from the blog post, the first risk starts out at a 1, and the second starts out at a 4, but too many people would focus on moving the 4 to a 5 instead of moving the 1 to a 3. A 3 still isn't a home run, but at least you know you're on the right track.

The risk is rarely CAN it be built. I think your point is to demonstrate it SHOULD be built by following de-risk steps.

Lean, right?


To heck with SnapChat. Gads, it became a fad as young women stood in front of their bathroom mirror and used their smart phone to take imprudent pictures of themselves. No one knew that this would be a fad, but anyone could guess that the fad had a lot wrong with it, would get a lot of push back, and would not last very long.

Instead of all that nonsense, to get around the 'product/market fit' risk, here is how: Pick a problem where the first good or a much better solution will be a must have for a sufficiently good, large, dedicated, whatever audience of users/customers to make a business worth $10+ billion.

The classic would be a safe, effective, cheap one pill taken once cure for any cancer. So, have a problem, cancer, and the first good solution, the one pill, and it is a must have for a lot of people -- ballpark half of the population will die of cancer before anything else.

So, with that pill, have product/market fit so strong that just on a rumor the front doors of the company will be mobbed by people desperate for the pill.

That situation is what you want to aim for.

Well, everyone can see the problem of cancer, but so far no one knows how to make that pill. If making the pill were easy, then that problem would have been solved by now.

In information technology, can do much the same thing: The problem is already out there and fairly easy to see.

But, there is no free lunch here, no royal road, no ten easy steps. Instead, if lots of people know how to solve the problem, then it would have been solved by now.

So, need to attack a problem where not many people know how to solve it. In particular, need a problem that just routine software is not nearly sufficient for a good solution.

Next, when have the problem and the solution, the risk is already way, way down, but have yet to cover ANY of the risk reduction techniques in the OP.

So, the real key to risk reduction and high ROI for startup projects is to have good solutions that nearly no one else knows how to do.

For now, for information technology, the best approach to such solutions is original research in applied math, typically based on advanced prerequisites. An advantage is that such work can be reviewed reliably. And passing such review, now have a low risk project where the rest of the work to high ROI is routine. That's the goal, right? I just gave you the magic, golden, secret sauce, right?

THAT'S, for now, how to do information technology startups with high ROI and low risk, right from the beginning, that is, based on, say, a project proposal on paper with the math included.

The ante in that game is to be able to read, review, check, at least direct such work, in the math.

I doubt that there is a single VC firm in the US that can do that. The NSF can. So can ONR, and DARPA. So can high end journals in applied math. So can the applied math departments of leading research universities. But VCs? Nope. With at most a tiny number of exceptions: History majors from Williams College? Nope. Computer science chaired profs at leading research universities? Nope. Silicon Valley entrepreneurs? Nope.

So, we're talking something rare and exceptional. Well, we know that except for luck that is a necessary condition for $10+ billion. So, we have to be able to work effectively with things that are exceptional.

I think you're conflating together changes a business can make to its approach that are "global" or high-level versus "local" or low-level.

I don't think the article is advocating only starting a company in a space where it's easy to get to low-risk.

If you enter a high-risk area, that's totally fine and good, but (as I read the article) it's still a good idea to try to move all of your indicators toward less risky rather than more.

The question you're getting at is whether one takes drastic steps like pivoting toward a more established industry where it's easy to lower risk. I'm not sure the author is advocating that.

If risks didn't reduce over time, why would valuations increase over time? (Let's say that Risk = Probability[Future Value < Current Value])

The real value in this post is maybe how the VC thinks about risk rather than a how a founder should. The need for structure in something as ephemeral as startup risk definitely stands out.

I think that value is pretty big actually, it's something founders need to be deeply aware of. I wrote about one instance where this comes up a lot here - why raising money pre-launch is often easier than post-launch https://medium.com/@tommyrva/why-is-raising-your-seed-round-...

Great post. I think part of de-risking is that sometimes you find out your assumptions don't hold. E.g. you thought there was a $5b opportunity, but after launching you can quickly see that you were wrong. In that respect, it's much better to fundraise before you launch because you wouldn't be able to raise post-launch, but then you still have to figure out what to do after you have money but find out your idea isn't great.

100% true! I'll admit, I intentionally avoided addressing that in the post, I wanted to focus on the tactics rather than the larger question the efficacy of these tactics raise.

There's a counter-argument even I would make which is: if it's true that it's easier to raise pre-launch for these reasons, does that mean you should? Not sure.

Having seen a lot of founders who are just poker players, or full of hot air, this article provides a good objective way to unemotionally evaluate a startup.

This is important, because it's really easy to get excited about something that just isn't going to go anywhere because the leader is charismatic.

Agreed, however, if you're a founder who plans to raise money, they're helpful barometers to look at.

Many of the most successful startups started building a new product in a market of unknown size. It often seemed small at the time. What you call high market risk here, is actually (sometimes) the best situation in terms of investment returns.

It's tough to be a VC.

That's a really nice structured approach to what risk is and how to classify it but it doesn't actually address how to get rid of any specific risk and that is what is required to actually get rid of the risk, the secret is in between those line-items listing various stages of risk.

And quite a few existential risks in the start-up world are not so easily classified to begin with, for instance, founder conflict is a huge risk and yet didn't even make the list of examples here.

Still, very useful post but mostly from an analysis point of view, a 'where are we and where do we want to go' rather than 'how are we going to get there'.

I've definitely met VCs who use this kind of mental model.

I'd add a couple more:

Technology Risk. Does what you're building require advances in technology that don't yet exist?

Regulatory or Legal Risk. Do you need specific licences to launch your product? How far through this process are you?

Great way to think about this.

Also -- although maybe too obvious to point out -- as you progress through these stages:

- You appeal to different kinds of investors. You may gain financing options (~= the old joke/truth that "banks are happiest to loan you money if you don't really need it").

- You need somewhat different skills from people (especially yourself!). Likewise you might be more attractive to different kinds of candidates.

- Eventually there's a whole other set of risks, as you evolve into a bigger, more mature company with high organizational entropy. :)

I never seen something like before. It's very good way of measuring subjectively perceived risk. I am definitely using.

I believe this should just be re-titled "how to identify risks in your startup." Because often there are very real risks - and you should not "de-risk" them. You should just be aware of what they are, and make educated decisions around those risks.

If you can easily de-risk then you should. Of course with most of the bad risks it is impossible to de-risk because nobody know the answer.

What about the risk of relying on a 3rd party platform? How to de-risk that?

(I'm the post's author.)

A few ideas:

1) Integrate w/multiple platforms if that's an option, so that you're not dependent on a single platform. E.g. if you are integrated with 10 messaging platforms it's better than being tied 100% to WeChat.

2) If you're using the platform for distribution or infrastructure rather than something like data or social networks, then you can gradually work on building infrastructure in-house or on looking for other distribution channels.

3) Offer something to the platform that they value so that they don't have an incentive to limit your usage. For example, maybe you can data sources that let you provide valuable analytics and insights to the platform when combined with the data and users you get from them.

Maybe... [1] The platform is new, untested. [2] The platform is tested and out of beta. [3] The platform has a decent number of users. [4] The platform has a large userbase with good reviews. [5] The platform is a self-sustaining (usually paid) service with good reviews and tons of users.

I don't understand how those are ways to de-risk that risk.

As an example, I am talking about a company like "Buffer" or Twitter developers that rely on the Twitter API for their startup.

The original comment was ambiguous, so I just treated it as "picking a 3rd party platform" and graded based on reliability of future existence. A number of platforms go down for various reasons (esp. freemium-based). Don't you want a platform that is mostly guaranteed to stick around while you use it?

This is a rather nice list from Leo, but it seems to be focused on the “lean” model of building a MVP and iterating until you get product-market fit. How do you de-risk opportunities where you can’t build an MVP and you have to invest years in development before you have a product you can show the market?

Basically the whole post has one theme: The more you have already done on the project, the less risk. That's not wrong, but it's weak because there is a much better way.

E.g., as a teenager, I looked around the garage and saw an old lawn mower engine, other raw materials, and tools and built a go cart. I drove it around the neighborhood. So, according to the OP, I was well on the way, low risk, to beating Ford? Nope!

What was missing for beating Ford? Sure, some larger planning that, to beat Ford, could, should have been done at the beginning. Nearly all of that planning should have been well before cutting any metal and well before any of the steps in the OP.

So, net, what the OP is missing is any reasonable conception of good planning.

It is as if the OP believes that any planning is just so much hot air, pie in the sky, BS, with a dime still won't cover a 10 cent cup of coffee. I'd say that following the steps of less risk in the OP without good, initial planning is hot air, ....

Can good planning work? Yup. Maybe what the OP and Susa Ventures has in mind doesn't use much in planning, but Boeing, Lockheed, Intel, ... make good use of planning.

E.g., Lockheed planned the SR-71 as in


The project was approved basically with all the work just on paper, that is, with none of the risk reducing project steps in the OP. And the project was fully successful -- Mach 3 speed, 80,000 feet altitude, 2000 mile range without refuling. Flew over hostile airspace taking pictures for years and never got shot down. Why not shot down? Planning: Or, you are on the ground and an SR-71 is about to fly over you and take your picture, again, Mach 3, 80,000 feet. So, how do you get an airplane or missile up there in time? Well, in simple terms, with what was available then, you couldn't. So, you didn't, and the SR-71 never got shot down. And this situation was clear just from the planning on paper before any metal cutting.

Really, what was important for having a low risk project was the planning on paper, before any metal cutting, and not the progress steps as in the OP.

And for serious projects, this situation on planning is quite general for, say, large dams, long bridges, tall buildings, deep tunnels, huge ships and airplanes, etc. Nearly all the important work that reduces risk is in the initial planing and engineering essentially all just on paper. The OP totally neglects this point.

War story example. Early in my career, I was writing applied math software in a group at the JHU/APL, that is, Johns Hopkins University Applied Phsics Lab in Maryland. The group was doing the orbit determination software for the Navy's version of GPS, right, which was working several years before GPS by the USAF. Yes, the project was for the navigation needed by the US Navy missile firing submarines. Well, daily have to update the orbits of the satellites; so, there is some good software there.

Actually in that group I was working on passive sonar software (another interest of the US Navy), but I did learn the stories of how the Navy got their version of GPS. It was basically a back of the envelope thing-y by some good physics people. That done, there wasn't much risk. Then no doubt there was a full project proposal that was peer-reviewed and reviewed otherwise. Now, presto, bingo, with just that paper, basically have a low risk project with the rest, including the rockets to launch the satellites, the software, the satellites themselves, etc. all low risk. But according to the OP, before the satellites and rockets are built, flown, etc., have high risk project. Nope. And according to the OP, since no one had yet done a GPS, it was a high risk project. Nope.

Basically the OP wants to have full confidence in a project essentially only when it is done. Okay, but that's no help in risk removal early on for either the project people or any investor. In fact, with good planning, even just on paper, can remove nearly all the risk just at the beginning.

In the commercial world, also need to have happy users/customers; how to plan for that? Pick a problem where the first good or a much better solution is a must have for enough users/customers to have a low risk project.

The core problem of the OP is that they don't know how to evaluate project plans just on paper and, that way, get low risk projects. Thankfully for US national security, the US DoD very much does know how to do that, that is, work with plans on paper and, then, have the rest low risk. So do Boeing, Intel, etc.

For more, the OP seems to be from a group, Susa, that believes that in information technology the technology is essentially just routine software development and anything else about technology or planning is ignored. Well, there was some software in the GPS project, but there was also a lot more that made the project very valuable; the software part alone was basically low risk; and with the good, initial planning just on paper, the rest of the project was low risk. Then, the OP is ignoring projects that would be "very valuable" because that value is not just in routine software.

Then, with some irony, the OP wants to invest in projects that have little promise of much value even when the software is done, and that's not low risk investing!

Indeed, as in




the average ROI of Silicon Valley information technology investing is low. It does appear that what the OP describes is basically how such investors look at projects. Thankfully for US national security, tall buildings, huge airplanes, etc., such investors are not involved.

From what I've read, Transit got its start at John Hopkins. First, they verified that there was a satellite up there with some receivers they had lying around. Then they predicted where it would be with some math. Then someone what if'd whether they could reverse that problem with some brain cells.


While I agree that planning is important, very important, it can become analysis paralysis quickly. Not the case with everything, but sometimes you just have to do it, most especially if you can do it. I'm reminded of Feynmann's o-ring experiment.


With your go kart example, it would be a good idea to try that out before tackling Ford. A VC might not invest in you just because you built a go kart. But you would plan better if you succeeded and you might not invest more of your time if you failed.

Acid tests have their worth.

The planning, including relevant applied math and physics, maybe some of it original, have been the keys to astounding DoD and many other projects done at low risk.

Like anything else, the planning can fail, but typically it is much cheaper than cutting metal, digging big holes in the ground, launching rockets, etc.

And if the planning fails, then just stop there -- cost so small it often won't be noticed. If the planning is successful, passes various reviews, etc., then are in line for some great results at low risk. In the commercial world, that would also be high ROI.

I agree that people in the startup world do undervalue proper planning "on paper".

But let's not kid ourselves, DoD projects are low risk because when they inevitably go over budget, the tax payer is always there to keep pumping more money into the project. When the F-35 goes into full service, are you going to include that project in your "low risk" success story column?

The US DoD has done a LOT of high end projects as low risk. Taking Guam -- about when and how planned. The B-29s, intended to fly from Guam (Tinian, etc.) to Japan, ready at about the same time. The A-bomb, right on time -- how 'bout that for a high risk project done on time. Rickover and the nuke powered submarines and then the missile firing submarines -- on time or nearly so.

The F-35? I'm not so sure it's been a big mess -- I've heard two sides. On the good side, it should boil down to about $150 million per plane, everything including from start through the lifetime, and that is comparable with the ballpark $100 million or so that has long been the case in both the US and Europe. Right, on this topic, my collection of good references totally sucks -- I could be wrong.

Sure, the F-35 is not so good at dogfighting, but, then, it's not supposed to be. The fighter is the F-22, and it is supposed to kill the enemy planes well beyond visual range and not do dogfighting, either, although it definitely has the performance for it.

So, the idea is that early in a conflict, the F-22 and F-35 go in. The enemy can't see either one, from ground, from planes, via missiles. The F-22s take out the enemy fighters, and the F-35 takes out the early on, high value ground targets, e.g., radar and missile sites. Then can send in F-16s, F-15s, A-10s, F-18s, B-1's, B-52's, etc.

The sales risk section is a bit off to me. It's possible for 5 to be true without any of the other stages to have ever occurred. That said, perhaps that's irrelevant.

Some interesting points. Sales risk seems very focused towards enterprise sales, but I believe having a go-to-market strategy is more important than just having the ability to hire experienced salespeople. Some products don't even need sales people, but the channels, partner platforms, etc should be identified. Does this product rely heavily on inbound leads, require SEO or content generation, etc?

Also, certain risks inherently trump others for early stage startups. Moving from a 3 to a 5 under Product/Market Fit is a much more ideal compared to moving recruiting risk from 1 to 3 or team risk from 1 to 3. (After all, it's kind of moot to hire full time employees for every area if you don't even have good P/M fit)

Yea, I was mainly commenting that it seemed like you could just skip the first 4 levels with the right product, which was something the other categories didn't seem to have the same characteristic.

This guy clearly does not understand investing or what it means to be a founder. There are three things that matter, the rest is noise:

1) Is there a big market? 2) Is the founding team GREAT? 3) Don't invest too late.

That's it. Invest in great people pursuing big opportunities. Trust & help them to be smart enough to figure the rest out.

More categories would simply distract. Most VCs invest in ideas with meaningless total addressable markets ALL the time. They limit their upside even if everything goes perfectly. They invest in subpar teams with no real product or design talent. Most VCs would do better sticking to above.

Chris Dixon said wrote a blog post, which I wholeheartedly agree, where a lot of amazing innovation first looks like a toy. Many of the biggest companies are created by a founder realizing new tech X can impact a lot of value-added activities A,B,C before everybody else realizes the same thing. If the VC is twiddling thumbs looking for external validation beyond the founder, by definition they're missing the train.

Things are "obvious" only in hindsight. Let's take building messaging apps. Everyone now says it was so obvious - but it wasn't to Google, Inc. They wasted time building Google+ while founders were building WhatsApp, Instagram, SnapChat, etc.

Containers are another example. Docker folks realized certain properties of the linux kernel can be utilized to great effect to solve a meaningful problem. Imagine the VC who waited another year to de-risk.

The OP's advice wasn't meant for VCs, it was for the founders. Their role is very different and the advice looks sound to me. Or do you disagree with it from founders' perspective?

I mean it from the founders perspective as well, as a founder myself.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact