Tag Archives: management

Product management and organization

I had to better understand the concepts, roles and duties related to Product management and Product marketing management in software companies, why are needed, which are the differences and how they fit inside an organization structure.

Most person i know never interested into this specific area of work, but when you want to be a product company (and not a consulting or solution company), you start having different products on different platforms for different target customers sold trough different channels with different pricing with a installation/different delivery process and that complexity must be managed in the proper way.

You realize that in order to let the product company grow in the right direction you need to organize product management activities formally, not closing your mind in rigid organization roles such as Marketing, Sales, R&D.

When we speak about Product Management i recommend the reading of the illuminating The strategic role of Product Management (How a market-driven focus leads companies to build products people want to buy) that clarify a lot of things, even if it outlook net separation of roles in product management, something that’s too heavy for a small company like a startup.

Still it provide a differentiation of duties between Product Management and Product Marketing.

A good understanding of the product management related to startup is given in the article Creating Product Management at Startup showing up different case related to the roles of the product visionary into the company.

It introduce the terms ceo of the product in the sense that the product management duties jump around into the various organization function by providing focus and effort where it’s needed, independently from the fact that the internal function requiring more effort is Development, Marketing, Sales or Communication. That’s means practically enhancing the product vision as it’s needed across all major product-related functions making the vision corporate-wide coherent.

A good representation of product management and product marketing activities is well described with the differentiation of between Strategical, Technical and Marketing sector and is not clearly separated between Management, Marketing(and Sales) and R&D :

Triad.jpg

I read that product manager background and knowledge are different depending on the company focus (where does product management belong in the organization?):

  • B2C -> Marketing experience
  • B2B -> Technical experience

An illuminating (for me) and very important differentiation regarding product management duties is the differentiation between:

  • Product Management
  • Product Marketing

The specific duties belonging to Product Marketing vs Management are greatly explained in Role Definitions For Product Management and Product Marketing that i suggest to read, letting you to better define tasks and responsibilities across your organization. It also provide a good definition of job requirements if you need to look for that figure!

At the same time it’s important to understand what’s NOT product management, effectively Product management is not just feature prioritization.

At the same time it’s important to understand which professional figure is NOT itself a product manager:

  • Product manager is not a marketing manager – while product management is usually seen as a marketing discipline, marketers are focused on the marketing plan and are usually not driving the overall product direction. In that context could however be found Product marketing manager that’s the arms of the marketing of the product, especially in small organization.
  • Product manager is not a sales manager – sales manager are about finding out how to sell a product, following which sales methodology, technique and channels and they could drive the company from a market oriented company (product) to a customer oriented company (solution and consulting)
  • Product manager is not a developer – Developers are focused on the technology and not the overall product. Some great product managers are former developers, but it is difficult to do both at once. There is a natural tension between developers and product managers that should be maintained to create a balanced product.
  • Product manager is not a software manager – the software manager is a functional manager and usually not focused on the product or the customers.
  • Product manager is not a project manager – project managers are about how and when, while the product manager is about what. Project managers work closely with product managers to ensure successful completion of different phases in the product life cycle.

The typical product management activities could be in extreme synthesis summarized as follow:

  • Strategy: Planning a product strategy
  • Technical: leading product developments
  • Marketing: providing product and technical content
  • Sales: provide pre sales support and work effectively with sales

Product management so it’s not precisely development, is not precisely marketing, it’s not precisely sales, so typically it’s difficult to identify “where it should stay” inside the organization structure (it’s even difficult to understand that’s needed)?

The Silicon Valley Product Group provide a nice insight on Product Organization Structure by pointing out which are the advantages and risks of several choices. Still the Cranky Product Manager say that It doesn’t matter where the product manager live in the organization.

It’s relevant to be careful not to have persons that are too much technical or too much sales oriented in order to fill the gap among different organization. Too much fragmentation of assigned duties across the organization may lead to bureaucracy, too much duties on one person may lead to ineffective implementation of needed tasks in some area and to a internal competition perception respect to the traditional roles.

Check there a very nice Resume of a professional with practical experience in product management (it’s an half techie/half marketing guys).

Ah! Another very common misunderstanding is to confuse marketing with communication where a i found a so good definition of Marketing that i really like and understand for strict relationship with Product Management:

Marketing is know the market so well that the product sell itself

But what happen when you don’t handle a product management and product marketing management process in a defined way?

A nice story is shown as example in The strategic role of Product Management :

Your founder, a brilliant technician, started the company years ago when he quit his day job to market his idea full time. He created a product that he just knew other people needed. And he was right. Pretty soon he delivered enough of the product and hired his best friend from college as VP of Sales. And the company grew. But before long, the VP of Sales complained, “We’re an engineering-led company. We need to become customer-driven.” And that sounded fine. Except… every new contract seemed to require custom work. You signed a dozen clients in a dozen market segments and the latest customer’s voice always dominated the product plans. You concluded that “customer-driven” meant “driven by the latest customer” and that couldn’t be right.

If you want to be a product company it’s relevant to precisely follow a strategy driven by product marketing and management and not by sales.

Confusion between duties of product management/marketing and sales could lead to unsuccessful product company that are not able to proceed within their strategy, simply because they getting opportunities that drive the business out-of-scope.

A product company must invest in it’s own product development and marketing in order to let sales activity stay focused and guarantee that the organization is every day more effective on the market.

After this reading, my understanding is that it’s relevant to identify how to create a set of flexible business process on how to handle various product management and product marketing duties separating them from sales.

Snake-oil security claims on crypto security product

Security market grow, more companies goes to the market, but how many of them are taking seriously what they do?

You know, doing security technology mean that you are personally responsible for the protection of the user’s information. You must make them aware of what they need, exactly what your are doing and which kind of threat model your product protect.

A typical problem of product’s security features is represented by the inability of the user to evaluate the security claims of the product itself.

So there’s a lot companies doing a not-so-ethical marketing of security features, based on the facts that no user will be able to evaluate it.

The previously explained situation reside in the security topic of Snake Oil Encryption, an evolution in the scientific cryptographic environment that let us today use best of breed information protection technologies without having to worry too much about backdoors or insecurities.

Let’s speak about Snake Oil Encryption

Snake Oil Cryptography : In cryptography, snake oil is a term used to describe commercial cryptographic methods and products which are considered bogus or fraudulent. Distinguishing secure cryptography from insecure cryptography can be difficult from the viewpoint of a user. Many cryptographers, such as Bruce Schneier and Phil Zimmermann, undertake to educate the public in how secure cryptography is done, as well as highlighting the misleading marketing of some cryptographic products.

The most referenced crypto security guru, Philip Zimmermann and Bruce Schneier, was the 1st to talk about Snake Oil Encryption:

Snake Oil by Philip Zimmermann

Snake Oil by Bruce Schneier

The Michigan Telecommunications and Technology Law Review also made a very good analysis related to the Security Features of Security Products, SNAKE-OIL SECURITY CLAIMS” THE SYSTEMATIC MISREPRESENTATION OF PRODUCT SECURITY . They explain about the nasty marketing tricks used to tweak users inability to evaluate the security features, including economic and legal responsibility implication.

Several snake oil security product companies does not explain and are not clear about the threat model to which the product apply. Very famous is the sentence of Russ Nelson:

“Remember, crypto without a threat model is like cookies without milk. ….. Cryptography without a threat model is like motherhood without apple pie. Can’t say that enough times. More generally, security without a threat model is by definition going to fail.”

So, how to spot snake oil security products?

Check a guideline of to spot Snake Oil Encryption Products: Snake Oil Warning Signs, Encryption Software to Avoid by Matt Curtin .

You can see this very good Cryptographic Snake Oil Examples by Emility Ratliff (IBM Architect at Linux Security), that tried to make clear example on how to spot Cryptographic Snake Oil.

Here represented the basic guideline from Matt Curtin paper:


By checking that points it’s possible to evaluate how serious an encryption technology or product is.

But all in all how to fix that unethical security approach?

It’s very significative and it would be really useful for each kind of security product category to make some strongly and independent evaluation guideline (like OSSTMM for Penetration testing) , to make this security evaluation process really in the hands of the user.

It would be also very nice to have someone making analysis and evaluation of security product companies, publishing reports about Snake Oil signs.

Index of economic freedom

When looking at facts and figures about globalized world, the index of economic freedom is a nice tool to make proper considerations.

Military contractors going commercial

Most military contractors are suffering from the restriction of government’s budgets for military expenses and are moving into commercial markets, still they have to adjust a lot of things.

Read here a nice analysis from rochtel on how military contractors should adapt their strategy.

chinese espionage: the worst and more silent threat for western countries

Hi all,

in the past few years i saw an incredible increase in the amount of “public” news about espionage against different western countries and usually coming from far-east, typically china.

China want to be the largest economic power within 2020 and it’s following a grow rate of 8% per year. Their “controlled” capitalism without the inefficiency of the democracy it’s something that’s beating the western countries, less efficient because democratic.

China, in order to quickly grow it’s R&D capacity make an extensive use of espionage, it’s estimated that Chinese government have more than 1.000.000 intelligence agents worldwide.

And they know how to do espionage, their “spy” does not cost that much like western countries’ spy, less guarantee, less payments.

Also they are using cyber espionage as an important source of information and competitiveness against western countries companies and government R&D results. China is so un-cooperative that now also western countries spying each other, or even Russian, use chinese internet space as the “start base” for their internet based espionage activities.

I knew of a USA phisher that used to build it’s own trojan with a chinese version of Windows Xp with a chinese version of the Microsoft Visual Studio development suite. Why? For information deception, in order to tweak the forensics effort of the FBI analyst and have them think that it’s own attacks was coming from China!

Any investigators that see an attack coming from china typically think “oh shit, it comes from china, we’re lost”, and now even cybercrime use China like a far-west, untouchable base for cyber attacks.

Back tracing attacks coming from china it’s like trying to find out what’s inside a black hole, it’s a one-way trip and no information comes back.

To give better an idea of what i am speaking about just get the following list of reference:

Germany accuses China of industrial espionage

Chinese trainee goes on trial as French industry fears espionage

U.S. Vulnerable to Chinese Cyber Espionage

Massive Chinese Espionage Network

Cyber Spy Network Also Targetting Finland

How do the western countries defend themself?

That’s a nice points to speak about because there’s no simple way to defend against espionage other than considering it like a serious and concrete threat.

Governments should be able to get more understanding that their approach to informations systems and information security policy must not only exists on paper but also be applied everywhere in order to be effective. Governments are complex organizations and only a few are enough smart to be able to quickly and efficiently make security policies really be implemented organization-wide. But they are trying to, especially the most competitive ones like USA, UK and Germany .

Companies instead should acquire awareness of the problem that is present, available, concrete as concrete is the chance that someone enter into the offices to steal good (not for espionage). For that reason companies place alarm systems, access control with badge, camera monitoring systems.

But espionage does not mean fighting and protecting against poor thieves but instead against more sophisticated, either technically and socially, attacker that can use old school intelligence techniques always effective. Getting employed and stealing information while working. Simulate to be customers to establish a link trust with a salesman and then find a reason to let him execute some malicious software “hey, but my modellization software demostrate that your model used to measure the performance of your product it’s not the one you advertised. Check it out, see your self with the software we used!”. What do you think the salesman will do in order to catch the prospect customer?

Only awareness, knowledge about the issues can make such risk to be considered seriously.

Governments should provide financing to industrial associations, chamber of commerces and similar agencies in order to make such awareness national wide and let entrepreneurs became conscious and became prepared to recognize, identify and stop espionage activities.

The law perspective

Governments should strenghten their laws in order to be able have the required rights tools to enforce the protection from espionage.

Look at the analysis made by my smart cousin Angelo Pietrosanti on espionage “Is the European R&D Equally protected from espionage as in the US R&D?”

Country Civil Sanction against trade secret threat Criminal Sanction against trade secret threat Year of last modificationg
USA 5 mln $ up to 10(for domenistic) or 15 (for foreigners) Years of Jail 1996 (Economic Espionage Act)
Germany YES up to 3 Years of Jail 1986
France 0.03 mln $ up to 2 Years of Jail 1992
UK YES NO 1984
Italy YES up to 2 Years of Jail 1942
Switzerland YES up to 3 Years of Jail 1986
Finland YES up to 3 Years of Jail 1990
Sweden YES up to 6 Years of Jail 1990
The Netherlands YES up to 4 Years of Jail 1992

What this table show?

  • Outdated law (except USA)
  • Not so serious sanctions against espionage activities. (except USA)

Maybe some european policy on this could help.

In conclusion

We are in an economic war where the winner is not the one having more forces, but the one being more technologically advanced, and economically clever.

Chinese are demonstrating to be enough aggressive and clever, will the western countries be able to react both on the defense and the attack in this war?

Best advices by world leaders

Today i found a very nice set of 22 ‘best advices’ on Fortune coming from world leaders and i would really like to link there some of the most interesting ones (at least for me).

I think that those suggestion let you work and manage your projects and goals (in any situation you play a leadership role, being business or personal stuff) in a proper, rational and effective way.

Colin Powel: Focus on performance, not power

Jim Sinegal: Show, don’t tell

Mort Zuckerman: Do what you love

Meredith Whitney: Always set realistic goals

Lauren Zalaknick: Listen (others opinion)  

Robin Li: Underpromise and overdelivery (while running a company)

Mika Brzezinski: Use failure to motivate yourself

The real goal of online marketing: lead generation

Often i discuss about online marketing, however it include the mysterious “marketing” magic word that’s tipically subject to misunderstanding and misconception .

The end goal of online marketing is to generate qualified leads coming from international markets.

Some interesting links about it, and how things should be properly done are below:

I would really like to see an effective leverage of online techniques and tools as the main interface and providers of information, the main pre-sales agent of the company explaining almost everything required to get back a qualified lead.

Product Management

You know, product management it’s a job for half-fish, half-meat guys, that understand both business needs and technology issues.

I found two amazing and very well done presentations about it, i suggest to read it as it clarify a lot of things of the marketing and technical activities applied to the management of products inside companies to reach the market.

The strategic Role of Product Management

Very in depth presentation. Ask yourself, do you know what’s the differences between marketing and promotions, sales, advertising? How to really manage the core of the company, the product?

Product Management for BrainMates

Very smooth presentation going to the point: A product is the tiny overlap between the needs of a business, the aspirations of it’s development team and the unsatisfied desires of the customer.