I routinely come up with what I think are million dollar ideas. And I get euphoric about how successful it will be be, I'll make so much money, and people will be happy.

And then as the euphoria dies down, typically as I start designing it, I have some sober thoughts.

Would I use my own product? Maybe.

Would I pay for my product? Probably not.

And the reason why this is invariably boils down to the fact that most of my ideas are just a way of storing and managing ideas in a tabular format. As in, a spreadsheet.

Risk register? Sure, I could spend tens of thousands on a LogicGate subscription. But I could also create a spreadsheet and just keep track of it there.

Vulnerabilities? Same thing.

Roadmap planning? Yup, spreadsheets too.

Products like Jira have a purpose, and those purposes tend to show up really well when there is a team of people all working on the same thing. But even spreadsheets can live for a very long time just chugging along doing just enough to get the work done and nothing else. I get my data in tabular format. I get to sort it, filter it, pivot it. I get charts.

So perhaps my million dollar ideas are just too basic. Perhaps they really are just a CRUD wrapper over a database. That's still fine, but maybe there's more to a million dollar ideas than just "managing" data.

And that's where I think about what happens in my day job. There, I often get invited to demos from startups showing off their new product. And invariably what they've designed is a CRUD wrapper over a database. And as the demo progresses, what I really want to say to these founders is:

extra steps

And that's why nearly every single demo get rejected by me. What I'm looking for in these startups is what I need to be doing when I'm thinking about my million dollar idea.

The product needs to solve a problem. And that problem can't be solved by inputting the information into a spreadsheet.

For instance. If you, dear InfoSec startup founder, want me to purchase your centralized vulnerability SaaS product, it can't just collate all vulnerabilities into one app. I still need to triage everything. But if your app can do the triage for me or suggest a correct remediation for me, well then you have my attention.

The joke I've used with my colleagues is that these startup founders are akin to the door to door vacuum salesmen of yesteryear. They show up to your door, point to various places in your house and say, "Our product shows you where the dirt is." Well, yes, I know where the dirt is, it's my house. I need help cleaning up that dirt. And so often I get the founder equivalent of, "oh no, our product doesn't clean the dirt, it just manages the locations where the dirt is to help you keep track of it.". Cool. Next.