Richard Stiennon is Chief Research Analyst for IT-Harvest, the firm he founded in 2005 to cover the 3,500+ vendors that make up the IT security industry. He has presented on the topic of cybersecurity in 31 countries on six continents. He was a lecturer at Charles Sturt University in Australia. He is the author of Surviving Cyberwar (Government Institutes, 2010) and Washington Post Best Seller, There Will Be Cyberwar. His research appears on Substack. Stiennon was Chief Strategy Officer for Blancco Technology Group, the Chief Marketing Officer for Fortinet, Inc. and VP Threat Research at Webroot Software. Prior to that he was VP Research at Gartner. He has a B.S. in Aerospace Engineering and his MA in War in the Modern World from King’s College, London. His latest book Security Yearbook 2023 is coming out in July, 2023.
Today’s software development processes remind me of typing pools.
My first day on the job as an engineer I had to approve a $220K purchase order for two ComputerVision CAD workstations. June of 1982 was at the beginning of the digital revolution. Personal computers were showing up in the workplace. Back then there was a role called “secretary.” These office workers would take dictation in shorthand and type up your letter or memo for you. If it was a large office, the secretaries would be “pooled” and do the typing for everybody.
Typing was skilled labour and secretaries would try hard to produce a good product. If there were too many edits/corrections, they would have to re-type the entire document. As soon as word processors were introduced to the office the quality of first drafts plummeted. Correcting a typo was just a matter of changing a digital document and hitting print.
You know what happened? Typing as a profession disappeared. Eventually everyone had their own computer and typed their own documents.
The same thing eventually came to Computer Aided Design. When we introduced CAD at Hoover Universal, I saw a familiar pattern. The “designers” that created the to-scale drawings worked at huge tables 5 feet deep and 24 feet long.
With the introduction of CAD, the designers would print out drawings for me to review. I would find things that needed to change and they would go back to the CAD work station, make the change, and print out a new drawing. They could move a line in minutes instead of hours. They did not have to project from plan view to side view to front to iso. But it was so easy that they introduced constant errors—like typos in a memo.
By the late ‘80s a company called Parametric Technology Corporation introduced solid modeling to the automotive industry. This tool changed everything. An engineer could sketch out a new part or assembly while defining all the dependencies (parameters) and generate 3D models of anything.
I had a brainstorm: What if you had a team of mechanical engineers who could do their own designs? They could design the part, spit out engineering drawings, perform structural analysis, build prototypes, test them to the NTSB specifications and see them through to production. I launched a company to do just that. Eventually we had 16 degreed engineers in the company and no CAD designers.
I would love to report that everything changed after that, but no, the auto companies were too set in their ways. Engineers were so buried in paperwork and meetings that their role became one of handling the drudgery while designers continued to make their drawings. That’s why it still takes ten years to create a new product in the auto world.
You can see where I am going with this. Software development, even with modern CI/CD processes, has created the same problem. There are millions of people employed in pools of thousands who are assigned coding tasks with little idea what the goal is. Give them a set of specifications and they write the code. Then QA tests the code and generates tickets for fixes. All under the direction of a product management team.
I began to realize this when I had a concept for an app. I created a two-page aspirational document for the app, but to boil it down my spec was: Create a tool that anyone could use to research the 2,800 cyber security vendors around the world. The tool was to be easier and faster to use than a Google Sheet with 2,800 rows and 30 columns.
Last year I began to explore building an MVP, a minimal viable product, that would answer these simple requirements. Every dev shop I talked to said: “Sure we can build that. Send over your wire frames and detailed specifications on every function you want us to build.” (If you have not encountered the term, a wire frame, is a picture of each page of your finished product.) Most outsourced dev shops want to assign a project manager who deals with you and translates your requests to the actual coders.
When I responded, “just build me an app that displays the data in this spreadsheet and is searchable and easy to use,” they balked. They can’t do that. Nobody creates software that way.
I began looking for tools that would allow me to at least demonstrate what I wanted. But how do I know what every function should be if I don’t have end users? I could spend $100k to get to the beta version and the first user could ask for a feature that requires a completely new architecture.
That was when I discovered that there is a revolution occurring in app development similar to what word processing and solid modeling did to typing and design work. If you have built a WordPress site, you are familiar with Nocode for creating a website. A modern Content Management System (CMS) makes it possible for anyone to create a functional website. Even the majority of “web developers” use WordPress today.
bubble.io, the platform we settled on for the Analyst Dashboard, is the WordPress of app development. You create pages, add features, pull from other data sources via API, and create workflows. All this without writing a line of code. There are now over two million users of Bubble.
I asked my newly hired intern to see what he could do in bubble. Within a week he had built something that satisfied my requirements for an MVP. You could view all the data, search on vendor names, even download a CSV file of the data. He wrapped it in the classic SaaS envelope of Landing Page, Pricing Page, etc. and we started to show it to our braintrust of people in our Ideal Customer Profile (ICP). Based on their input we added features and improved the look and feel over two months and launched the product March 30th, 2022.
We have yet to encounter a showstopper that would require us to transition to a full stack development effort. But if that happens, we will be ready because now we know what the app looks like and how to specify the 1,000+ functions it needs.
Nocode is changing everything in application development the same way that word processing freed us from the tyranny of the typing pool or solid modeling the designer bullpen. Nocode is going to free us from the exorbitant costs and lengthy delivery times of the software development world.