About Me
- Kanwal K Mookhey
- Mumbai, India
- I run an IT Security consulting firm based out of India. We started off from scratch in 2001 when I was 21, and have offices in Mumbai, Bahrain, and UAE. The idea behind the blog is to share the stories of how we run the business, the deals we make, the deals that break, the heartburn, and the sheer joy.
The Ultimate Startup Guide
The Ultimate Startup Guide is an e-book that provides answers to all your questions related to starting and growing a business in India. Everything you wanted to know about entrepreneurship in India from ideation to registration to marketing to hiring. The book contains a large number of practical examples, anecdotes, interviews, and motivational material to help you get started, and to grow rapidly in a booming Indian economy. If you've got the idea, this book will help you through with the execution and realize your dreams.
Here are some of the key questions you will find answered in this book:
Details of the book are: Title: The Ultimate Startup Guide Author: Kanwal Mookhey Pages: 150 Additional: Companion CD contains numerous templates for building your business plan, calculating cashflow, preparing profit and loss, and balance sheets, preparing invoices, your resume and profile, marketing material, websites, contracts, and many other useful and motivational material. |
Thursday, July 14, 2011
Mumbai's resilience - what a load of crap!
Posted by Kanwal K Mookhey at 12:31 PM 229 comments
Sunday, November 21, 2010
How I got my bank to straighten up
The story starts in 2004 when I took a 5 year loan against commercial property from KM Bank at 11.25% Rate of Interest (ROI). A year later when I topped up this loan, the first loan had risen to an ROI of 11.75% and the additional amount was given at 12%. I didn't understand how the same bank could give two loans to the same person against the same collateral at 2 different rates of interest?
The rate steadily kept on increasing, till it got to an usurious 15.25% a couple of months ago! When I got the letter from my customer-unfriendly bank, I naturally went into a bit of a depression. Imagine my anger, when a customer service representative called me to ask if I would like to top up the loan again, since the outstanding principal had reduced to a 3rd of the original amount and the property value had gone up!? I shot her an angry email response telling her to basically get lost! Then later, a senior rep came to me and told me to write to UK (the CMD of the Bank for chrisssakes!) and ask for the ROI to be re-negotiated if I agreed to top-up the loan.
None of this obviously worked, until I hired a loan agent to talk to other banks. Within 10 days I got 3 offers, the lowest of which was 11.0% from Barclays! When I informed KM Bank about this, I got an SOS call back from them with a confirmed offer letter reducing my ROI from 15.25% to 11.25% with immediate effect! Since the pre-payment penalty was another 2%, I told the other bank that I would stick with KM. They then re-negotiated down to 10%! I immediately triggered the request for balance transfer from KM to the Barclays and happily paid the 2% pre-payment penalty.
End result: ROI reduced from 15.25% down to 10% in 2 weeks of effort.
Moral of the story: if your bank is sucking your hard-earned money, show them it is a competitive market and you can go to the bank down the street and get a much better deal!
Posted by Kanwal K Mookhey at 7:29 AM 33 comments
Tuesday, May 18, 2010
The Cauldron of Time
Yesterday, during a random dinner table conversation, the question that was put to me was what do you think your purpose in life is? Ah, the fundamental question we all grapple and often ignore. Without getting too meta-physical about it, I think there is a very simple practical answer to the question. And it is simply – doing what one does to the best of one’s abilities.
I see so many people go through the best years of their lives simply watching the clock. They go to office in the morning, put in the requisite 8 hours and come back in the evening. Same routine repeats day in and day out. But what each one of us needs to realize is that we’ve only got a limited amount of time. When you’re 25, you think the entire world is ahead of you and life is limitless. But as Yudhishthira says in the Mahabharata, “the cauldron of time cooks everyone”. And that is a universal truth.
So given that you’ve got only a limited amount of time, let’s take that argument further. Let’s say you’ve only got a year to go, before your time is up. Would you now bring the same attitude to work and life that you have right now? Or would you change it drastically? If the answer is that you would change it drastically, then my friend the answer to life’s fundamental question is right in front of your eyes and you’re choosing to ignore it.
When we work for organizations who we think pay us less, or a boss who doesn’t understand us, or an environment which is suffocating, we all have a few choices. And the choice is to simply leave that situation and choose another one. Or to try and change the situation. But, there is a third choice: while we’re in that specific situation, life demands from us that we give it our very best. And that is what life is really all about. If you don’t like your job, change it – but while you’re working, give it everything you’ve got. Or else you’re shortchanging the most important person in the world - you!
If you think your company is short-changing you – think again. Or rather trust greater thinkers to guide you. As Krishna says to Arjuna in the Gita – do your duty because that is what you’ve come on Earth for. Do not think of the fruits of your actions. To give it a more practical twist – I say, do not work simply for the fruits of your labor. Do it for your love of the work itself – do it because it is your bounden duty to do so.
Or else, you’re actually waking up every day and cheating yourself. Every hour and every minute of work that you’re whiling away your time, taking long breaks, chatting, social networking, or not giving your profession your best effort and dedicated focus is a minute that is completely lost, and the biggest loser in this case is you – not your organization, not your team – but you! Because the company will keep going on or shut down – but the best years of your life won’t come back ever.
So go change your job if you’re not happy. But stop cribbing and complaining and cheating yourself out of the only life you’ll ever have.
Posted by Kanwal K Mookhey at 9:30 PM 17 comments
Monday, December 21, 2009
A new enterprise - part II
The bank account.
With all the KYC norms that exist, opening up a bank account wasn't the easiest thing in the world with the newly formed entity. Among other documents submitted, the key documents were:
1. Copy of the partnership deed
2. Letter from my existing company NII saying that I allow IIS (Institute of Information Security) to function from this office
3. An Airtel bill on my personal name as address proof
4. Copy of the receipt of BMC for registration under Shops & Establishment Act. The actual certificate is another story and will take a week or so (check my next blog post on BMC and Bribery)
5. A couple of other letters that the Bank gave me the format of
6. PAN card copies of both directors
7. Form saying PAN card has been applied for - and the PAN card has also been applied
8. Photos, filled up forms, etc.
The main challenge was with the address proof - since there is no bill or government receipt with the IIS name and my office address. And I couldn't wait for the Shops and Establishment Act certificate to come through.
Anyways, it took a week or so, but it's been done now. And this is a bank I've been banking with for over a decade now. But this laborious process of opening up an account is largely due to the RBI's stress on reducing NPAs, controlling benami accounts, and other anti-money laundering provisions. So well, it's all for a good cause!
Posted by Kanwal K Mookhey at 6:55 AM 15 comments
Friday, October 30, 2009
A new enterprise - part 1
Taking into consideration the fact that scaling a consulting business is a long-term affair, I've decided to take at least the training component out and make that into a separate enterprise. Since it has been quite some time since I incorporated a business, I thought I'd jot down the brief journey of getting an enterprise up and running here to help budding entrepreneurs see the first few steps at least of getting a business off the ground
The first thing I did was to think up of an impressive enough name for the training business - we came up with Institute of Information Security. I then got my in-house team to get the website done www.iisecurity.in
I tasked one of my team members to experiment with some of the e-learning software, and we narrowed down on eFront. So the eLearning channel is also up and running at http://elearning.iisecurity.in
We've also started doing the SEO for the website, and it already ranks high up when searching for specific terms related to the security training business. I also logged in the business with JustDial (www.justdial.com) and with Google local business search.
Finally, the legal part. In order to incorporate the enterprise, we are doing it as a partnership. So I contacted my CA, gave him the broad terms of the partnership, and he's built all the rest of the legalese around it. The deed will be printed out on Rs. 500 stamp paper and will become a registered deed.
Oh, and of course, the process for trademark registration has already been started through my earlier trademark agent (atozservices.info).
Posted by Kanwal K Mookhey at 5:21 AM 31 comments
Thursday, January 01, 2009
Principles of Problem-Solving
Posted by Kanwal K Mookhey at 4:53 AM 17 comments
Infosec Scenario in 2009
1. Business continuity to get focus over disaster recovery
BCM is a process issue related to building the framework to increase business resiliency and restoration capability, while DR is about building redundancy through infrastructure investments. It is quite likely that new DR site investments might happen fewer than they did in 2008. But I would not advise cutting down on building your BCM capability - even if you are an SME. Each one of your people does need to know what needs to be done when things begin to fail. This does not require huge amounts of investment, but does require common sense, risk assessment, and regular training and awareness.
Counter: Focus on an effective Business Continuity Plan that takes into account at least the following - fire, ISP failure, transportation link failure, and yes a terrorist attack as well.
2. Capital expenditure on security technologies likely to be hit
This is one area that has seen the biggest hit and is likely to continue feeling the impact with new investments simply not happening. So fewer firewall upgrades, fewer adoptions of recently introduced solutions such as Data Leakage Prevention (DLP), Network Access Control (NAC), and others.
Counter: Really look for ROI on your capital expenditure on security technologies.
3. Focus on regulatory compliance to increase
Make sure you know very clearly what your responsibilities are towards data protection - not only for the specific industry you are in - but also for the countries that you do business in. I’ll soon be releasing a write-up on the Indian IT Act, and the new amendments recently pushed through in the Parliament, and what these mean for every individual and every business. Essentially, even if you are not ISO 27001 compliant or PCI DSS regulated, you are still very much legally liable to ensure due diligence to protect your customer’s data.
Counter: While cutting budgets on infosec is fine, don’t end up putting the existence of your business at risk due to negligence towards data protection.
4. Scareware, Social Networking Attacks, Phishing, and others
While Phishing attacks rose quite a bit in 2008, it is quite likely they will become more prevalent, more insidious and a huge pain in the wrong places in 2009. Combined with Scareware tactics (http://www.theregister.co.uk/2008/08/22/anatomy_of_a_hack/), exploitation of social networking sites (http://www.internetnews.com/security/article.php/3789496 and http://news.cnet.com/8301-1009_3-10078353-83.html), and even Google (http://go.theregister.com/feed/www.theregister.co.uk/2008/12/30/google_calendar_phish/ and http://blogs.zdnet.com/Google/?p=1053) is going to ensure attacks are highly smart, effective, and definitely lucrative for the attackers.
Counter: Focus on awareness, not just within your organizations but also within your families and communities.
5. Computer fraud may rise - a lot
Today attackers are not concerned with releasing the latest virus onto unsuspecting Internet users. Do we even remember how long ago it was when CodeRed or Slammer hit us bad? Attackers today - both external and internal - have one simple agenda - making as much money as they can within as short a time as possible. We’re already seeing SAP, Oracle Apps, and business applications becoming the most lucrative target of fraudsters. All they need is the knowledge (if you’re working with 2-3 years on the same system you know its flaws well enough), motive (layoffs, salary cuts, no bonuses), and opportunity.
Counter: Invest in forensic accounting, and keep a panel of experts on standby to be called in when fraud happens. Get advice on a list of red flags to watch out for.
6. Cyberwarfare could become a reality
At least as far as the South East Asian region is concerned, we’ve already seen an increase in the number of cyber attacks on Indian banks and government websites. This trend will get more serious and more malicious with some really sensitive data being targetted in the months to come. The next frontier for terrorism will be digital, and we’re all going to be facing the brunt of professional hacking, espionage, and digital sabotage. We’re already seeing this with the current Israeli war on Gaza (http://blog.wired.com/defense/2008/12/israels-info-wa.html), and the recent attacks by Pakistani hackers on the Eastern Railways site (http://in.news.yahoo.com/241/20081225/1262/twl-pak-hacker-attacks-e-rlys-site-threa.html), and a couple of PSU banks. See this link for in-depth Indo-Pak cyberwar coverage http://intelfusion.net/wordpress/?p=468
Counter: If your organization is governmental, semi-governmental, public sector, or provides a service or utility of national importance, you are pretty much going to be targeted. Focus on securing your external perimeter and get it tested.
Posted by Kanwal K Mookhey at 4:48 AM 7 comments
Wednesday, October 29, 2008
Back to globe-trotting
For a while, I'd been more or less spending time in Mumbai, then suddenly about 3 months back work led me to begin my globe-trotting again and give way to my wanderlust. It started with a quick stopover in Dubai for a proposal presentation, and then on to Brussels to join one of our consultants who was working there on a project. This Brussels project is quite noteworthy in terms of the ingenuity of our marketing guy who won it. Seeing a dearth of leads in his kitty, he started to search on Google for tenders and RFPs in our area of information security. He then found this one for an organization in Brussels. When he first told me about it, I said, give it a shot, but mostly we might not win it, because we'll have the disadvantage of increased costs due to travel and stay, which a local company or one in Benelux (Belgium, Netherlands, Luxembourg) or even Europe would be able to avoid by deploying local consultants. But he gave it his best shot, we got shortlisted, and based on a couple of telephonic discussions, they awarded us the project.
Brussels was quite an interesting experience. The project went off very smoothly largely due to the work of our consultant there, and then the weekend before leaving from there we decided to spend exploring that area. My better half joined us, and on her insistence we ended up at one of the casinos. And inspite of my resistance to the slot machines, we actually ended up winning 1000 euros! And then we won a couple hundred more on the roulette and blackjack tables. When we left, we were richer by 1200 euros, which we decided to blow up by hiring a car, going down to Amsterdam - a perennial party place - and spend Saturday night there. It was one helluva experience, and when they describe Amsterdam as one long college frat party - its a very accurate description! I haven't ever seen so many people - not even during peak hour on the Mumbai local trains. And definitely never the sight of thousands of people eating, drinking, making merry, and generally having a collective blast!
After Brussels it was back to Dubai, to sort out my residence visa, since now we have opened up our third office there. Got that done, then I was back to Mumbai for a week or so. My next trip started by having to rush to Mauritius to rescue a project because one of our senior consultants who also was heading our Bahrain office decided to part ways. So I had to take on the project mid-way. But again the place is so beautiful and quite the tourist destination. However, the work pressure was quite a bit, and we managed to spend just the one weekend looking around the place. From mauritius, it was back to Dubai to open up a bank account for the company, then on to Bahrain to sort out the legalities and paperwork and other stuff. Then another week in Abu Dhabi to do a training and complete a project we were doing for a financial institution there.
Then I was back to Mumbai for a couple of days before flying off to Taiwan for the OWASP Asia conference. The conference was wonderfully well-organized by Wayne Huang and his team, with over 1000 people attending. My presentation was on Business Web Application Testing - getting the larger business perspective to the technical approach of pen-testing. I had to rush immediately after my talk to the airport in order to catch my flight and be back to Mumbai in time for Diwali.
So yesterday we had Diwali Puja at our new office in Andheri. While we will retain our current office and convert it into a training center, we'll largely shift all operational and consulting activities to this new office, where we even have a cool new SOC - Security Operations Center, with capacity for 36 people working in 3 shifts.
Things are only going to keep getting more and more hectic. We are aiming to have our 4th international office up and running within the next 3-4 months, either in the Far East, or if that doesn't work out, maybe at a second location within India. Our team is also growing and brand recognition is getting better and better. So if the posts are more infrequenty you'll know why. I intend to write my next posts on our experience in setting up our 3rd office in the UAE.
Posted by Kanwal K Mookhey at 3:10 AM 8 comments
Tuesday, June 03, 2008
Customer delight - makes it all worthwhile
When you're in business you have to be geared up for the fact that there will be customers who will have issues with various services and products that you offer. Customer support and responding to customer complaints is part and parcel of any company. While quality controls ensure that your deliverables are up to the mark, sometimes clients can still have reservations about what you have given them.
Especially in the consulting line of business, where we're delivering skills, opinions, and knowledge, it often becomes subjective whether we are meeting with client expectations or not. Managing customer expectations is one of the biggest challenges of being in this line of work. In a number of cases, the end result of the engagement is a report or a set of documents and presentations. And very often during the course of the engagement the client often voices their differences of opinion and displeasure at some of the deliverables.
With one of our clients, I almost got into an argument over some points related to the consulting services we were providing. I do strongly recommend to my team to avoid arguments at all costs, unless it is an absolutely critical issue. Disagreements should be voiced, but spats should be avoided. Coming back to this particular case, eventually the client was pleased enough to give us the following testimonial, and it is events like these that make consulting completely worthwhile...
“KK and his team did a brilliant job in guiding us towards the 27001 certification. Their approach was very methodical and systematic right from the stage of gathering requirements in the initial stages to the documentation work and then trainings and audit readiness stages. In fact what I liked the most about their approach was that he focussed on transferring his knowledge to us which has enabled us to sustain the improvements even without his involvement. They never restricted themselves to the scope of the contract. They were willing to that extra mile to make sure that it added business value to us."
Posted by Kanwal K Mookhey at 1:51 AM 10 comments
Friday, May 09, 2008
Narayana Murthy on Entrepreneurship
I was privileged to attend an interview of Narayana Murthy, the co-founder of Infosys Technologies. The interview session was part of a "Leaders and Learners" session organized by TIE at Welingkar's Institute in Mumbai. Murthy was interviewed by Anuradha Sengupta of CNBC TV18, and a select panel of entrepreneurs. Then the forum was thrown open to questions asked by the audience. Here were some of the key takeaways from this brilliant and humor-filled session:
Q. What does it take to start your own venture?
NM: You need 4 things before you can think of starting your own venture:
1. Idea. The key idea or concept of the service or product you want to sell in the market
2. Market value of the idea. You must have a basic level of confidence in the fact that the market values your product and is willing to pay for it.
3. Team. You must have a team of complementary skillsets - so identify your own strengths, and find people who have different, but complementary strengths.
4. High aspirations. You must be someone who sets his/her sights high, and is willing to work very hard to achieve those aspirations.
Q. What must a startup do for branding?
NM: Do unusual things. Infosys has always attracted the press and positive publicity by doing unusual things, which interest people.
Q. Who were your idols or people you looked up to?
NM: When we started our business, there were already well-established business leaders who had founded and expanded their companies while sticking to sound ethical principles - JRD Tata, even Mr. Birla, TVS, Mr. Kirloskar. Of course, by that time Bill Gates had also become well-known. Intel was one of the foremost examples of success for most security companies to follow.
Q. What is a non-negotiable component when starting your own business?
NM: A sound value system. You have to lead by example, you must walk the talk, eat your own dogfood. Only when will your team trust you implicitly, and only then will they deliver and help achieve the common goals.
Q. What are the characteristics of a successful entrepreneur?
- Ability to work with other people and work in a team
- Passion and will to persevere
- High degree of optimism
- High aspirations for oneself and for the company
- Ability to put long-term interest ahead of short-term benefit
Q. How do you judge the value of your idea?
NM: You should be able to express your idea and its value to the market in a simple sentence. Not a compound sentence, nor a complex sentence.
Q. How do you attract and retain talent?
The leadership must articulate a grand vision - an exciting future. This will create a challenging work culture and attract future leaders to the company. The vision must be a story that is compelling, believable, and intrigues and excites the minds of the team members.
Q. What do you think about work-life balance?
I remember K V Kamath's answer to this question: first let's make a life, then think about work-life balance. I don't understand the concept of a work-life balance.
Q. How do you define success, and at what stage did you consider yourself successful, and why?
NM: I have thought a lot on this subject, and my definition of a successful person is one who when he/she walks into a room, people's eyes light up. If he/she brings a smile to people's faces, then irrespective of whether that person is educated, not educated, self-employed, employed, I would still consider that person to be successful. And going by that definition, I am still not sure whether I would consider myself as being successful.
Interestingly, Murthy's favorite books are Richard Feynmann's "Lectures on Physics", and "History of Mathematics" vols 1,2,3.
Posted by Kanwal K Mookhey at 12:22 AM 20 comments
Wednesday, May 07, 2008
How to get started on your own business
Just a quick short post to answer a number of similar sounding emails I get on how to really get started on one's own business. Here's the lowdown on the logical flow of any enterprise from birth to growth.
- Ideation. The idea is the key. First come up with what you want to sell. Whether it is a product or a service or a combination of both. The main thing is to come up with an idea or a set of ideas.
- Marketability. The next step is to test the market for the viability of your idea. Before you quit your job or your college or even your current venture to start a business, you must have a reasonable amount of confidence that the idea works. You might even be looking at funding, so before you approach friends/family/VCs you should be convinced yourself that your idea has a market.
- Team. This is a tough ask. But if it is possible you should put together a team that complements your skills. So for instance if you are technically very good, find out someone who is good at marketing, and if possible, also someone who is good at finances. When I started out, I filled in the technical strength, and my father was around for the financial part. We still remained weak on the marketing front, and it took us quite a few years to fix that.
- Business plan. The next step is to articulate your idea. To put together a formal business plan which outlines your main idea, lists out potential target markets, the resources required to bring the idea to fruition, the competition you face, a SWOT analysis, projected cash-flow for the next 2-3 years, and most importantly your team profile.
- Funding. You may or may not need funding. So this stage would be one where you go out and seek the minimum amount of money that you need to start off your business.
- Registration & Incorporation. There are legal formalities to be completed before you start on your own business. For a sole proprietorship, there is not much to do, but for private limited there is quite a bit of paperwork you will need to get done.
- Stationery & Website. You will have to get your basic marketing material in place - a website, visiting cards, logo, letterheads, etc.
- Execution. This is the rest of your life - beat the pavement trying to get clients, call up all your contacts, try to advertise and market your services/products in the best manner possible, land a few deals, execute on them, invoice them, get the money in the bank, go treat yourself to a nice dinner somewhere!
Posted by Kanwal K Mookhey at 3:09 AM 95 comments