What does CONFIDENTIALITY mean to Wildflower Ventures?

DISCLAIMER

First and foremost I want to make it clear that I take this topic very seriously and not only take confidentiality between clients as top priority, but I also work with leading agricultural security people like Andrew Rose, Kristen Demoranville, and Whitney Zatzkin to make sure that I’m as safe as possible when it comes to cybersecurity attacks.  I have clear policies and procedures along with physical security to protect any information that is shared with stays between myself and my clients. Now onto my blog. 

Introduction

Hiring anyone is tricky, but hiring a contract employee, especially a fractional product development specialist, feels a little like asking a competitor to peek under the hood. 

I’ve been pondering why leadership balks at the opportunity of hiring a contractor to do the work compared to a payroll employee.  And I think it has a little to do with confidentiality and security. 

Contractors and especially consultants have historically been associated with someone outside the organization.  Someone advising on the strategy yet not fully inside. And what I’m proposing is a fully integrated fractional position. It feels a little like asking some outsider to come in and learn all about the inner workings of a top secret mission.

I get it.  And I’m here to tell you I’ve thought about all this.  I want to keep your competitive advantage your competitive advantage. I don’t want to leak any trade secrets or strategic assets to anyone especially your competitors. But I also whole-heartedly think that hiring contractors to help achieve your goals is not only financially smart, but acts as a different kind of competitive advantage altogether. 

So join me while I layout my confidentiality framework that keeps my clients safe and secure and why rethinking traditional hiring models is a start-up’s way of staying nimble in a rapidly changing and highly uncertain market. 

Confidentiality Isn’t a Job Title

I had one client intially say they aren’t interested in a temporary person.  That they didn’t want to put time and energy into creating a bunch of stuff just to have me leave in 6 months and have to start all over again. They would have felt much better if I was full-time employee.  But what they were really saying is that they perceived me as a flight risk compared to a payroll employees.  It was the contractor aspect of the work arrangement that made them nervous. 

Here’s the thing though.  I’ve seen payroll employees leave after 3 months or less.  Just because someone commits to a payroll type position doesn’t mean they are more serious about staying. A payroll employee DOES NOT equate to loyalty.  And I need to say this again.  A payroll employee SHOULD NOT give you the false confidence that they are in it for the long haul.  Start-ups are prime for job hoppers because it’s understood that things are volatile and changes so quickly that less than 2 years at a startup isn’t as alarming to future employers as it is in a well established corporate company. 

Furthermore, in a start-up situation, things change so rapidly that being nimble enough to plug and play skillsets is an asset.  What you need in years 1-4 is drastically different than years 5-10. In the beginning you need mostly builders.  At some point,  you need mostly doers (turning the crank).  Those are two different people entirely. 

What I urge you and the industry as a whole to reframe fractional work.  It shouldn’t be considered a liability but an asset.  It’s a way to get the very specific skillset you need for the time you need it.  And usually at a price that much lower than would typically cost as a salaried payroll employee.

Let’s take payroll taxes as an example.  An employer gets taxed at 6.2% for social security and 1.45% for medicare. There’s more than that, but let’s keep it simple.  So if you are paying me $125,000/year for my full-time salary, that’s $9,562.50 in payroll taxes you’d owe just on my salary alone. That’s 2 in-vitrol fermentation experiments at a University or one small-field trial.  To me, this is a no brainer. 

Why I Chose the Fractional Path

Start-ups need experienced talent at an affordable rate. What they don’t need are over-inflated industry ‘gurus’ that are more salesmen than experts. The issue is good, experienced talent is expensive.  So startups settle for hiring industry leaders in an advisory role (which is great, don’t get me wrong), but then they are left with still trying to figure out how to execute.  

They need builders at an affordable price. And ones that they don’t get ‘stuck’ with when they outgrow their utility.  $120K is an expensive salary to maintain.  Wouldn’t it be nice to bring that individual in and out of your organization when you need them?  You might need them during year 1-2 and then maybe again in a few years when you go to launch your second round of next-gen products. 

But all this in-and-out can make it daunting to try and figure out how to keep your information safe and secure.  For example, what if I’m working with two biological companies at the same time?  How do I keep the content creep from happening in one meeting to the next?  Let me explain my philosophy.

My ‘Secure by Design’ Philosophy

As I mentioned above, I’m friends with some major Ag cybersecurity folks so I have adopted a ‘secure by design’ mentality for my work.  But instead of how to ensure a web-based product is safe from cyber attacks, I make sure my client’s information is secure from potential leaks, cross-over, cyber attacks, and anything else that might put a company in jeopardy. 

So what does this mean in practice? 

• Utilizing a company’s secure server and shared drives increases difficulty in accessing sensitive documents. I request access to the client’s internal servers or cloud-based shared drives. I then require that no confidential information is ever attached to an email.  Only send me links, and if needed, password protect the folders or files.  This ensures that anyone that might gain access to my email can’t just download information.  Additionally, on the backend, there should be timestamped and logged access to the file/folder in case my clients ever need to see when I’ve accessed a particular document.  This is all about accountability. 

• All external communications on behalf of my client goes through their company's email server with either my own corporate email or a general ‘info’ email domain.  I also ask for a company email domain especially if I will be communicating with external partners on behalf of my client.  I don’t usually use this for day-to-day communication,  I use my Wildflower email for this or a chat program like Google Chat, Slack, or Teams. But if I’m going to need to communicate with any external companies like universities, CRO’s, strategic business partners, then I want all that communication to come from the client’s email server.  Firstly this allows all that communication to stay within the company once my services are no longer needed.  It also eliminates the potential for Wildflower’s to become a target as a way to get to a client's sensitive information. 

  
  

• A single space for organizing all meetings for simplified meeting oversight. I prefer to utilize my Wildflower’s calendar for all meetings.  This helps me manage my calendar in a more efficient and effective way. Maybe things like Calendy could help with this in the future, but for now I’m not there.  It also helps me manage security risks without having to worry about someone gaining access to my calendar via another platform’s security holes (not implying that any calendar services’ security is weak, I’m just simplifying my life). 
  
  

• Secure calendar practices to avoid screen-share leaks. The way I send calendar invitations anonymizes the attendees and objectives in the off chance there is an accidental screen share situation. 

   

• Open communication about public/private visibility. One of the first questions I ask new clients is whether they want people to know I’m working with them or if they’d prefer I stay a silent partner. I have no preferences either way and will happily oblige in whatever makes my clients feel safer. Sometimes a new company wants to see themselves connected to a reputable industry voice/leader, and other sometimes that company doesn’t want their competitors to know their strategic partners.  It’s all part of their strategy and should be discussed as early as possible.

   

• A no competitor rule.  I will not work with direct competitors at the same time. Regardless of how careful I am, I do not foresee any way someone can keep things separate without bleedover. This is plain ethics, and I will not cross that line. But with that being said, just because at a company seems to be a competitor, doesn’t mean that I’m asked to do the same things. Let’s use seaweed as an example. I could be asked to help commercialize a specialty crop soil amendment for one seaweed company while another seaweed company asks me to help commercialize a feed additive for cattle. From a product development perspective, those two activities couldn’t be more different. And this is where all the above stuff comes into play to keep myself and my clients’ sensitive information safe. 
  
  

I’m hired to build processes that are repeatable and scalable. So if I’m hired by a client that can’t meet any of the above guidelines, then we build a system together.  And not because they should keep me out of their internal workings, but because the above are general best practices.  And as a company grows and more people are coming and going, my clients need to make sure they are protected from mal-intent.  This isn’t about making my life easy, this is about making sure my clients survive and thrive long-term. 

Built on Ethics; Not Legal.

Look, NDA’s have their place.  They signal trust, trust that the two signing parties are willing to take the conversation to the next level.  But besides that.  I’m not sure they are good for much else.  NDA’s are legal tools to win breaches of confidentiality. And from my perspective, that breach must be pretty substantial and documented to be worth a trial. Which is why my confidentiality and security guidelines are based on what I deem ethical and just the right frickin’ thing to do. 

Agriculture is reputation based no matter the sector: ranching, dairy production, farming, cropping, you name it. So it’s SUPER bad business practice to go around sharing information (any information) about what I’m doing to other people (competitors or not).  That decreases my credibility. And I care deeply about that. 

My Philosophies are Open-sourced; Execution is Proprietary

I’m completely open on LinkedIn and on my website about my philosophies on product development and commercialization. I believe in the 3 Pillars of Product Development. I believe that companies, especially in this economic climate, should be launching in a very small, niche geographic location with a strategic partner, and I believe in growing your company through retained earnings whenever possible. These are also not groundbreaking ideas and philosophies.

But what the above looks like in practice and execution is so nuanced and unique for each and every company that it doesn't matter if I copy and paste these philosophies over and over again into different companies, the output looks totally different. It’s a huge world out there with endless biological possibilities.  The beauty of this is in the details.  And that is why I absolutely LOVE biology and trying to commercialize bio-based products. Each one is a puzzle waiting to be put together, and no two puzzles are the same. 

To summarize.

If your company doesn’t have some of the fundamental best practices mentioned above already in place, reach out.  Let’s talk. I’d be glad to help design and implement some security protocols. 

Secondly, I welcome a challenge to anything above.  Any good security and confidentiality program is only as good as the holes poke through them.  So if anyone sees anything I missed that I should definitely implement or address what I’m doing to reduce risk, email me.  I’d love to talk and figure out what I can do different to mitigate the risk.