Technology Plan

Overview

• IPO Model
• Data Collection Overview (Input)
• Target Data
• Collection Options
• Web Data Extraction
• Extraction Challenges
• Data Products (Output)
• Data Quality
• Security Industry Vendor Ontology (SIVO)
• Status of System Development
• System Overview
• System Security Overview
• Architectural Component Overview
• Technology Team
• Proprietary Know-how

IPO Model

Our technology plan is predicated upon the Input-Process-Output (IPO) model of software engineering, which supports the necessary structure of a business and competitive intelligence processing system. Very simply described, our IPO model works in this way:

• Input: Find, collect, and extract the desired data.
• Process: Prepare, organize and analyze the data. [See "Architectural Component Overview" heading below and the "Confidential Documents" section of this business plan.]
• Output: Organize and format the processed data for usage and display. [See list of data products under the heading "Data Products (Output)" below.]

Data Collection Overview (Input)

As previously discussed, Data1Qbit’s business model is to target the cyber security industry and engage in a disciplined, focused campaign to collect data, which will then be processed and creatively packaged into a variety of data products that we will sell through multiple channels. There are three goals:

1. Build a specialized data collection organization consisting of the required personnel, processes, and technologies.
2. Consistently apply this organization to the targeted industry and continuously improve the data collection systems’ collection and processing of data, thereby (and inevitably) creating what will become an insurmountable data monopoly with respect to the targeted industry.
3. Engineer the data collection and processing systems in a manner that facilitates standardization, automation, replication, and re-targeting at additional industries (aka domains) with minimum customization and cost.

No new technologies are required to build these systems. Numerous existing tools and resources can be acquired and adapted to our particular needs, and we can focus our efforts on maximizing data input, processing, output and automation. Then, as the technologies related to our work evolve and improve, we can immediately take advantage of those improvements to increase the strength and market dominance of our data domains.

NOTE: Cyber security has been selected as our initial target domain because it may be the most critical business problem of our time and because of the founder’s working knowledge of this complex area. The data products and delivery systems generated by our efforts will be crucial in protecting the IT systems that sustain our capitalistic system.

Target Data

At this time there are approximately 2,200 companies that produce cyber security products. Additionally, there are several thousand other cyber security companies that provide services such as assessments, mitigation, consulting, product integrations, product support, etc. The global list of such companies is poised to explode to many times its current size, especially considering the effect of the implementation of the Internet of Things and other IT-based technology advances. Our system is engineered to locate and extract the following information associated with all such companies:

• All cyber security products and services produced or provided by those companies
• All features and specifications related to such products and services
• All associated business, news, reports, and financial data about those companies and products
• All user and other sentiment data about those companies, products, and services
• All other relevant and related data that can be found and collected about this domain

NOTE: Another very important data class is that which will be provided by clients as they engage with the VAaaS SaaS application and provide information related to their cyber security needs, problems, and experiences with past vendors. As the size of our client base moves into the hundreds of thousands—and eventually millions—this will be an immensely valuable data asset which can be mined for useful insights that we can use in innumerable ways—all at the same time that we closely guard our clients’ anonymity, confidentially, and security.

Collection Options

The above-described data can be collected and/or acquired in the following ways:

• Purchase of data via data aggregators, brokers, insider relationships, and others
• Acquisition of data via public databases (for example, U.S. Patent and Trademark Office)
• Manual collection of data by our own personnel
• Voluntary data inputs by VAaaS users, product vendors, vendor product users, vendor and user employees, etc.
• Web data extraction via various web crawling, scraping, and harvesting techniques

Each of the above Data1Qbit collection processes requires substantial and on-going human and other resources to accomplish its tasks. All of the above collection methods are very challenging and must be approached systematically in order to achieve maximum value, but web data extraction is clearly the most difficult and most rewarding method. It thus deserves a closer look and is also the ultimate key to developing a true business intelligence system.

Web Data Extraction

If an automated system of web data extraction is correctly targeted at a particular industry domain and then run persistently, vast amounts of actionable data can be collected and made available to sophisticated data mining and data analysis techniques that will reveal a steady stream of fresh insights and possibilities heretofore unobtainable and unimaginable”and of great value to numerous target markets.

Fully automated data extraction with respect to the cyber security industry is available at this time. Developing a system that is mostly automated is our goal, however, but that will entail a systematic process of human and machine interaction to enable data collection, and then a process of continuous improvement over time. Fortunately, web data extraction techniques and tools have been around for some time, and these can be engineered and brought to bear on the cyber security domain in multiple creative ways.

For a thorough and current survey of web data extraction in general, including techniques, systems, applications, and tools including some of the thought-leaders in the field, please see the Web Data Extraction Survey in the Confidential Documents section of the Business Plan. 

It should be noted that our web data extraction processes will be targeted at both the "surface web" and the "deep web." The deep web is the portion of the World Wide Web content that is not indexed by the standard search engines and is estimated to be several orders of magnitude larger than the surface web. The deep web contains much data of use for our purposes.

Extraction Challenges

Clearly, organizing and operating the above-described system poses many challenges and requires the application of a broad range of resources and knowledge. With respect to the business intelligence system we are developing, three particular challenges emerge:

1. Automated extraction processes. Depending on the data targeted, web data extraction includes a series of multiple separate processes-some manual, some automated. The processes of locating and retrieving relevant data/code from the web and other sources are important, but comparatively easy. The challenge is to program the system to automatically identify and extract very specific, domain-related data that has marketable value. Everything else is to be discarded. Sometimes this is straightforward and easy; other times it is much more difficult and can only be achieved after a deliberate process of trial-and-error and refinement.

   Additionally, it should be noted here that this process never ends. The data sources are ever-changing, and the extraction processes must be continuously updated in order to keep up. But over time, the system gets better and better as higher-level tools, such as machine learning and artificial intelligence are applied. With time, the sustained accumulation of data and underlying systemic knowledge-engineering processes become so sophisticated as to become competitively insurmountable.

2. Expansion into new domains. An additional longer-term issue must be addressed up-front in order to position Data1Qbit for fast growth. Everything discussed thus far relates to designing this business intelligence platform to target the cyber security domain. But one of the core assumptions of the business model is that once developed, the technology systems can be efficiently re-targeted at other technology domains such as cloud services, drones, genomics, wind power generation, solar, etc.

   However, successful application of the system to those domains assumes a deep understanding of the market organization and the data classifications associated with each domain "knowledge zones" acquired only by active participation in that domain.

   In order to position the Data1Qbit business intelligence system to rapidly deploy into these new domains, it will be necessary to expend resources up-front to analyze possible target domains and narrow the list so that the system can be engineered to be re-directed with a minimal expenditure of resources and time.

3. Legal issues of web data extraction. As the web becomes more pervasive in all our lives and as the demand for data exponentially increases, the use of web data extraction as a methodology for acquiring data is increasing and becoming more sophisticated. Those engaged in web data extraction sometimes put unnecessary and unwelcome burdens on data owners servers, however, so data owners are responding by implementing technical roadblocks and hurdles. Additionally, some businesses with exposed and sensitive business data, such as airlines, have mounted legal challenges in an effort to block the extraction of data perceived as proprietary IP chattel assets. Thus far, these barriers and challenges are localized to specific states and have had little impact upon U.S.-based "extractors" and virtually none on extractors originating in other countries. Additionally, new and substantial arguments which complicate the application of chattel claims with respect to computer data and the web are being mounted by global data extractors such as Google. A deeper discussion of the various legal issues can be found HERE.

NOTE: Data1Qbit is committed to an aggressive, non-stop effort to acquire domain-specific/targeted data via ALL legal means and will utilize all global resources possible to defeat and circumvent current and future barriers to our data acquisition needs. We are confident that the world’s demand for data and our ability to leverage technology to acquire data will outpace any efforts to hinder such activities.

Data Products (Output)

Once the cyber security data collection, extraction, mining, and analysis systems are operational, the data collected will be packaged as individual products and sold into various markets. We believe that as time passes, demands in the marketplace will reveal the need for a stream of new and lucrative products, but initially the following products will be our primary focus:

1. Vendor Assessment as a Service (VAaaS). This is a B2B software-as-a-service (SaaS) application that helps companies, consultants, integrators and others perform correct due-diligence on cyber security products and services. [Please go HERE for further information and a demonstration.]
2. Various cyber security products and company newsletters. These technology newsletters will provide research, news, opinions, sentiment, analysis, comparisons, testing results, etc. related to cyber security products and systems.
3. Cyber security investment newsletter. This investment newsletter will provide specialized research into technology and market-dynamic issues affecting investment outlooks for cyber security products and product categories.
4. Customized industry-specific data. Cyber security data will be mined and packaged to meet specific industry requirements. Examples include cyber security product and company information related to insurance risk underwriting and financial industry risk audits.

Data Quality

A critical aspect to our success will be our ability to generate large quantities of very high quality, useable data. This is an elusive and very challenging goal. In an IT environment that constantly touts tools and processes able to generate quality data from vast reams of unstructured data, one could be excused for thinking that the quality data problem has been solved. This is not true.

Generating high quality data that can be used for numerous applications, including VAaaS, and ultimately DaaS (data-as-a-service), requires top-to-bottom, fully engineered data processes devoted to the mission of collecting, processing and outputting data in a manner that results in the most useful and valuable data repositories possible. It is extremely difficult (if not impossible) to apply such processes to data "after-the-fact," i.e. after the data has been collected. Success in this arena demands the establishment of a thoughtful, well-structured and master data governance structure before the first piece of data is collected. This is exactly what we have done. [See Architectural Component Overview" heading below and the "Confidential Documents" section of this business plan.]

Security Industry Vendor Ontology (SIVO)

Our data plan must be closely aligned with the language of the domain we operate within - the cyber security company and product domain. Getting everyone...the cyber security companies, customers, insurance companies, governments, and other associated entities on the same language page is important for numerous reasons. It is also a foundational piece of our ultimate success as a commercial enterprise.

Therefore Data1Qbit will support the building of the Security Industry Vendor Ontology (SIVO). This ontology will be an extension and continuation of the taxonomy organizational work previously performed by d1qb and compatible ontological work performed by SINET, NIST and others supporting this space. It will also be compatible with STIX and TAXII, the open community efforts sponsored by the Department of Homeland Security and MITRE corporation. The ontology will form the core language structure for d1qb’s data collection processes and also the requirements definitions of the VAaaS (vendor assessment as a service) and other data products.

As background, an ontology is a formal way to organize and classify the vocabulary around a particular domain of knowledge—in this case cyber security vendors and products. By organizing and classifying this vocabulary, the goal is to standardize the vocabulary and thereby make it readable and useable by machines and to facilitate interoperability between machines and the transition to the semantic web. Thousands of ontologies already exist, and standards for creating and growing such ontologies have been established.

By actively participating in and supporting the development of this ontology, d1qb and our customers will benefit by:

1. Greater access to larger and more customers globally. Our system interoperability will facilitate fast acceptance of our system by large institutional customers already familiar with and using ontologically-based systems. This includes governments, financial institutions, healthcare, large-scale manufacturing, IT services and others. Acceptance by such customers will facilitate the quick establishment of our brand globally and will make our job of achieving global adoption of our system easier and faster.

2. Reducing the development risks of our IT system. By building our IT system on top of an accepted data vocabulary process, we gain access to many mature development tools and processes designed to help us eliminate many early development risks, thereby permitting faster, safer scaling of the system.

3. Getting new products to market faster and more cheaply. Since we are not “re-inventing the wheel” and since the “wheel” we are developing is pre-engineered by others to “roll right”, we can get our products to market faster and with less expense—and with higher profit margins.

4. Lower TCO. With this type of structure in place at the beginning, it has been established that we’ll experience a 30-70% TCO reduction in app development and maintenance.

5. Great user experience. It has been proven that rules-driven content ensures optimum access to data in the fewest clicks. Happier customers = more customers = greater subscription renewal rates.

Data1Qbit intends to be a primary steward of the Security Industry Vendor Ontology (SIVO). SIVO is a business ontology standard providing a description of cyber security product supply chain vendors and their associated products and is an integral component of the semantic architecture of the Data1Qbit system.

It is being created to standardize the language used to precisely define cyber security product categories, products, product features, and current or future classes, attributes, and relations of and between these entities.

The primary applications of SIVO are data harmonization, facilitation of system interoperability, and the unambiguous sharing of meaning across various data repositories. This common language for the cyber security industry will support business process automation while facilitating risk analysis and management.

SIVO is intended to be released as a series of standards under the technical guidance of NIST and the Object Management Group (OMG) and with the inclusive collaboration of other industry practitioners and semantic technology experts. It is anticipated that SIVO’s first release will occur simultaneously with the launch of Data1Qbit in January of 2016 and that Data1Qbit will commit to an on-going funding program designed to sustain and mature the ontology at that time.  

Status of System Development

Building this proposed IT system is analogous to building a 40-story office building. We already know that there is huge demand for the product (office space/actionable cyber security data), and we know that 40-story office buildings can be built because the landscape is dotted with them. Fortunately for us, though, the landscape is not dotted with the type of valuable in-depth, readily accessible cyber security data that we intend to collect and sell.

The systems and knowledge already exist to accumulate and process data on the appropriate scale. This is clear because others have already built successful businesses around Big Data. The question then becomes "can we build that 40-story structure with the architecture that we have developed?" What investors require is for us to prove that we can.

Usually, a technology start-up requires a proof-of-concept (POC) and/or paying customers prior to funding. In this case, neither is feasible or necessary for the following reasons:

1. A review of the VAaaS demo reveals that the amount and scope of data presented in the results dashboard could only be collected and processed by a fully-built data collection and processing system as carefully described elsewhere in this document.
2. The global cyber security crisis has reached such epic proportions as to threaten the very underpinnings of the capitalistic system and the urgency and demand for accurate, real-time cyber security data that can be utilized by businesses (and governments) to make better cyber security decisions is clear and indisputable.

The system described in this document is poised to contribute to the solution of this problem. With respect to our ability to build the system, we offer the following proofs:

1. We have an obvious, understandable, and achievable solution that can play a significant role in the mitigation of the global cyber security crisis.
2. We have an imminently executable short-term and long-term business strategy with almost limitless upside and the rare opportunity to establish a market monopoly (not an overstatement) in the targeted data domain of cyber security.
3. We have a meticulously planned and well-designed system architecture that can quickly be built and launched. [See "Architectural Component Overview" heading below and the "Confidential Documents" section of this business plan.]
4. We have an extensive market viability survey which confirms the market demand for such a product as VAaaS and its pricing assumptions. [See "VAaaS Market Validation Survey" in the "Sales and Marketing" section of this business plan and the "Confidential Documents" section of this business plan.]
5. We have an opportunity to create unique intellectual property that leverages off the need for, and value of, big data as it applies to multiple, targeted technology domains. [See the "Proprietary Know-how" heading below.]
6. We have a core technical team that is ready to execute the system development. This team is led by a seasoned, successful founder with a rare combination of technical expertise, hands-on cyber security experience, business acumen, and extensive business and industry connections. [See "Technology Team" heading below, "The Company" and the "Confidential Documents" sections of this business plan.]
7. We have a stellar, well-informed Board of Advisors who understand and support the concept and the company’s leadership. [Go HERE to learn about our Board of Advisors.]

System Overview

The system to be built is a state-of-the-art, fully scalable, cloud-based system hosted on Amazon Web Services (AWS). It leverages various proven and immediately deployable AWS cloud services such as EC2, S3, EMR, RDS, and DynamoDB.

The system consists of two components:

1. The Data1Qbit back-end: This is the operations back-end, which consists of the Data Services Processor, the Business Intelligence and Data Warehousing component and the Big Data component. The Data Services Processor acquires and processes the various data feeds. The Business Intelligence and Data Warehousing component is responsible for storing and analyzing the extracted information. The Big Data component is responsible for processing "big data" and transforming it into a format that makes it useable and accessible. That data is then made available to the Business Intelligence and Data Warehousing component, which analyzes it for presentation to end-users via the VAaaS front-end portal and by other means, depending upon the requirements of the final data product.
2. The VAaaS front-end portal: This is the customer-facing application, which receives processed data from the Data1Qbit back-end and presents the data to end users and manages all end-user interfaces. The front-end portal leverages powerful, proven third-party applications such as LifeRay CMS, Drools Rules Engine, Pentaho business intelligence systems, and various AWS user management and billing systems.

System Security Overview

As unbelievable as it might sound in today's highly charged environment, most investors in software products are not demanding that security be pre-engineered into the software or that the networks that run the software be correctly protected. This, in spite of the fact that virtually all the IP related to such investments is exposed to attack and theft.

This unfortunate and shortsighted situation does not apply to this company.

Data1Qbit's roots are in security. Cyber security vendor assessments, by their very nature, mean that our customer base will be sharing information related to their security postures and needs. This and other IP data must be protected at all costs and we know it.

A core philosophy of this entire venture is for Data1Qbit to be the standard for cyber security. We understand that we must earn the trust of a global client base that looks to us for the best information possible about cyber security vendors and products. In order to meet this responsibility, the Data1Qbit system is pre-engineered to meet Open Web Application Security Project (OWASP), SANS Institute, and Cloud Service Alliance (CSA) standards. The system will also be fully compliant with the NIST Cybersecurity Framework.

The system will be actively engaged in any appropriate Information Sharing and Analysis Centers (ISACs) and Information Sharing and Analysis Organizations (ISAOs). Our unique cyber security data collection technologies and processes should position us to take leadership roles in these organizations and facilitate relationship and brand building at the highest levels of American business.

Funding has been budgeted for the application of a wide range of internal systems and third-party security solutions, which include:

• Access control
• Analysis and testing
• Data protection (at rest and in motion)
• Perimeter defense
• Security infrastructure
• System monitoring
• Virtualization and cloud security

Our effort will be led by a full-time Chief Information Security Officer (CISO). This is something still unheard of for a company with a 100-person headcount, but it is necessary for us to maintain the high levels of security required to protect our assets and to forge a leadership position within the cyber security industry.

NOTE: Please look at the URL bar at the top of the pages for our web site and note that this is an HTTPS site. This indicates that a SSL certificate has been applied to our site, which provides more secure communication between your browser and our web site. This is a simple, inexpensive, and mandatory security procedure for any business serious about cyber security today. However, you will find as you move about the Internet and visit various sites (including many cyber security companies), that the vast majority of companies do not implement even this basic security procedure.

Additional details related to our security plan and the resources allocated to that plan are available to qualified, interested investors. [See the "Confidential Documents" section of this business plan.]

Architectural Component Overview

The table below provides an introductory overview of a portion of the various architectural documents that describe the IT system. The full system description, associated diagrams, and third-party architectural reviews are available to qualified, interested investors. [See the "Confidential Documents" section of this business plan.]

Diagram/Table Title		Diagram/Table Description
Architecture Key	3.0.0	This diagram shows all the various diagrams and tables and their multiple inter-relationships
Top Level Architecture	3.1.1	This diagram is a bird's-eye view of the VAaaS architecture, illustrating the main components and the flow of information between them
B2B User Data Flow Sequence	3.1.2	This diagram shows the data interchange and information flow between the B2B user and the main VAaaS components
Admin User Data Flow Sequence	3.1.3	This diagram shows the data interchange and information flow between the admin user and the main VAaaS components
Network Overview	3.2.1	This diagram shows the 4 network layers and the nodes and connections between the various layers
Component Level Architectural Overview	3.2.2	This diagram depicts the structural relationships between the various process components of 4 network layers
Application Domains and Extraction Processes-VAaaS	3.3.0	This table presents the various application domains and data extraction processes and identifies those that apply to the VAaaS process
Wrapper Generation Overview	3.3.1	This diagram breaks out and shows the relationship between the various processes associated with wrapper generation
Data Services Processor	3.4.1	This diagram illustrates the various stages involved in acquiring, transforming and processing data within the Data1Qbit processing back-end located in layer 2
Business Intelligence-Data Warehousing	3.4.2	This diagram shows the relationship and data flows between the data warehousing and business Intelligence components, as well as the relationship and data flows between the business intelligence and big data components
Elastic MapReduce: Overall Data Flow	3.4.3	This diagram illustrates the standard overall data flow to and from the Hadoop cluster
Elastic MapReduce Architecture	3.4.4	This diagram illustrates the overall architecture of the Hadoop cluster for the VAaaS SaaS application as utilized within the AWS environment
Data Back-end Sequence	3.4.5	This diagram shows the data interchange and information flow in the data back-end for Data1Qbit
VAaaS Front-end Architecture	3.5.1	This diagram shows the main components and component inter-relationships of the VAaaS front-end
VAaaS Front-end Data Flow Sequence	3.5.2	This diagram shows the data interchange and information flow in the VAaaS front-end portal
Data Front-end Data Flow Sequence	3.5.3	This diagram shows the data interchange and information flow between the B2B data user and the Data1Qbit portal
Data Security Access Levels	3.6.1	This table shows the various access levels provided to the different data storage components to all the various users
Disaster Recovery Architecture	3.6.2	This diagram shows the disaster recovery layers, processes and systems as built upon and leveraging off the AWS infrastructure
High Availability Scaling	3.6.3	This diagram shows the components and data flows in their various layers necessary to provide high system availability and the ability to rapidly scale up and scale down as required
Network Security Architecture	3.6.4	This diagram shows the network architecture abstracted to show only layered security components and data flows. Note that this Network Security Diagram is a basic security architecture which is supported by higher level/more detailed security architectures and components.

Technology Team

Data1Qbit’s founder leads the technology team, and he is uniquely qualified to do so. In 1984, he founded and grew a chain of primary care clinics from zero to $6M in sales in seven years and founded a non-profit outpatient children's cancer center that did more than $1M in volume in two years. Both of these medical organizations represented something that was very rare at that time businesses utilizing IT systems to actually do business in this case, process medical claims and handle other business back-end operations. These experiences created an IT foundation that the founder has continued to build upon.

Additional IT-related experience resulted from the following:

1. Thirty years of hands-on IT experience which has facilitated fluency in the language of IT and the ability to articulate IT concepts in clear and understandable terms.
2. Ten years of experience building and managing virtual IT teams necessary for the delivery of services associated with several IT businesses owned by the founder, included Denver Web Services and Denver Cyber Security-two businesses operating today.
3. Three years of hands-on cyber security assessments, mitigation, and consulting.
4. Three years membership in the Information Systems Security Association (ISSA), including one year's service on the Board of Directors.
5. Eight years of leadership positions within TiE Rockies, a chapter of TiE Global which is the largest organization in the world supporting IT entrepreneurs. These TiE leadership positions have included two years as President of TiE Rockies and current service as Chairman of the TiE Rockies Board.

Two important results of these experiences are (1) a very large Colorado-centric network of IT and cyber security professionals who have been critical in the founder's ability to acquire the technical knowledge necessary to architect and perform due-diligence on the business proposal you are reading, and (2) a huge network of extraordinarily successful and highly trusted C-level associates who are committed to connecting him and supporting him in any way possible.

The current, active, contributing technical team consists of the following:

1. Chief Technical Officer: (Currently VP of IT Infrastructure and Operations at a Fortune 500 technology company)
2. Primary Software Strategy Consultant: (Three successful software exits, including two IPOs)
3. Cyber Security Consultants: (4)
4. System Architect Consultants: (2)
5. Web Extraction Consultants: (4)
6. Data Collection Specialist: (1)
7. Technology Advisors: (8) [Go HERE to learn about our Board of Advisors.]

As a result of the founder's aforementioned global team-building experience, the process of building this IT team will focus on assembling employees and contractors who have exemplary skills and the ability to work and contribute as part of an Agile technology team. [Additional, specific information is available to qualified, interested investors.]

Proprietary Know-how

At this time Data1Qbit neither owns nor has filed for any patents. However, it is the opinion of our technical team that we are sitting on and developing a virtual gold mine of proprietary know-how.

As we deploy our various crawling, scraping, extraction, harvesting, machine learning, natural language programming (NLP), and other data tools, and as we contribute to and come to understand what is described as the "semantic web," we will be perfectly positioned to utilize and commercialize new data methodologies. We will apply these methodologies to our own domains, improving our processes and solidifying our market positions. We will also leverage these methodologies into new commercial endeavors whenever possible.

It is the opinion of the technical team that as we assemble and deploy various existing tools and processes related to domain-specific data inputs, processes and outputs, we will create various proprietary systems that will be of great value. These systems will not only serve as templates for our expansion and growth, but the nature of this work is so new and unique that many aspects could well be patentable. This is the same situation that was experienced by other innovative companies such as Amazon as they aggressively developed and applied existing IT processes to traditional business models.

Whether any of our work is eventually patentable or not, it is fully documentable and we will copyright all our software code and take necessary precautions to protect our various trade secrets. Of course, Data1Qbit and VAaaS have been registered as our Trademarks. This information will certainly become part of the company's intellectual property assets, thereby serving as a foundation for our future growth.