#StartupOfTheWeek : WYZChef 👩‍🍳

Today is an exciting day: we’re launching a new series of articles to shed some light on the gems of La FrenchTech Singapore. Every Monday we’ll share a startup story so that you can get to know our community.

This week we spent some time with Nilo Quiroz and Carole Martinez from WYZChef, a brand new startup who will be accelerated at BACECAMP starting April 2nd. Let’s dive into it!

First things first, what is WYZChef?

Carole: WYZChef is a B2B platform that analyses data to simplify and personalize office catering services based on previous preferences. It saves administrators between 6-10 hours per week and helps restaurants to increase sales, improve in marketing, operations and finance without exploiting them like other platforms.

Nilo: Today when admins or personal assistants have to organize a lunch or dinner, they have to go thru a lot of repetitive, manual and boring tasks: reading reviews, analyzing photos of food, searching for a place that fits their budget, and even accommodating everyone’s dietary restrictions.

Carole: Our platform will automatically help them choose their next meal “wisely” using a smart digital voice assistant. This will allow them to have a quick and personalized food experience that fulfills all their needs.

Who’s behind WYZChef?

Carole: We have a strong team and we all worked together on our previous venture. Our strength comes from our diversity (from 6 countries!) and our unique combination of expertise. That makes us a strong and fun gang!

So Nilo, how did you come up with this idea?

Nilo: Well we run a B2B catering franchise called “Corporate Caterers” in Houston, Texas since a few years back, that’s how we know this industry well. We grew it from zero to almost $3M in 4 years and it is owned by the current co-founders of WYZchef.

During an MBA trip in Singapore I was amazed by the city and I had an “Aha moment” while visiting several companies and saw problems about organizing food during meetings, the same problems we have solved in Houston.

I had a lot of discussions with my partners in the USA and the dots connected as they had the same issue. So we just saw an opportunity for innovation in this process, leading to the creation of WYZchef as the next digital revolution for B2B marketplaces.

What stage is WYZChef?

Nilo: From a product perspective, we just finished our MVP from France and we’re coming to Singapore on March 29th  to incorporate! We’re very excited, because we’ve been selected to follow the BACECAMP program by ACE incubator next month. The plan is to run our beta phase as we already have clients willing to try us there.

On the business side , we are in talks to partner with companies like SAP, Routific, Velove, Google and Grab for integration with our platform. We’ve also continuously been doing market research in Singapore with our target corporations since Summer 2018, and we have a total of 50 qualified leads in Singapore with letters of interest from corporations and restaurants who are ready to try our MVP once we launch the beta phase.

Today, our main goal will be to raise funds to have enough for the 12 months runway of operations in Singapore.

Welcome to the family!

Nilo: Thanks! Since I visited Singapore, I saw La FrenchTech as a key community for us in Singapore. I believe being an active member is a unique asset in this business experience and it can help us to knock on many new doors that will open opportunities for us to change this world.

If you’d like to know more

Here’s a few resources about WYZChef:

10 THINGS I LEARNED BEING A WOMEN IN CYBER

Picture 1

 

According to my CV, I have 12 years of professional experience. I turn 36 this year. It’s bizarre because part of me still feels like a student as I am continuously learning and part of me feels like 350 because of all the unbelievable experiences I’ve been through, but my actual age is 35, and I have just progressed from a Regional ISO Lead Implementer to a Regional Information Security Officer.

I’ve heard people say that your age defines your career and you should be so and so to start your CISO – Chief Information Security Officer – career. So, I’ll post on here my findings on what I consider helped me evolve through my professional journey. I also thought I’d share some lessons I’ve learned, because it’s International Women’s Day! #sharingiscaring

 

Read more on my blog: https://woman-in-cyber.com/2019/03/08/10-things-i-learned-being-a-women-in-cyber/

 

Picture 2.png

International Women’s Day – Interview with Amel Rigneau

You might know that La FrenchTech Singapore recently launched its “Female FrenchTech” initiative. Since then we did quite a bit of work, and we couldn’t think of a better day to shed some more light on this initiative and the driving force behind it: Amel Rigneau. We sat down with Amel for a good discussion on the challenges women face here in Singapore especially in Tech -and how this initiative tries to help.

Hi Amel, can you tell us a bit about yourself and how you landed in Singapore?

Sure! I am a traveler who loves discovering new countries, cultures and people and I love to face new challenges. I’m also very eager to learn and I have always embraced all innovative subjects. That’s one of the reasons why I feel very lucky to have spent a few years in Hong Kong and now Singapore, certainly two of the most innovative cities in Asia!

The dynamism of the startup scene here in Singapore is amazing. I have the feeling you can test any idea and go abroad to scale.

How did you get involved in La FrenchTech and what is your role there?

Actually I’ve known La FrenchTech in Hong-Kong, as I was leading an Entrepreneur Club focused on early stage development.  When I moved to Singapore, I met the core team here and felt inspired by their vision and enthusiasm, so I naturally decided to be part of the adventure.

La FrenchTech is an inclusive and open community. As a member of the steering committee I lead or support a number of projects: setting-up partnerships with local organisations, organizing events and launching initiatives such as “La FrenchTech for Good” and “Female FrenchTech”.

So why did you decide to launch “Female FrenchTech” here?

Simple observation: few women in our steering committee, few women in our internal / external panels, few women among our founders, few women among our investors and a just little more among startup employees… Overall there are very few women in the Tech industry here, and I don’t think it is because we lack talents! So I just needed to do something about it.

You’ve traveled a lot, how do see the role of women here in Singapore?

In Singapore I’ve been impressed by the number and variety of associations, initiatives, incubators, female business angels syndicates and platforms that have been created to support female talent. I stopped counting after 30 just in Singapore!

Honestly, I have been told more and more women have senior positions in VC structures, MNCs and among female founders…but from what I see in day-to-day business, it is not enough.

The stats are crystal-clear: The Mastercard Index of Women Entrepreneurs 2018 shows at early stage entrepreneurial activity Singapore has showed a drop of Female Founders. As for MNC, 8% of corporate board members are women (average in Europe is 15-20%) according to McKinsey’s 2017 report. So we need to catch-up!

At The Female FrenchTech we believe the situation can change and we want to make it happen, together with other organisations.

So tell us more about this. What is your objective with the “Female FrenchTech” initiative?

Of course. Well our ambition is simple;  we want to highlight, help and inspire the  female talents across the region. We’re identifying talents, promoting them at internal and external events (speakers in panels, VC pitches,…), and  showcasing their achievements through our network.

Very cool. So what’s in the works, and how can we follow the news?

The easiest is La FrenchTech Singapore website, our newsletter as well as our Facebook and Linkedin pages. If you’d like to be personally involved or want to chat, feel free to drop us a line on Femalefrenchtech at gmail dot com.

Currently we are preparing events and workshops around investment, with our “Dare to be a Female Business Angel” series. This subject is natural to us because we believe investment is an essential source of funding & support of startups which have a huge impact on economic growth. Women in this field could bring more diversity in terms of soft skills and investment choices.

Certainly! By the way, did you personally experience any form of discrimination?

I saw a lot of cases around me. For instance, around promotion  and wage gap between men and women. In Singapore, the pay gap at the median wage was about 9% in 2017 according to Ministry of Manpower. The reasons are multiple : women never ask for a rise, lack of confidence on  their own capabilities, low awareness about diversity benefice from the hierarchy…

It’s a really complex issue. What do you think is the best way to fight this?      

The situation can change but it will take time. In the meantime, we should all take simple actions -men as well by the way!

    • Apply a  “dare to” mindset and not stay behind the curtain but front and center
    • Be more confident in our abilities even when we are not a specialist
    • We should all support other women and not be more demanding
  • Educate our children, especially boys, to eradicate all kind of discrimination and respect others

I believe the change will come from women but not only. We have to integrate men in our reflexion and our actions.

For instance, I appreciate the initiative “Never without her” in France; which is endorsed by entrepreneurs, players from the digital world, the media,the education industry and politicians . All of whom are accustomed to taking part in debates and public events. But, they have now refused to do so if there are no women involved.

Amel, thank you ! We’ll keep in touch!

Securing the API Economy

If you are a business owner (CEO, CIO, or head of a business line) you continuously need to look for ways to innovate, out-think and out-maneuver your competition. In the sharing and collaborative economy we live in, you have an unprecedented opportunity to team up with others to make what you’re good at even better, even more compelling, or part of a larger value proposition. Never before in our history has it been simpler to do so.

The argument is this: there are capabilities that YOU offer and deliver better than anyone else. As a result, you want to make full use of previously isolated data sources and make your capabilities available to others. To do so, you need to plug yourself more into the fabric of the “API economy.”

The term API (for Application Programming Interface – a program calling another program through its API) has been around for a long time; however, over the past few years there’s been an increased interest in APIs, more specifically “Business APIs” or “Web APIs.” “Business APIs” are pretty simple to understand: they are interfaces focused on business assets – for example, a product, a client, an order.  

The “API Economy” relates to the use of “Business APIs” to positively impact a business or a government agency.  API initiatives focus mainly on business drivers related to:

  • innovation
  • faster time-to-market
  • improved sharing of assets
  • the creation of new revenue streams by connecting the physical world with the online world (omnichannel strategy), and by addressing new clients/industries/geographies/use cases
  • improved client experiences

Increased employee engagement is also a focus area for many organizations.

Business APIs are making it easier to integrate and connect people, places, systems, services, data, products, things and algorithms. All industries, all verticals, and corporations of all sizes can extract value out of their data and connect with others – not only tech corporations. APIs now allow any business to embed itself into other folks’ business in an unprecedented way.

Random examples of the API Economy at play include:

  • Google providing Google Maps, which a retailer or ride-sharing company can plug into its applications without having to build its own mapping system
  • PayPal or Stripe payment systems integrated with B2C apps
  • Using your Facebook account when you sign in various apps
  • Brick-and-mortar retailers developing ecommerce channels and leveraging backend APIs to handle things like payments, shipping, etc.
  • IoT technology-enabled pest control systems with automatic notifications of caught rodents in Wi-Fi connected snap traps.

The API Economy’s value is in the trillions of US$, per various industry estimates: https://www.mckinsey.com/business-functions/digital-mckinsey/our-insights/what-it-really-takes-to-capture-the-value-of-apis

In fact, an interesting industry survey suggests that more than a third (35%) of enterprises generate 25% or more of their topline sales from APIs:  https://www.mulesoft.com/press-center/technology-trends-2018-connectivity-benchmark. An astonishing number!

But here is the downside: as we transition into an increasingly digital-first environment powered by the API Economy, fraud actors follow the data, simply because data (after human capital) is one of the most valuable assets a business has. And APIs are the key to that data.

If your API is insecure, if your workloads or your users’ online browsing or identities get compromised,  you open up a threat vector into your business AND your ecosystem of partners.

Bottom line: When business leaders and developers connect disparate data together and core transactional systems are made available publicly, this increases the attack surface for malicious actors who can now infiltrate entire ecosystems through their supply chains.

How to mitigate your risks in the API Economy?

As a progressive business leader who is winning in the market by leveraging partners’ ecosystems, the last thing you want is for fraud actors to steal your confidential or regulated data or your financial assets.

As always in IT security, you must adopt a three-pronged strategy to minimize risks and boost your cyber security posture:

  1. People – continuous user education and awareness so that your employees truly become a “human firewall” and can spot a phishing email a mile away
  2. Processes – there are good practices aplenty around regular data backup, patching and incident response (beyond the scope of this blog post)

The best technologies will not secure your business from malicious actors if you deploy and configure them wrongly. The recent SingHealth breach in Singapore proves that no matter how advanced your security tools, if your people or processes “break,” you’re in for trouble and for receiving a lot of unwanted attention in ways that will impact your reputation or revenue or both. https://www.zdnet.com/google-amp/article/employees-sacked-ceo-fined-in-singhealth-security-breach/

  • Technology.

If you intend to be an active part of the API Economy and provide your APIs to others, you will be the target of security breaches if you don’t properly think through versioning and deployment. Start by securing your APIs with an application services governance framework – which caters to the end-to-end governance for all types of network services. A good starting point for your research is the 2018 Magic Quadrant for Full Lifecycle API Management by global research and advisory firm Gartner.

Additionally and importantly, if not done already, you must secure your workloads (whether your applications or services reside on-premises in your traditional IT infrastructure, or off-premises in a public or private Cloud, or in a hybrid IT model), and your employees’ identities. Technologies from WatchGuard around network security and multi-factor authentication will certainly help you achieve this important aspect of securing the API Economy.

Sylvain Lejeune, RVP APJ WatchGuard Technologies

linkedin.com/in/sylvainlejeune

How to defeat Malicious Everything-as-a-Service

In the sharing & collaborative economy we live in, we are witnessing two major trends at play.

First, an increasing number of people are getting online. Recent statistics suggest that 4 billion people around the world are now using the internet (this is half of the world’s population): https://wearesocial.com/blog/2018/01/global-digital-report-2018

Second, the consumerization of IT. Business leaders and lines of business are increasingly consuming IT services from their own IT department or directly from public cloud services providers (a trend called “Shadow IT”) on a pay-as-you-consume/PAYG (Pay-as-you-Go) basis. This IT-as-a-service framework has a few fundamental attributes:

  • Standardization
  • Automation
  • The availability of a catalog of services (the “service menu”)
  • Orchestration
  • A business and charging model based on consumption/PAYG
  • Self-service capability

We are now living in a demand-driven model vs the old supply-driven model which was focused on the available legacy technology and its constraints.

The winners in today’s super competitive markets are those that can out-think and out-maneuver their competition. They do so by leveraging a self-service-based operating model based on a high degree of standardization and automation, increasingly with a consumption-based business model (PAYG).

As a result, tech is increasingly present in every single revenue stream.

And bad actors have followed suit. They are leveraging the aforementioned trends to pocket large financial benefits. They are making malicious code and attacks available to the masses as “kits” which can be consumed as-a-service off of service menus built on highly automated and scalable architectures. Add all the stolen data to the mix and you have a very powerful (and daunting) value proposition.

It is very easy, cost-effective and fast now for malicious actors to modify hashes and create new malware variations that evade signatures. Hence the massive amounts of malicious code out there. More on this later.

Examples of “Malicious Everything as-a-Service” abound

Phishing attacks. There are now phishing kits available for sale. They comprise phishing website resources and tools that need only be installed on a server. Once installed, all the fraud actor needs to do is send out emails to potential victims. Email addresses of potential victims are available on the deep web – just like phishing kits.

Ransomware-as-a-Service, or RaaS, are ransomware distribution kits sold on the dark web for a few hundred dollars that allow malicious users with little technical skill to attack relatively easily. Some of these kits allow fraud actors to create their very own customized version of a given ransomware, e.g., Satan, with a “profit-sharing” business model (e.g,, the RaaS developer takes a 30% cut of any payments made by victims, the attacker pockets 70%).

DDoS attack tools are also easily available. A simple web search reveals a significant number of booter and stresser services openly advertised which give unskilled individuals the ability to launch significant DDoS attacks. 2016 marked a turning point with the Mirai malware, which triggered DDoS attacks originating from botnets of compromised Internet of Things (IoT) devices. A series of devastating attacks from the Mirai botnet struck a number of high-profile targets. Variations of the Mirai malware are still active today. More details at https://en.wikipedia.org/wiki/Mirai_(malware)

One of the most active services for launching distributed denial-of-service (DDoS) attacks, WebStresser.org, was taken down in April 2018. The service had more than 136,000 registered users, and it is estimated it contributed to millions of attacks over a three-year period. All of this for a mere 15 euros/month for users to carry out devastating attacks.

In all three aforementioned examples, phishing kits, Raas and DDoS attack tools, the business model, automation, standardization, service menu and the self-service capabilities are five attributes which closely align with IT-as-a-Service and the collaborative economy we mentioned earlier.

An avalanche of malware, compromised URLs, DDOS attacks

The phenomenon of “Malicious Everything as-a-Service” and the rapid growth in the volume of available highly standardized kits have led to a deluge of malware, cryptomining software, compromised URLs, DDoS attacks (in the wake of Mirai), etc.

As briefly mentioned earlier, it is easy and fast to create new malware or mutate** existing ones to evade detection. Today’s malware threats are far more advanced and prolific than ever before. Modern malware creation is automated. As a result it requires very little effort for attackers to mutate a piece of malware. [**Mutating malware is the process of changing existing malicious software without altering its functionality. This is often performed by changing a piece of malware’s hash. Mutation allows malware to evade signature-based anti-malware solutions such as your traditional antivirus.]

The case for man and machine working together

The rapidly increasing volume of advanced, evasive cyber threats is triggering the urgent need for traditional human involvement in addressing IT threats (through the provision of signatures, white-listing, black-listing, heuristics, etc.) to be augmented by the immense capabilities of artificial intelligence. In particular, it is the ability of machine learning and deep learning models to deal with vast data sets – an ability that humans simply do not possess.

Machines and algorithms bring automation, quicker response times, reduced error rates and pre-execution capabilities to the table. It is all about processing and analyzing large amounts of relevant data, and scale.

Human analysts bring human insights at two critical levels: once the AI models have sorted through data, human analysis can then take over and look into suspicious patterns of activity to confirm whether or not these are actual attacks or false positives.

That human analysis then feeds back to the machine learning models (e.g., by adding another layer of security or by continuously sorting and adjusting a mix of supervised and unsupervised machine-learning models, or a combination) to improve pre-execution outcomes and future predictions.

This is the power of man and machine working together to address the increasingly automated, standardized production of “Malicious Everything” delivered as-a-service to wannabe hackers who are flooding businesses, government agencies and consumers with compromised websites, DDoS attacks, cryptomining software and malware of all sorts.

Sylvain Lejeune, WatchGuard RVP Asia Pacific & Japan