Author: Brett

Posted on

Leadership Requires Taking a Stand

For reasons I’ll cover in the future, I took a break from blogging. I did not intend to resume this week, and I did not expect that this would be my returning topic, but recent events have been a catalyst for me, and silence wasn’t really an option.

“We must take sides. Neutrality helps the oppressor, never the victim. Silence encourages the tormentor, never the tormented” – Elie Wiesel

I had no intention of covering politics on this blog. In speaking to the importance of leaders taking a stand, the public and obvious failure of Donald Trump was an example that could not be avoided. Further, it would be hypocritical for me to cover this topic without taking a stand myself.

A Leadership Softball

History’s losing flags on display in Charlottesville

Last weekend Nazis rallied in Charlottesville, spouting words of hatred and eventually murdering Heather Heyer. As much as the “Unite the Right” mob wants to claim that they are non-hateful and simply defending white heritage, chants like “Jews will not replace us”, “Fuck you, faggots”, and “Blood and soil” (which comes from Nazi roots), combined with marching under the flags and other imagery of Nazi Germany, clearly reveals the true intent. Describing these people as Nazis is not hyperbole – they are literally marching under the flag that many of our grandfathers gave their lives to defeat.

Denouncing the actions of Nazis is a leadership softball. In my home town of Berkeley, which is frequently (and sometimes fairly) considered socialist and crazy, Top Dog, an establishment that is staunchly libertarian and pro-free-market, fired an employee participating in the Nazi rally. The owner of Top Dog is not a delicate snowflake with hurt feelings, he took a stand against what was morally wrong and backed it up with actions.

In contrast, Donald Trump failed to even take a swing at this leadership softball. His initial comments appeared sympathetic or even supportive of the Nazis, receiving praise from former KKK leader David Duke. In an uncharacteristic two day delay to ensure, “what I said was correct, not make a quick statement”, Trump denounced the Nazi groups, in what appeared to be a forced reading of a prepared statement, days after most leaders (and bipartisan elected officials) took a firm stance against the Nazis. After what would have simply been considered a disastrous display of failed leadership,  yesterday Donald Trump destroyed what little credibility he may have garnered, when he effectively backtracked on his condemnation of Nazis, and seemed to equate our founding fathers to people that committed acts of treason waging war against the United States.

The Nazis in Charlottesville were largely Trump supporters, so Donald Trump making a clear and decisive statement against these hate groups may have come at a cost of losing some of their support. If you assume Donald Trump was simply attempting to remain neutral, the lack of a commitment against something so obviously anti-American (Nazis), was largely interpreted as support for the hate groups – this interpretation was echoed by politicians from both sides of the isle and from the hate groups themselves. After Trump’s impromptu shit show on Tuesday in which he doubled-down on his “many sides” to blame, it left little doubt where he really stands, although he still hasn’t displayed the leadership to clearly define his position.

Taking a Clear Stand

It’s necessary for leaders to take a clear stand on issues that impact their organizations, both to act as a beacon for what is expected for the organization, and to enable people to leave the organization if it is inconsistent with their own values.

A good way to test whether a company is committed to its cultural values is looking at how the company acts when holding to those values comes at a real cost. Similarly, leaders should be judged by their actions as they face adversity… are they willing to make personal sacrifices to maintain their integrity and live by their values.

In 2015, as CEO of IMVU, I made the decision to not allow the confederate flag in IMVU’s products. Some customers reacted unfavorably, some directed hostile remarks at me, and customer service received complaints. There was also some impact resulting from customers that had purchased or sold the products. I had expected all of that. And as much as I value freedom of speech, ultimately the value of IMVU being an inclusive community for millions of customers outweighed the impact of eliminating the emblem representing a war waged on the United States to defend the right to own humans. My actions were not big and bold, they were simply doing what I thought was the right thing given the values of the company and its community.

Regarding Donald Trump’s failed leadership, six business leaders have stepped down from presidential advisory councils, citing their own values as the primary motivation for distancing themselves from Trump. These leaders have clearly taken actions consistent with their personal values, and did so at a cost, as Trump quickly attacked and belittled these leaders the moment they stepped down. Those remaining on the presidential advisory councils may not explicitly support Trump’s defense of hate groups, but their continued support of him as a leader acts as an enabler, and casts doubts on their values or the ability to act consistently with their values. Trump’s top economic adviser Gary Cohn is reportedly ‘disgusted’ and ‘appalled’ by Trump’s responses this week, yet plans to remain in the administration, implicitly supporting Trumps behavior. Gary Cohn, who was born into an Eastern European Jewish family, continues to support a man that can’t denounce Nazis – as a citizen (a member of the US organization) I draw the conclusion that Cohn values tax reform and deregulation above what I would consider a non-starter, supporting somebody that can’t condemn hate groups.

Live Your Values

An organization’s culture and values are just pleasant little phrases in the employee handbook unless the organization reinforces the values in all actions, especially in tough times.

As a leader, if you are unwilling to state a position consistent with your values or sacrifice to take actions supporting those values, you don’t actually hold those values, or you are not a leader.

 

Posted on

Firing People Respectably

Firing people is perhaps the most unpleasant responsibility that comes with being a manager.  I’ve read many articles on “the right way” to handle firing, but my experience has taught me every case is different, and even following the best advice can result in a challenging interaction.

I’ve created guidelines for myself that feel fair (this is how I want to be fired), and I accepted that firing is unpleasant for everybody involved, so it’s ultimately about making the best out of a shitty situation.

My guidelines come from the perspective of a culture I want to see in a company, not the legal perspective (which tends to err on the side of corporate protection over recognizing the human components).

Guidelines for a Firing Manager

My guiding principle, be respectful, helping the employee retain their dignity, drives these guidelines:

  1. Always remember you’re firing a person, not a resource.  In almost every case being fired is an emotionally painful situation, and being mindful that you are firing a person, with feelings, fears, and personal responsibilities that will be compromised as a result of job loss.  People react unpredictably in emotion-filled situations.  As the firing manager it is important to be respectful through the whole process and be balanced in responses to the other person’s (re)actions.
  2. Don’t get into a detailed discussion.  A common pattern is the person being fired will want to get into the details about the decision to fire.  The firing discussion should be efficient (there is nuance in balancing not being insensitively fast vs. dragging out the pain).  The manager should absolutely provide a high-level explanation, and the next steps (ideally the company has a standard document that explains the issues that will be important to the employee), but the person being fired is very unlikely to actually hear a detailed discussion – they are too emotional to process it.  If a person being fired wants to get into details, I suggest scheduling coffee the following week, giving them enough time to figure out what questions are really important and getting past the initial shock so they can be receptive to the answers.
  3. Never discuss individual details with others.  When a person is fired, other employees frequently want to understand more details.  It can be tempting to want to bring others into the loop or calm an underlying “am I next?” fear they may have by sharing the details, but it is disrespectful to the person being fired (it’s also probably a liability for the company). Instead, have a culture that is transparent about the process (why and how) people are fired, while never discussing an individual’s specific situation.

Reasons for Firing

The reasons for firing an employee generally fall into three categories: performance, role eliminated, and violating the company relationship. Each impact the person being fired, other employees, and possible outcomes differently.

Performance Problems

When an employee is under-performing it is their manager’s responsibility to make that employee successful and, if that fails, fire the employee. An employee’s performance should be a regular discussion with their manager, and missing expectations should be made explicitly clear, along with clarity around the exact expectations and a plan to improve.  If the improvement doesn’t happen, the firing discussion should be more of a final conclusion to the mutual recognition of the problem, with both parties aligned on the shared data.  My rule is, “if the employee was surprised they were fired for performance reasons, this is a failure of their manager”.

Role Change

The role change scenario is one where the company’s requirements or constraints have changed and an employee is no longer appropriate for the role.  I’m including layoffs / downsizing in this category (not being able to pay people is a constraint).  A commonality in these firings is it includes qualified, successful employees.  This is the one firing scenario where additional insights into the decision can be shared with other employees, as the decision is not about an individual (but be sure that the role change is the real reason for the firing, otherwise it will eventually result in distrust from employees).

A role change specific to an individual feels the most personal for the person being fired and can be hardest for other employees to understand. The message of “great for previous role, wrong skills for what the company needs going forward” is easy to say, harder for employees to process, often because a good employee will be leaving, and many employees won’t have the insights into the need for the change (or may simply disagree).  The best analogy I’ve been able to come up with is sports teams, where a great player may be traded to make room for a player that has different skills that make the team better as a whole (as in Moneyball, where trading stars for players that just got on base resulted in a better team).

When a role change is impacting many people (typically driven by financial situations or discontinuing a product / service), explaining to the people impacted can be more comforting than when it is a single role, since the reasons don’t feel as personal (make no mistake, for the people being fired the impact will feel very personal, it just won’t feel like they were individually targeted).

Violating the Company Relationship

Every company has it’s own unique culture, principles, rules, and expectations in the relationship with each employee, and between employees.  I’ll use “don’t steal” as an example, since I this is probably a common deal-breaker even in the most toxic environments.

When there is a violation of the relationship, the employee needs to be fired, otherwise the company is signaling that it isn’t an actual expectation of the relationship, or perhaps worse, that enforcement is selectively applied. In this firing the employee should not be surprised, however an employee willing to violate the relationship in one dimension is likely willing to double down and deny their responsibility in the situation. Unfortunately, this is one of those nobody wins outcomes that, as a manager, you simply need to get thorough it, look for the learning opportunity, and move-on.

A particular challenge in this type of situation is the inability to offer an explanation to other employees, especially if the violation was concealed. Using the stealing example, the company could have liability is disclosing the violation to others, so employees just see somebody fired for no apparent reason.  As recommended in my guidelines above,  if your company has a (trusted) transparent culture around how and why people get fired, many may infer that it was either a performance problem or violation, which a better outcome than the firing feeling random.

Management Failures

Employment is a relationship, and the manager and company have to acknowledge their responsibility in the failed relationship, both in why it failed and the importance of properly handling the failure.

Passing the Buck

If there are other existing opportunities where the employee could be successful at the company, that can provide a solution that is both a win for the employee and the company.  However, since firing is so unpleasant, managers should be challenged to understand if they are diverting the problem to somebody else or do they really feel the employee is best for the opportunity.  Ask the question, “if the employee didn’t work here but was applying for the new opportunity, would you hire them?”  If the answer isn’t a confident, “yes”, the manager is likely passing the problem to somebody else. Another red flag is the creation of a new role for an employee that would otherwise be fired… in almost every case I’ve experienced, this is a manager avoiding a tough (and necessary) decision.

Performance Improvement Plans

Performance Improvement Plans (known as “PIPs” in HR speak) are formal documentation explaining the employee’s performance problem, the expectations, a process to improve and a success evaluation date. On the surface this is all great – issues that should have been discussed in 1:1 meetings. When used as a tool with the intention of making the employee successful, PIPs can be really helpful in providing clear expectations.

The dark side of PIPs is when they are used as an HR cover your ass maneuver, in which the employee’s fate has already been decided but, because of risk or liability, there is a desire fore the company to have ample documentation around the termination. Don’t do this.  When a firing outcome has been determined, fire the employee.  Dragging-out a process or giving false hope is disrespectful, and arguably cruel.

Learning from Failure

A firing may not reflect a failure, it might actually be the best decision for the company and perhaps even for the person being fired.  However, all firings can be an opportunity for the company to learn and improve its processes. If it was a new employee, try to understand how the interview / hiring process could have identified the issue.  With longer-term employees, look for training opportunities (for the employee or management) that could have resulted in a more successful outcome.  Understand when the firing should have happened and what should be done next time. Since firing has such a big impact to both the employee and the company, there is value in continually improving the process to reduce or avoid any firings that could have been saves.

Have you been on either end of the firing process and have suggestions for improving how it gets handled?  Please leave a comment!

Posted on

Fairness in Employee Intellectual Property Rights

Silicon Valley is still in the Jurassic age when it comes to employee intellectual property rights.  It’s not that Silicon Valley has lagged behind others in this regard, but there has been no innovative leadership while there is ample opportunity to set an example for fair employee policies.

Before I was the CEO of IMVU, I was SVP Engineering, and in 2011 I drove an initiative to change the company’s policy regarding the ownership of employee side projects. At the time my basic argument was we were actively looking to hire employees that are builders, creators, tinkerers and then had a policy (like every other company) that oppresses the same qualities we actively sought.  The new policy created a path for employees to have guaranteed ownership of their side projects and be protected against any future claims from the company.  I detailed the outcome in my article IMVU’s Employee-Friendly Policy on Side Projects. (sadly no longer posted, but accessible via Wayback Machine). My hope was other companies would embrace and improve on this first step.

6 Years of Progress!

In the 6 years that followed,  there has been a massive wave of companies acknowledging that some of the best employees they can recruit are passionate builders that actively contribute to open source and hack on pet projects to feed their creativity and passion for learning new skills.  These same companies have changed their culture and employment agreements to support these employees by recognizing that traditional intellectual property assignment agreements are over-reaching.  Actually, none of that happened.

For the most part, the state of employment agreements and employee intellectual property rights hasn’t changed.  Many companies still have policies with far-reaching claims on anything the employee creates, at any time, even if not directly related to the business and whether or not company resources were utilized.  It doesn’t matter that some of these claims are not enforceable (in particular, California has much more employee-friendly laws), many employees would simply give up rather than incur the legal costs to defend their rights.

The result of the continued inconsistency between company policies and employee behavior is an awkward cultural and legal situation, where employees have side projects and sometimes kind of keep them secret and the company sort of doesn’t acknowledge the side work when it knows about it… a wink wink, nudge nudge arrangement until it isn’t, and the company decides it owns the employee’s thoughts.

I’ll take a moment to call out (and praise) a recent exception… GitHub recently introduced a policy to let employees keep their intellectual property.  GitHub’s policy is called Balanced Employee IP Agreement (BEIPA) and recognizes that the employee has rights to projects that are not related to the company business, and also that “free time” and “company time” is fuzzy (the policy doesn’t explicitly state that employees can use company resources, but it also doesn’t claim rights either).

The Challenge of Change

As I went through the process of changing an industry-standard policy, I gained a much better understanding of the challenges. Ultimately the challenge of innovation in these policies comes down to no perceived upside for the company with fear of embarrassing failures from the innovation

Standard Employee Agreements (which include assignment of intellectual property) are heavily weighted in favor of the employer and, since they are pretty much the same at every company, there is no competitive market and little reason to change. The company’s fear of losing out on an amazing invention can also come into play, with concerns that the company will forfeit rights to what could have been a game-changing development (who wants to be the idiot that let go of the billion dollar idea?). And finally, lawyers… corporate counsel provides tried-and-true boilerplate Employee Agreements, and the same corporate counsel that reviews the policy change is typically risk-averse, seeing rights-releasing changes as mostly downside with unknown benefits.

I found that most of the challenges in changing this policy were key stakeholders taking a “why we can’t” approach instead of a “how can we” attitude.  Now having 6 years of experience with the policy, I can unequivocally state that it resulted in no downside for the company and only goodwill for the employees.

Getting to Fair Employee IP Rights

I believe the first critical step in getting to fair employee intellectual property rights is bringing awareness that change is desired and possible.  Without a push from employees, it’s too easy for employers to just keep doing things the way they’ve always been done.

If you are an employee that would value a more equitable arrangement around intellectual property rights, let your employer know!  As a starting point for what is possible, point them to the improvements made at IMVU or GitHub.  Make an offer to your employer to promote the company’s leadership in this area and use it as a recruiting tool for creative talent.  If you are interviewing with a company, ask about employee IP rights – if this becomes a common topic from candidates, HR (recruiting) will see the value in making a fair policy be a benefit.

We’re seeing progress in other areas that have similar challenges around change… I am excited that some Silicon Valley companies are establishing or updating their policies to consider employee fairness around stock option plans that actually help employees keep the rewards from their contributions.  As these companies intentionally make the choice to not just do the same thing every company has done before, I encourage them to use that same open-minded process to examine their employment agreements and create policies that are fair to the employees they strive to attract.

This guy wrote your boilerplate IP Agreement

As a leader in a company, consider whether the policy you have today was intentional, reflecting the culture and values of what you are trying to build, or if the policy is just a generic hand-me-down from the corporate dinosaurs of the past. If you experience too many challenges around making sweeping changes, at least make incremental changes and try to use them as a differentiator for your company (really, go on Quora or Hacker News – potential employees looking for companies with fair IP policies are left with almost no good examples… your company could stand out).

As more companies show that employee fairness is a differentiator that attracts and retains great talent, it will push others to do improve their policies to be competitive.

Know of other companies that have great Employee IP rights?  Think Brett is crazy and giving away all of a company’s value?  Leave a comment!

Posted on

How to Stop Me From Spying on Your Internet Usage

Yesterday Congress voted to erase privacy protections for consumers by passing a law making it illegal for the FCC to have rules to protect consumer privacy online. Specifically, this vote allows your ISP (Internet Service Provider, the company you pay for your Internet access) to collect and sell your Internet usage information without your permission. To be fair, you didn’t yet have these protections… they were just about to go into effect, and now they won’t.

Most people appreciate the right to keep private what they do in their own home and are unhappy with a violation of this privacy, but many don’t understand the potential impact on their lives, or how to protect themselves from these privacy violations.

What You Reveal Using the Internet

In your day-to-day usage of the Internet you expose to your ISP an enormous amount of data that enables them to target and classify you in ways that are valuable to advertisers, employers, insurance companies, and financial institutions.  Your ISP has the ability to sell to companies data to classify you based on health issues, financial status, sexual interests, religion, hobbies, and political views.

Every web search you make and every web page you visit is an opportunity for your ISP to understand you a little better. Searching information about depression?  Looking at the most recent coupon you got from BevMo?  Congratulations, you’re now part of the “risk of alcoholism” demographic that might be of interest to future employers or insurance companies.  Reading a medical site to figure out if that mole on your arm looks funny?  You are flagged as a cancer risk.  Searching for an anniversary present and looking at a dating site in the same week?  Divorce attorneys and real estate agents might pay handsomely to know who you are (or, more accurately, who your spouse is).

But wait, Brett – I use “Incognito” or “Privacy” mode on my browser… doesn’t that protect me?  Actually, no… these options prevent websites from permanently storing information on your browser that can later be used by that website to re-identify and track you, but they don’t do anything to secure the traffic that goes between your computer and the website, which always passes through your ISP.

But Brett, I know the little “https:” in the web address bar means secure, so I’m safe on those sites, right?  You’re better off, but you’re still leaking a ton of information… Secure websites do a great job of ensuring that the traffic sent between the website and your computer is encrypted and secure – so the contents of the interaction should be private.  However, your ISP will still have access to watching the Internet addresses you visit, so if you look at the Suicide Prevention Hotline, your ISP can’t see the specific data but they know you are interested in content about suicide. This site-identifying information is also revealed through your DNS queries (how your computer turns a URL into an IP address), and most consumers have their DNS handled by their ISP.

Okay, Brett… fine, ISPs can do this shifty stuff, but this sounds like tinfoil hat territory.  Well, maybe, but these large ISPs have a history of doing some really shady things with your data, ranging from hijacking (and replacing) your search results, inserting ads into your web pages, and secretly sending your web history back to the ISP.  The big name ISPs (Cox, Comcast, Time Warner, AT&T, and Verizon) spent money lobbying and buying votes because they are most capable of turning your private information into their profits (and they probably want a return on that investment).

You are the Product

Of course, collecting and selling information about users is the way many Internet companies (Google, Facebook) become powerful cash machines.  As a general rule, if you use a free service that doesn’t sell its products, you are actually the product being sold to other companies.  The primary difference is these privacy-selling services are optional (you don’t have to use Facebook), and you are not paying for them.

An ISP is closer to the phone company as a utility – while you may have some choice in which ISP you use, frequently these choices are very limited and, if selling private customer information is a standard practice, your only alternate choice is not having Internet access.  If you found out that the phone company listened in on your conversations and sold transcripts to other companies, you’d likely be outraged.

Which brings up the question, what protections will you have that you are not highly targeted?  You filled out a request for health insurance online, can that insurance company acquire the data to make coverage liability decisions about you based on requesting data for your IP address, if not for your name specifically?  Can I go to my local ISP and buy data because I want to understand what news my neighbors read, what dating sites they use, and what movies they watch?

Keeping Your Internet Usage Private

For the more technically inclined, there are a several options available (e.g. centralized VPN at the router, or TOR servers), but these are not really accessible for the average consumer, so I’m going to cover what I think are the two best options accessible to most people that don’t have a system administrator living in their household.

VPN

A VPN (virtual private network) establishes an encrypted connection between your computer and another server, and that server accesses the Internet and relays the data back to your computer.  A VPN prevents your ISP from seeing anything you access – they only see a single connection to the VPN server.  While the VPN does conceal your data from your ISP, you need to find a trusted VPN provider as they now have access to your data.  As an additional challenge, if you are interested in making all Internet access from your home private, a VPN is unlikely to work with all of your devices (e.g. Tablets, Roku, Apple TV, Alexa / Echo, and Amazon Fire TV).  Finally, some Internet sites (like Netflix) specifically block VPNs, adding additional frustration to this solution.

Choose an ISP That Values Your Privacy

All ISPs have the ability to take advantage of Congress voting away your online privacy rights.  The big names (Cox, Comcast, Time Warner, AT&T, and Verizon) have the most capability of leveraging your private data, but this doesn’t mean that smaller ISPs won’t also use your private data – it is quite likely that bigger companies will offer an easy revenue-generating solution that allows smaller ISPs to provide access to your data, bringing in some extra cash (tempting for small ISPs that are typically at a significant disadvantage over the big names).

However, smaller ISPs can be more committed to respecting customer desires, and may be more receptive to customer requests to maintain privacy.  For example, since the early 1990’s I’ve worked with LMi.net, who has always been a great partner for my business and personal Internet needs.  I called the owner and he told me several customers called after Congress voted and he responded, “It’s easy. We never have sold user data, and we never will.”  While big ISP’s send me weekly junk mail trying to lure me in on some great Internet package (usually including TV), I understand the value of my ISP consistently making decisions that consider the best interest of the customer.

 

Do you have other suggestions for keeping your Internet usage private? Think I’m a paranoid crackpot?  Please leave a comment!

Posted on

More Things You Don’t Know About Stock Options

I’ve generally found that every time I have dealt with stock options I’ve learned something new, and usually in somewhat painful ways.  It’s one of the few areas where I actually hope I’ll someday understand every aspect and stop learning, but changes to how options are handled and complicated (and changing) tax laws promise to make stock options a topic that will never be mastered.

In my most recent experiences, I learned a few things that I don’t seem to be common knowledge, even by many people that have been in the stock option rodeo for a long time.

Companies Can Outlive Their Stock Plans

The stock options granted to employees, directors, advisors, or other parties are done so pursuant to a stock plan that is typically created around the time of incorporation.  When one receives an option grant, the grant will reference the stock plan and a copy of the plan should be made available to the recipient of the grant.  These stock plans have a lifetime, with 10 years being pretty common, and the ability to exercise options typically expires with the stock plan.

And for what I’m guessing is more than 99% of Silicon Valley companies, the 10 year life of the stock plan is irrelevant because, within 10 years the company most likely fails or has a major restructuring of the cap table (making the options worthless), gets acquired, or goes public (resulting in some conversion or liquidity of the options).  In almost every case the stock options either get flushed down the toilet or become liquid within 10 years.  But, there is a less common scenario… a company substantially increases in value and remains private and independent, celebrating 10 years and outliving the initial stock plan.

In this situation, most people granted options under the original stock plan need to exercise or forfeit their stock (there is typically a way to handle current employees as a new plan is adopted).  And, that’s the big gotcha.  When granted stock options, a lot of people will chose to not exercise their options until there is a liquidity event, so they don’t risk any up-front expense and only purchase when they can immediately sell the stock for the gains (this strategy eliminates up-front risk, trading for a less favorable tax liability later, assuming the company doesn’t fail).

So let’s put some numbers behind this… Ned joins the advisory board of a startup company during the seed round and gets 100,000 options valued at $0.01 (one cent) each, so Ned can purchase these 100,000 shares for a total of $1,000, but doesn’t do so at the time of the grant.  Against all odds, the startup does well, survives 10 years without a liquidity event and the shares are now worth $1.25 each – 125x return!  Ned gets a call and is told that the stock plan is about to expire and he must exercise his options or lose the grant.  The good news is, $1000 to get $125,000 in stock is a pretty good deal.  However, that purchase is going to be a taxable short-term gain of $124,000 (10% – 39.6%, depending on Ned’s total taxable income, so up to $49,104 to be paid in taxes).  But, the company is still private so there is not necessarily a market where Ned can get liquidity, so in rough numbers Ned just spent $50,000 in cash to buy $125,000 in stock that can’t be sold – that doesn’t sound all that bad, but there are a lot of factors that prevent it from being an easy decision.  Another big rub for many is, instead of the company getting the money from the stock purchase, it goes to the government.

While there are plenty of stock option scenarios that present a similar dilemma,  the stock plan end-of-life scenario is unique in the lack of flexibility – even if the company and grant holder want to find a solution, there isn’t a clean way to update paperwork or give extensions for exercising at the end of the stock plan’s life.

There is a very easy way to avoid this early on… if Ned exercised when he received the grant, he would have paid $1,000, the fair market value for the stock, with no tax consequence, and 10 years later he would already own that stock, now worth $125,000 (but still not liquid).

My best advice (worth everything you just paid for it, so consult a lawyer or tax expert before following it) is to exercise as early as possible, especially in a startup where the stock barely has value.  Your time is the most valuable thing you have, so if you’re willing to bet on the startup by investing your time, you should be willing to bet some cash, too.

Most Job Seekers Don’t do the Math

At this point in my life I’ve overseen more than a thousand job offers, and one aspect that surprises me is how frequently prospective employees don’t ask for the information necessary to understand the value of the stock options offered as part of their compensation package (sometimes as a very material component of that package).  I’ve had conversations where job seekers told me another company offered them twice as many options as I was offering (seeking more from my offer), but they didn’t know the total options in either company or recent valuations, so they didn’t understand the percentage of ownership (if you’re offered 1 share of Berkshire Hathaway or 1000 shares of Apple, you’ll make $117,000 more taking the Berkshire Hathaway).  Seeing so many people not doing this math has lead me to joke that my next company will start with one trillion shares of stock so that I can offer more stock than every other company.

Employees not understanding this component of their compensation creates an interesting challenge for an employer… I believe companies should help employees understand the value of stock options and the various nuances of how options work.  However, I also believe that it wastes a limited resource to provide stock options when an employee doesn’t value them.  I like everybody to have a stake in the outcome of the company, but options should be weighted so they are the most valuable to the recipient, and other forms of compensation should be used when options are not valued.

If you’re interested in the details about understanding stock option compensation and what questions to ask when comparing offers, there are some detailed guides I reference below.

Small Business Stock Capital Gains Exclusion

Another (very pleasant) surprise I learned about was Section 1202,  which excludes from gross income at least 50% of the gain recognized on the sale or exchange of qualified small business stock (QSBS) that is held more than five years.  The latest amendment to Section 1202 provides for 100% of any capital gain (up to $10 million) to be excluded if the small business stock was acquired after September 27, 2010.

Section 1202 is surprisingly not well known – four Bay Area tax advisors I contacted were unaware of it when I referenced it.  Fortunately it was mentioned in Piaw Na’s book, An Engineer’s Guide to Silicon Valley Startups, where the talented and helpful Chad Austin discovered it and shared the knowledge.

I won’t go into details, but if you sell startup stock that you held for 5 years, this can be a material tax savings for you.  This is yet another reason to exercise early, since you need to hold the stock, not the options.

Great Resources for Learning About Stock Options

If you’re looking for a comprehensive overview of stock options – I suggest the very excellent Introduction to Stock & Options by David Weekly, or the also very excellent The Open Guide to Equity Compensation by Joshua Levy and Joe Wallin.

 

 

Did I get it wrong?  Is there another stock option gotcha that I missed?  Please leave a comment!

Posted on

In Defense of Not Doing a Startup

Recently (and quite accidentally) I talked an entrepreneur into abandoning his year-old startup.  That wasn’t my intention – we had planned an hour long meeting where I was acting in an advisory role on the product and pitch deck, but the meeting ended up taking over three hours and getting to a very hard question, “why do you want to do this?”

The pivotal moment in our discussion was when it became clear to me that the CEO saw the company as a way of obtaining some short term financial success, and that the startup demands were unlikely to be compatible with what he expressed and being important to him for his personal success.  After walking through the various likely outcomes and startup life expectations, he recognized there were better ways to achieve the personal success he wanted.  The discussion was tough – it’s hard to confront letting go of a dream, especially after sacrificing a year of sweat equity, but as we concluded our discussion he shared that he felt a great sense of relief.

All Hail the Startup

In most of the news and feeds I follow the startup is celebrated, almost so much that it can feel like the act of creating or being a startup is disproportionately more important than the significance of achieving a successful business.  More importantly, the glorification of startup life can lead people to feel discontent with a career path that may actually be far better for delivering personal satisfaction.

Startup Cheerleaders

For the most part we recognize and celebrate successful startups, and with the exception of the startups that have a prominent rise and fall, the majority of startups that exist, struggle and fail are below the radar.  It’s pretty easy to read industry news and think everybody with a startup is on the fast track to a win.

There are also several blogs and speakers working as cheerleaders for those that would take the risks to change the world.  Most respected in this group are serial entrepreneurs that have had the good fortune to have a successful exit from a previous startup, which becomes a shining example that success is possible, and the reason they continue the startup path.  These thought leaders are great for inspiration, but it is also good to have the context that the previously-successful entrepreneur risk is substantially different than the new entrepreneur, both in terms of their chance of success on their next startup, and the likelihood that they are risking a small fraction of their wealth.  If you are new to starting a company, you are likely “all in”.

A Startup is Not a Reliable Path to Wealth

It is easy to look around at the stories of the startup millionaires (or even better, billionaires) and think that starting a company is a good way to ensure a retirement in your twenties.  If the ability to retire is your goal, you’re probably better off working at established companies.  If your goal is to retire with a billion dollars then yes, a startup (or lottery ticket) provides that opportunity, with very slim odds.  Looking at my contact list, almost all of the people that are financially well-off got that way by joining companies well past the startup phase.  However, my very few contacts with obscene amounts of f-you money did obtain it from being very early at companies with large liquidity events.

As an example, one friend easily ranks in the top 5 engineers I’ve encountered in my career and any company would want him as the technical founder.  After four years of doing the startup grind of 60-hour weeks, he ended up with a lot of great experience and a bunch of stock that was worth pennies.  He made the decision to join a very large, more well-established company and forgo the dream of vast riches for continued technical growth and reasonable work-life balance.  What he didn’t understand at the time, but told me later, was how much a big company would pay for good technical talent.  For people of his caliber the total compensation is well over a million dollars a year and as a result he has a reliable path to retirement in his early forties.  His story isn’t the glamorized Silicon Valley success… you won’t see him featured in a PR-driven TechCrunch article, but you might see him enjoying life on a beach with his family.

In contrast, another friend lived the entrepreneurial startup life for 15 years, is well-known and highly regarded in the startup community (yes, you know his name), and most people assume he’s achieved financial success as a result.  Two years ago he had a company that came very close to being favorably acquired, but the acquisition fell through.  The company was later dissolved and over a dinner one evening he expressed the frustration of being in his mid-thirties, driving a 15-year old car and not being able to afford a house.  He has since joined a large Internet company, owns a house and is even able to comfortably support two children and some relatively expensive hobbies.

But wait, Brett… so you have a few friends that did better taking a traditional career path, but I see all of these Silicon Valley 20-something millionaires all over the Interwebs… what makes you think that won’t be me?

It might be you, and I am sincerely happy for anybody that is able to achieve financial success by building a company.  Let’s look at the (extremely general and simplified) math to see expected outcomes…

Some Quick Startup Lottery Math

To make things simple, we’ll assume your startup is just you and a single co-founder, so you each have 50% of a company.  And using this Quora response as reference for founder equity, after completing your Series B, you and your founder share 40%, making your ownership 20%.  The average price of successful liquidity is hard to assess (many sources suffer from survivorship bias, excluding many failed startups) but $30M at Series B would probably be considered generous (there are many examples way higher, far more examples way lower).  A $6M piece of that pie is pretty appealing.  Now we adjust for the risk… again, 90% startup failure rate is generous, especially considering Y Combinator companies representing the hand-picked cream of the crop fail at 93%.  Risk adjusted, you’re now looking at $600K as your upside, so assuming you’re able to go from zero to liquidity in three years, it’s $200K per year (of course this is on top of your well-below-market startup salary).  That doesn’t sound too bad except when you remember, you have a 90% chance of ending-up with only your well-below-market startup salary and your chair.  Again, these are generous assumptions and there are plenty of examples of successful acquisitions in the hundreds of millions where founders received substantially smaller percentages of the purchase price.

Google Director Salaries

And let’s compare that to the alternative, joining a large Silicon Valley company…  It’s fuzzy math, but I’m going to assume that the person that is capable of leading a startup with the generous odds in their favor also has the experience to get a good leadership role at one of the big companies.  According to Glassdoor, the average Director at Google has a base salary of $247K and total compensation of $399K (on a side note, most colleagues I talked to believe the Glassdoor compensation is extremely inaccurate based on first-hand observations, and Directors are frequently making 2-4x what is presented).  Using the same 3-year time frame we assumed would get to liquidity at the startup, the expected outcome is closer to $1.2M.  There are a ton of arguments to adjust these assumptions, but none are going to change the lottery-ticket nature of achieving big liquidity from a startup.

So yeah, the odds of financial success may be working against me, but what about getting to experience the glamorous life of a startup founder out to change the world?

Startups Overshadow your Personal Life

For everybody that asks me what it is like to run a startup, I tell them to read The Struggle, by Ben Horowitz.  I first read The Struggle as part of Ben’s book, The Hard Thing About Hard Things, and I immediately handed the chapter to my wife and said, “you always ask what it’s like to run a company… it’s this!”

A day in the life of a startup founder

A startup is a significant commitment and your business is typically dealing with an environment of extreme uncertainty; startups are either creating something new or believe they can do something better than an established business.  In this environment, and typically with limited resources, working longer and harder provides more opportunities to eliminate the uncertainty.  Assume working nights and weekends are sort of a regular necessity.

And as a leader in a startup, you will always have another challenge or problem driving head-on towards you.  The world owes you nothing, plenty of other companies are fighting hard to take the market that you need to succeed, and the odds of survival are very much not in your favor.  This means business will almost always be imposing on your mind share that you would normally dedicate to things like dinner, sleep, exercising, vacation, relationships, family time, and bathing (assuming you are able to work any of these into your startup life).  Your startup will permeate all aspects of your life.

Finally, there is the emotional toll of a startup.  The successes feel amazing, but they are typically few and far between the challenges and setbacks.  Failure is the expected outcome, and each failure wears you down a little bit, creating uncertainty and making you second guess your capabilities and fitness as a startup leader.  You feel the weight not just for yourself, but for the people that follow you, also making the sacrifices.  And, if you’re unlucky enough to be the CEO, you’re in the lonely position where there is almost nobody you can share your struggles with… you can’t push things down into the company and frequently the board above you is a bad choice as a counselor for issues of personal uncertainty.    

After writing all of this out, I am beginning to understand how I accidentally talked somebody out of their startup.

But… There are Many Great Reasons

I don’t hate startups.  All of my career I have either created startups or joined them at or near founding, and I expect to do it again.  I would hate to feel responsible for taking passionate entrepreneurs and shuffling them into beige and gray office spaces in corporate America.  If you understand the likely financial outcome, and you are in a place where your personal life can sustain the needs of a startup, and you are emotionally prepared for the struggle, there are great reasons to do a startup.

If you are early in your career, the economics and life impact may make more sense.  Your ability to get a job at one of the big name companies may be more difficult, and if you do you’re probably looking at the lower end of the salary spectrum.  The difference between your startup pay may not be that significant in your day-to-day life (especially if you are fine eating rats and ramen).

Startups are also a great way to learn before you earn.  Large companies have established processes and roles that have been optimized for business performance, you are less likely to get a breadth of experience or have an emphasis on innovation.  Startups frequently require everybody to have multiple roles and find innovative solutions to problems.  Learning how to deliver results with limited resources in environments with great uncertainty is a skill that will be valuable for a lifetime.

Working at a startup (even a failed one) can also often allow faster career progression than just joining a big company out of college and following the typical path of advancement.  As an example, a Software Engineer (SWE) hired right out of school at Google would be an L3.  Assuming about 3 years for each promotion, it’s 15 years until Director, L8.  If you’ve proven yourself and established solid startup experience, five years later you might be L6 material (your mileage might vary).

The Best Reason

I believe the best reason for doing a startup in the burning need to build something you are passionate about, and an organization like an established company or non-profit isn’t the best way to create it.  Maybe your passion is a product or maybe it’s a culture, but it keeps you up at night and every time you return to the idea you become more passionate about making it real.  It’s an idea you think it would be so meaningful that you would find the journey of pursuing it to be hugely rewarding.  You’re not thinking about the exit, you’re thinking about the satisfaction that comes from building the thing that drives your passion.

Do it.  Build it.  Make it happen.

 

Feedback, complaints or suggestions?  Please leave a comment!

Posted on

You Are Wrong About Your Stupid Account

You’re wrong – hackers are interested in your boring personal account, you are making it easy for them to get access, and it will likely end up being a bigger problem than you imagine.

Those are the stern words I want to use whenever I witness a friend doing the online equivalent of parking and leaving a stack of $100 bills on their car dashboard in a crime-ridden neighborhood. Instead I tend to suggest some easy steps to take to be more secure, which are almost invariably met with “it’s not a big deal”. I decided to write up my thoughts, so I can just point friends to this article and hopefully help others. This is absolutely not for altruistic reasons… I’ve had multiple experiences where somebody else’s bad online security habits resulted in nights and weekends of work for me and entire teams of people. I just want to sleep.

Hackers Want Your Stupid [insert lame service] Account

It seems absurd that your Lint Sculptures Discussion Forums password is of value to anybody… it’s just you and people you’ve met over the last 15 years that love to talk about dryer lint sculpting… security doesn’t matter. However, it was 15 years ago, so you chose a really lame password at the time (like “123456”), and now that an elite hacker has broken that code, they see your basic account details (your email, IP address, real name and city you live in). Again, who cares… that’s useless. Well, except you used the same password for everything back then, so with your email and password they can run a script to check 100,000 other sites and hey… looks like your genealogy, old photo sharing, and that antique Hotmail account you abandoned had the same password. Unfortunately, that banking thing you signed up for 12 years ago used that Hotmail address, and you forgot to unlink the Hotmail address from a few other accounts, including Paypal and LinkedIn. Now the hacker has the ability to access your LinkedIn account, change account credentials on your banking and possibly access accounts you don’t even remember you had. You can imagine how this gets problematic… the ability to send and receive from your email address typically provides the ability to get access to all other accounts, if by no other means than requesting a password reset. And this is just the annoying scenario where you have to deal with correcting identify theft on your own… at least you didn’t drag your friends down.

Instead the Hacker could exploit your Lint Sculptures Discussion Forums friends of 15 years. Does everybody need a direct message and 10,000 forum posts offering black market Viagra? No problem. Or how about a few messages to trusted friends to install this Lint Sculpting Simulation program… you know it doesn’t have a virus because your trusted friend of 15 years swears it’s great. Everybody wants to be part of a botnet, right? All of these acts may seem pointless to you, but hackers have a way of generating value (and money) from these pointless acts, and it isn’t much effort (a lot of it is automated), so it happens.

These scenarios may sound ridiculous, but two years ago I was contacted by a long-time friend that was traveling abroad and all of his possessions has been stolen, his family was stranded and he needed me to send money. What was true is he was traveling with family, the rest was made up by a hacker that got enough information to know I was a friend that would help, knew when the family was traveling, and when the story might make sense. Everything hackers needed to make this happen came from accessing worthless accounts.

Steps to Making Yourself More Secure

Security must be balanced with convenience. When being secure is a hassle, people naturally find (unfortunate) workarounds that make things less secure. If you require a password that is 20 characters long and random, look around the person’s desk for the PostIt (or possibly worse, in their “passwords.txt” file on their desktop). The sweet spot is a mild inconvenience that dramatically improves security. I find there’s a few easy practices that fit into this sweet spot…

Two-factor Authentication

Systems that require two components to authenticate are substantially more secure than password-only systems. To access an account, it requires something you know (e.g. the password), and something you have, like a key. The “key” today is typically an application like Google Authenticator, or an SMS message with a code sent to your phone, both of which provide a unique code that is only valid for 1-5 minutes. Many services offer this, including Gmail, Facebook, Twitter, Dropbox, and a few banks (seriously banks, WTF?)

The beauty of Two-factor Authentication is, even if your password is breached, it doesn’t allow the hacker to access your account. So when you are are that hotel and using the guest computer with a key-logger to print your flight itinerary from your Gmail account, it doesn’t matter… the hacker only has 50% of what they need.

The inconvenience of adding Two-factor Authentication is typically an additional 20 seconds and, since many services allow you to say “remember me for 30 days”, it’s less than a minute a month (and… don’t use “remember me” on any shared machine).

Unique Passwords

If I told you I had every lock I use in my life (home, office, safety deposit box, cars, bike lock, vacation house) re-keyed to use the exact same key, you’d probably agree that it would be disproportionately bad if somebody found my bike key. When you apply this to online habits, people seem oddly comfortable with one key for almost everything, and a special key for their bank account (but online, weak keys often provide access to special keys).

Use a different (and strong) password for everything. This, of course, is a hassle… nobody can remember 150 different strong passwords, especially when you have to change them all every 3 weeks when you get the latest exploit notice from Yahoo!

One solution is to have a hard password that is modified in a way that you know for each service. As an example, my password is “nS72!la^mq” and I add the first four letters of the website it uses, in reverse… so for Yahoo! it becomes “nS72!la^mqohaY” and for Google it is “nS72!la^mqgooG”. This has a few flaws, including making it hard to change passwords, but it’s a substantial improvement over “swordfish” for everything.

A better solution is a password manager. Services like LastPass and Passpack provide a secure way for you to store and retrieve complicated passwords. Legitimate services encrypt your data in a way where they don’t actually know or even have access to your password, so a hacker that steals their database ends-up with a ton of encrypted files and no keys. While there are ways that could be exploited, these services are certainly better than any other options available at a consumer-level (and if you’re really paranoid, some make the source code available for you to keep the encrypted data only on your computer).

Whatever you do, never, ever, ever keep a password file on you computer, even if you think you’re clever by naming it “groceries.doc”.

Don’t Share Accounts

Sharing accounts invariably leads to other poor security practices, like the need to email everybody when a password changes or having a shared password file somewhere. And, when one of the people sharing your account gets hacked, this means the shared account gets hacked (and probably every other account in that shared password file so cleverly named “groceries.doc”)

This isn’t 1997 -these days there are very few reasons why each person can’t have their own credentials, especially for email. Only share accounts when separate accounts are not possible (I’m looking at you, Netflix). If you do need to share accounts, use a password manager that offers sharing of specific entries, which means that only the minimum exposure is shared and it is simple to update credentials (Passpack does this nicely).

Don’t Click Links

Okay, so the Interwebs sort of suck if you follow this rule exactly and dead-end on a website. However, for any site you are going to access and provide your credentials, enter the URL directly.

Did you just receive a weird email from PayPal telling you that Ned just paid you $42 for a lint sculpture you don’t remember selling? Instead of clicking on the “collect your money” link in the email, type “paypal.com” in your browser bar directly and see if the transaction is in your account history. Many phishing emails look and smell like the real thing because it is pretty simple to copy the real thing and send you to “paypaI.com” (see what I did there? that was a capital “i”, not an “l” in that URL) to steal your password. Of course, if you’re using Two-factor Authentication, a stolen password is less of a problem.

Secure Your Family

I used to get sick a couple of times a year… no big deal, just a sniffle every now and then. When I had kids, my health status flipped and it seemed like a couple of times a year I wasn’t infected with whatever was festering in the cesspool of Cheerios, finger paint, juice boxes and runny noses known as preschool.

My point is, there is almost certainly going to be an overlap of your family’s online account footprint, and when one person gets hacked it will likely be a vector for the rest of your family. Sharing documents in Dropbox, G Suite (Google Docs), or Amazon family all provide opportunities for a hack to spread. Protect your accounts by having those close to you keep their accounts secure (and… that is the real reason I wrote this post – pure selfishness as I protect my own accounts).

Do you have other tips or suggestions to help make the average person more secure? Share them in the comments section!

Posted on

Interviewed on #ModernAgileShow

I recently had the pleasure of being interviewed by Joshua Kerievsky on the #ModernAgileShow, where we talked about a lot of my experience working at IMVU, ranging from the early days of Continuous Deployment (without all of those fancy automated tests or cluster immune systems) to changes in experiment systems and challenges of building a culture where people feel safe.  I also provide some insights into the sausage making of The Lean Startup.

In the interest of accuracy, my title in the video should be “former CEO of IMVU“.

For more information about Josh’s work to setup agile processes and cultures independent of a specific framework, check out the Modern Agile website.

On a semi-related note, Josh mentioned that the original video of Timothy Fitz presenting on Continuous Deployment at IMVU: Doing the impossible fifty times a day was lost as the result of server corruption…. if anybody happens to have a local copy please let me know – it would be great to restore this historic presentation for the Interwebs!

 

Posted on

I’m a Free Agent

After more than 11 years at IMVU (the equivalent of three Silicon Valley lifetimes), I’m a free agent.

My experiences at IMVU were hugely rewarding – I had the privilege of working with truly exceptional people, evolving through different roles (from VP to CEO), solving some really challenging problems, learning, growing, and helping create a successful business.

IMVU is Much Deeper Than Most People Realize

I worked on products that made a meaningful difference in the lives of many customers.  In my customer interviews, I talked to people that met their best friends, people that found their life partner, people that could only find acceptance for who they really are because their community was intolerant, people that found families and support groups, and people that just found a little delight in what IMVU provided.

IMVU also has Creators that make and sell content, and for some of these people IMVU provided everything from a little extra spending money to a full time job.  I met a woman that covered her medical bills with the money she made as a Creator.

There are a lot of people in the world that are better off because of their experiences on IMVU.

IMVU Has a Great Future

I am excited and optimistic about the future of the company.  2016 was a record year and the company is transitioning from a PC only product to mobile – in December IMVU for iPhone was 7th best grossing in the Social category and 125th top grossing in all of the app store.

The new products have a great design focus with content and features that are relevant to how people communicate today.  And the team is amazing – I have 100% confidence in their ability to deliver great product experiences.  If anybody is looking for a great company with a lot of opportunities, I highly recommend considering joining the team at IMVU.

Next Steps for Brett

As for what’s next for me, I’m looking forward to the opportunity to catch-up with friends and do some much-needed backpacking.  I need to be sure about what I’m really passionate about before I jump into anything, so I’ll be looking at the cool things people are working on and what interesting problems need to be solved.  If you hear about either, please let me know!

 

Posted on

3 Things You Can (and Should) Change In Vendor Agreements

Over the last 10+ years I reviewed and negotiated all sorts of vendor agreements for technical operations.  Companies that are starting to build out their production environments occasionally contact me looking for advice.  Being on vacation (and having time to write), I decided to share some of the more common problems I see in vendor agreements.

In almost all cases you can (and should) get better terms on what are presented as these “standard” clauses.

SLA

The Service Level Agreement (SLA) is probably the most critical to the availability of your business.  For vendors providing services like DNS or bandwidth, any vendor failure can result in failure of your business.  In other words, your uptime is no better than their uptime. The SLA is typically expressed and a percentage of availability.  If the SLA is 99.9% uptime, you are accepting 45 minutes of downtime per month.  Failure to meet the SLA usually means reimbursement for the cost of the service, not for the cost of your lost revenue resulting from the failure.   For example, if you pay a DNS service $31 per month and they are down for a full day, your reimbursement would be $1, not the revenue you lost during that full day.  Also, when the failure begins is usually defined as your notification to the vendor, not by the actual beginning of the failure.  In other words, if you didn’t report it, the problem never happened.

The availability percentages for an SLA are usually difficult to alter but there are a few things in that you can change to limit your liability.  Most (all) services have occasional failures, but it’s how they fail that become problematic for your business.  An occasional failure might be okay but if this is a pattern you want the option of moving to a new vendor.  You can usually add a clause that allow a termination of the agreement if the vendor fails to provide service more than N times in a 1-month period.  Also, you can usually require that SLA failure begin at the time of the actual failure (when it is detected by either party) rather than your notification to the vendor.

Term and Renewal

Automatic renewals are also common in agreements, in which the duration of the agreement is automatically extended by the length of the initial term.  Typically these require you to opt-out of the renewal by providing written notice within a narrow window of time.    For example, your initial duration is a 1-year after which the contract will automatically renews under the same terms for an additional year unless notice is provided in writing 30 – 45 days prior to the automatic renewal.  Vendors generally don’t contact you to remind you that your opt-out window is approaching and that you might want to negotiate a better deal while you can.

In most cases you want to avoid this simply because the prices for the service are almost always cheaper at the end of the initial term.  This is especially true for things like CDN and bandwidth.   If you’re not good at remembering to do things 11 months in the future, you may find yourself stuck in an agreement with the least favorable pricing.

The initial duration of the agreement is usually a requirement, or at least a requirement for favorable pricing.  However, you should be able to change the automatic renewal to transition into a month-to-month agreement instead of the initial term.  This will provide a better negotiation position when the agreement is up for renewal and will allow you flexibility in the timing.

Change of Terms

It is not uncommon to have a clause in the agreement that sates something to the effect of, “these terms are subject to change” with a link to the vendor website with the current terms.  In effect, this says “you agree to whatever we decide to publish on our website”.  I find these clauses ridiculous… I would love to respond with a clause stating, “our payment terms are subject to change subject to the amount I decide to write on the check”.

In these cases I find it useful to add a clause that requires notification (in writing) of any changes with a short period allowing an opt-out if the changes are seen as a material change.  If you are unable to get a clause to allow termination of the agreement you should be able to get the option to stick with the original terms.

It’s worth noting that with any change to an agreement, a vendor may not have systems helping them enforce or react to the change.  For example, if you are the only customer requiring written notice of changes, this may require manual work that they forgot shortly after signing the contract.  You should consider this and word your changes in a way where a failure on the part of the vendor does not put you at a disadvantage.