slideshow 1 slideshow 2 slideshow 3 slideshow 4 slideshow 5 slideshow 6 slideshow 7

Cyber Defense Consulting

Stiennon works with senior executives and boards to evaluate an organization's cyber preparedness. Gaps in technology, people, and process are identified and roadmaps created to enable an enterprise to counter highly targeted attacks.

Advisory Services

IT-Harvest works with Wall Street Analysts, Private Equity Firms, Vendors, and  Venture Capitalists to identify market movers, inflection points, and emerging technology vendors. Follow Richard Stiennon on Gerson Lehrman Group's expert network for commentary on publicly traded security vendors.


IT-Harvest tracks over 1,200 security vendors and publishes' white papers and industry reports on trends and disruptive changes in the market. See our Security Analysts at conferences worldwide or follow the Cyber Domain blog on

A busy week at RSA Conference 2014

This piece first appeared on the news site securitycurrent.

I experience the week of the RSA Conference from a different perspective than most attendees. In effect, I was not actually an attendee. Each year my analyst firm IT-Harvest rents a large suite in a hotel near Moscone Center, and turns it into a video studio. We hire, sponsored by the vendors being interviewed, a three-person camera crew to shoot interviews with industry executives and security experts. That means that I don’t get to attend the keynotes, sessions, or even visit the Expo floor, which this year was twice the size of last year.

But I do get intensive exposure to security vendors, which is, after all, my job to learn what is happening in the industry. Here is a brief summary of the 65 meetings, including the sponsored videos, I had February 24-28, 2014 in San Francisco.

The week kicked off with a breakfast meeting with Radiant Logic, which provides a federated identity platform.

Coffee with AccessData gave me a chance to catch up on their forensics and e-discovery products.

Cisco. Marty Roesch, Chief Architect, Security Business Group, gave me an update post acquisition of Sourcefire, on Cisco’s security strategy. It was hard to resist Tweeting the news that Cisco was open sourcing RNA, the technology Sourcefire invented for identifying applications via network signatures but that news was under embargo for three hours.

Fortinet has had an interesting year. John Maddison, VP Marketing,  briefed me on their new “D” series data center hardware and retail solutions.

A New Venture

TENAFLY, N.J., Oct. 28, 2013 /PRNewswire/ -- Leading security industry experts today announced the launch of "securitycurrent," a news and information site for security professionals.

Founded by seasoned security industry expert Richard Stiennon and veteran journalist and IT network security marketing executive Aimee Rhodes, the site will feature news, data, analysis, practical advice, discussion and research. Contributors include leading figures in security including chief information security officers (CISOs), IT practitioners, industry and financial analysts and technology journalists.

"Our goal for securitycurrent is to consolidate and leverage the expertise of seasoned IT security professionals to provide quality content and spark thoughtful discussion on issues and developments that affect enterprises and organizations worldwide," said Executive Editor Richard Stiennon.  

Career Advice From the Author of SCADA and ME

During his AMA session on reddit, Rob Lee, author of SCADA and ME, fielded some questions on careers that I thought worth reposting here. (AMA = Ask Me Anything. Reddit is a forum for discussing just about everything.)

Q. Do you rate the CISSP or GSEC as the better accreditation?

A. Honestly it depends on what you want to do. CISSP is much more of a management type certification. The GSEC is a really good intro level security cert that will put you on your path of becoming more technical. I generally hold GIAC certs and SANS training to be some of the best in the world. I think you should do a lot of research with open-source material/books/youtube videos and then get certs when your job can support it or your company will pay for it.

Q. I am a student in Computer Systems Engineering at the Massachusetts Institute of Technology, but ever since the announcement in April of 2009 of the creation of U.S. Cyber Command, that's all I have wanted to do (and fingers crossed, hopefully someday run).
How do I get there?

A. That's awesome that you're a student studying such an interesting topic and at such a great university. It's a great time to be doing such studies!

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer