Posted on

IT-Harvest Methodology

This is how I conduct research. Consider it a continuation of the guidance provided in Curmudgeon.

When I first joined Gartner in 2000 my only experience with its research was the feed available from DataQuest. I assumed, as an analyst, that I could glean complete information of my research area from this division of Gartner. That was not the case at all. I would ask for “all the IDS vendors” and get data on companies that did not even have IDS products. The problem was that the data was being collected by “researchers” not analysts.

I have since found similar issues with data from just about every source including Pitchbook, CBInsights, and even Crunchbase. One problem is that they rely on vendors’ self reported categorization. The other is that they do not scrub vendors from their database when they go out of business or are acquired. A typical search on “cybersecurity” reveals a list of 6,000+ vendors. After cleaning them up I usually find 2,000 that qualify as vendors of products. Many of the others are consulting firms, resellers, and distributors.

To be added.

So here is how I do it:

Finding vendors.

I have been collecting data on vendors since 2005, so I already have a large list. I build out the list by:

-Tracking exhibitors at conferences around the world.

-Making notes of when my Linkedin contacts join a vendor I do not know or launch their own startup.

-Most vendors in my space eventually reach out to me via Twitter, if only to follow. I add them to a running list of new vendors to track.

-PR firms will reach out with press releases about new funding rounds or briefing requests from new vendors. -We email several thousand vendors each year to ask them to check their listing in the Directory with the tool we created.

-As a contributor to Forbes I am on a lot of press release distribution networks.

-I review all the infographics created by other firms. It is a strain on the eyes to look at a couple of hundred logos but I check each one against the database using this tool. I never agree with the categorizations and they always include consultants and resellers.

What data to collect?

I built my database to assist me in my research. Before a client call about a particular sector I pull up the list of vendors and review them. During the call I can help a client pick vendors to short list, or a vendor client may be looking for acquisitions and need the list for their own research. So what data is useful and verifiable? If you purchase the Cyber Threat Intelligence Market Research Report 1H 2020 you get all the data I use in a downloadable spreadsheet. It includes:

-Company name, address of HQ, and names of key executives.

-Date of founding.

-Total venture investment.

-URL of company website (you would be surprised how hard it is to find this for every vendor).

-URL of Crunchbase listing.

-URL of company Linkedin page.

-Number of employees for each quarter starting January 1, 2020.

I find that much can be learned from tracking the number of employees at every vendor. You get an immediate picture of vendor health and relevance. A 20 year old firm with two employees is probably a sole proprietorship. A two year old firm with $20 million in funding and steady growth of 50% in number of employees is on a roll. A sudden quarterly decline is a red flag to be investigated.

What to do with the data?

I assume that something I find valuable must be valuable to others. This year I published all the vendors arranged by country and category in Security Yearbook 2020. It makes a convenient desk reference and early reports from CISOs tell me they are using it for vendor selection. (And no, there is no ebook version. Every Kindle book I publish gets pirated. I am not going to give away a directory that I have worked on for years and invested tens of thousands of dollars to create.)

With granular employment numbers for thousands of vendors which I have categorized I can now report on the growth or decline of any category. The market research report on cyber threat intelligence is just the beginning. I am starting on the Deception space next, followed by Remote Browser Isolation, two small but growing sectors with amazing technology.

Are there any other sectors I should prioritize? I am reluctant to tackle IoT security because there are so many participants (over 120 vendors).

Can you think of any other data to collect? Data that does not depend on the vendors self reporting? I would love to track all the conferences each vendor exhibits at. That is a great indicator of marketing commitment. I could also grab the CEO rating from Glassdoor. Perhaps website ranking? Let me know! This post was originally published on The Analyst Syndicate website.

Posted on

Vendor Viability: Four Step Checklist

A sudden drop in employment is a very bad sign


I thought it would be valuable to describe how I do fast vendor evaluations. Practically every day somebody reaches out over Linkedin to ask my opinion on the prospects of a particular company. Unless I have been briefed by or worked with the vendor recently, I run through this process.

I also do this for every single vendor in the Directory published in Security Yearbook. The current Directory has 2,337 vendors in it. I have a month to review 900 additional vendors my team has identified as potential candidates for inclusion.

I use vendor headcount as the basis for a bottom up analysis of market segments. See the just published Cyber Threat Intelligence Market Research Report 1H 2020.

Here is the checklist:

Step 1. Check the vendor’s Linkedin page.

Linkedin has become one of the most valuable tools for evaluating vendors.

Look for number of total employees. This includes advisors and board members, yet is usually +/- 3-4 of the real number. If there are two employees listed it is probably very early stages or a side gig for the founder.  Check the founder’s profile. If they are an industry veteran with successful past exits it may be a vendor worth following.

If there are more than 25 employees Linkedin will provide a timeline of employee numbers going back two years. Click on “Insights” to see that. (You have to be a Pro Linkedin subscriber.)  A viable vendor is probably growing at a healthy clip of at least 50% a year unless they are in the thousands of employees. Even then they should show consistent growth over two years. Is engineering employment dropping while sales increasing?

If there are fewer that 25 employees you are blind to recent changes. That’s why IT-Harvest records every company’s total employment every quarter. (Heads up to stock market investors: I have seen a very close correlation between headcount change and reported quarterly revenue.)

Check the HQ address. A vendor’s base of operations tells you a lot. Malta or Iceland? Probably not going global soon. US, UK, Canada, or Israel? Good chance of offering global opportunities.

Check out the founders. Usually, they are the CEO, CTO, or both.  Are they experts? Is this their first dance?

Step 2. Check out the website.

Does it have a clear and concise statement of their value proposition? I can tell you right now, nobody is looking for an “AI/ML/Blockchain solution for their most pressing Big Data management problems.”

Step 3. Search Crunchbase.

Look at the total investment and latest round. Did they take in $50 million in 2005 and do a debt offering in 2019? What caused them to languish? Crunchbase also provides a list of recent news events like new partners, big customer wins, or opening offices in new regions.

Step 4. Glassdoor

You have to use judgement with Glassdoor reviews of a company and the CEO rating. I have found that most reviews are either from disgruntled former employees or plants from the vendor marketing or HR teams.  That said, you can derive some valuable insights from the story that develops from reading the reviews.

That’s it.  I can do this in five minutes for any vendor. At twelve an hour that means I have 75 hours of eye straining work ahead of me to complete the Directory for Security Yearbook 2021.

Posted on

Press Release: Cyber Threat Intelligence Space Grows 3% in 1H 2020

IT-Harvest Research: Cyber Threat Intelligence Space Grew 3% in 1H 2020

New “Cyber Threat Intelligence Market Research Report 1H 2020” – Richard Stiennon, and Ron Moritz.

News provided by


Sep 17, 2020, 08:34 ET

Picked up by: Seekingalpha, Morningstar,

BIRMINGHAM, Mich., Sept. 17, 2020 /PRNewswire/ — IT-Harvest, an independent research firm covering the cybersecurity industry, has published a “Cyber Threat Intelligence Market Research Report 1H 2020” – Richard Stiennon and Ron Moritz on the cyber threat intelligence (CTI) sector. The report includes 61 vendors that provide threat intelligence to the enterprise or collect and manage threat intelligence. These include, Recorded Future acquired by Insight Partners in 2019, Anomali, LookingGlass Cyber Solutions, ZeroFOX, and Intsights.

Key findings:

Funded companies had healthy growth despite the headwinds in 1H 2020: Sixgill (+79%), SpyCloud (+59%), DarkOwl (+48%), Recorded Future (+45%).

Fears of an economic slowdown due to COVID-19 led investors and their portfolio companies to restrict hiring at many firms. Overall headcount growth of 3% in 1H is a positive sign.

IT-Harvest predicts that 2H growth will be an additional 10% over 1H, leading to 2020 revenue of $517 million.

The 34-page Market Research Report is available at It provides a guide to the industry and a summary of each vendor’s capabilities. It comes bundled with an Excel spreadsheet of all the data used to track 61 vendors.

About IT-Harvest:

IT-Harvest tracks over 3,000 vendors in the IT-security industry. All of them are printed in a directory in Security Yearbook an annual publication. The CTI Market Research Report uses the data collected for this Directory as a basis for our analysis. Security Yearbook 2020: A History and Directory of the IT Security Industry is available at

To contact the author, Richard Stiennon, email:

Press contact: Leslie Kesselring,, (503) 358-1012

About the authors:

Ron Moritz, Contributing Analyst, is a venture partner in OurCrowd, the most active investor in Israel, and Entrepreneur-in-Residence with CyRise, Australia’s cybersecurity accelerator. His career has spanned roles at Finjan Software, Symantec, Computer Associates, and Microsoft. He also helped create the CISSP (Certified Information Systems Security Professional) certification and was one of the first to earn it.

Richard Stiennon, Chief Research Analyst, is the founder of IT-Harvest and author of Security Yearbook 2020: A History and Directory of the IT Security Industry. He has held executive roles at Webroot Software, Fortinet, and Blancco Technology Group. He was also VP Research for Gartner. Contact