Posted on

Re-Launching The Video Interview Series

Some form of this post is going to make it into a book I am writing titled Curmudgeon: How to Succeed as an Industry Analyst. I had a good start on the book before talking with Gene Kim shortly after he sold Tripwire to Belkin in December 2014.

Gene encouraged me to to put Curmudgeon aside and instead write UP and to the RIGHT: Strategy and Tactics of Analyst Influence. That was a great call, thanks Gene. UP and to the RIGHT was my most highly praised book ever and it led to consulting engagements with large vendors that wanted more control over their Magic Quadrant strategies.

I feel a bit self conscience writing about the business of being an independent industry analyst. But you are supposed to “write what you know,” so here goes.

The first challenge is defining “success.” I have been striving about 20 years to be that industry analyst that writes from the porch of his log cabin overlooking a mountain valley, and travels to conferences around the world to deliver keynotes. I am not there yet, but I am doing what I love, so there is that.

Any independent writer/consultant/speaker faces the challenges of surviving during hard times. Looking back, the luckiest thing that ever happened to me was getting hired by Gartner right at the beginning of the tech crash in 2000. My resume lists only two jobs I have ever held more that 15 months: the four years I spent at Gartner and the 16 years I have been an independent analyst. The tech depression of 2000 lasted just about four years.

In the Fall of 2008 I found myself re-launching IT-Harvest. My friend Leo Cole at Websense asked me to speak at two CISO dinners in New York City. We made reservations at two of the best restaurants in the city and had confirmations from 25 CISOs and Directors from large banks for each dinner. Gene Hodges would preside and I would offer my views on the IT security industry. The first dinners were at the Tao Restaurant on Wednesday, September 16, and the next night at the 21 Club. If you have seen The Big Short, you may recall the scenes in NYC that week as Lehman Brothers closed its doors on Monday. The Global Financial Crisis had started just as I was getting IT-Harvest off the ground. As you can imagine, the dinners were not well attended.

2009 was my most difficult year. Spending by vendors was curtailed immediately as they conserved cash. Marketing dollars are the first to be clawed back during a financial downturn.

Now we face a combined crisis of global pandemic and the resultant forcasted economic downturn. Surviving the pandemic is the first concern of everyone. Vendors, like all businesses, have closed their offices and required employees to work from home. RSA Conference 2020 was the last major security event to be held before most of the country went on lock-down. IBM, Verizon, and ATT, pulled out in the week before, and the City of San Francisco declared an emergency during the conference. Tens of thousands of attendees went home and into isolation.

Sequoia issued a warning memo to their portfolio companies on March 5, evoking a feeling of “here we go again,” in those that recall Sequoia’s famous memo of 2008 titled: “R.I.P. Good Times.” 

I was busy at RSAC launching Security Yearbook 2020 and getting ready for speaking gigs the rest of the “season” (the industry analyst business typically dries up in the summer months when events are hard to organize.) By March 4, every single event for the foreseeable future had been canceled or postponed to the Fall.

I could not be happier with the broad acclaim Security Yearbook 2020 has received. The launch was by far my most successful. But you should know that, unless you are Malcolm Gladwell or Michael Lewis, books do not make very much for non-fiction authors. It is speaking engagements and consulting gigs that come from book publishing that can keep you afloat.

Since speaking and consulting gigs are likely to be gone for months, what can I do? Well, one thing I can do is take advantage of the lull to write more! You may have noticed my increased frequency of posting here, and on Peerlyst, The Analyst Syndicate, and Forbes.

Posting to Forbes is a great outlet. My columns get tremendous visibility: 81,000 views of The Demise of Symantec, so far. I began exploring my past posts to Forbes. They go all the way back to 2010, when Andy Greenberg invited me to contribute my blog posts.

That gave me the idea to pull together a collection of my writing and turn it into a book. That is my project this week and next. I am going to publish Stiennon On Security: Collected Essays in record time. At the very least, readers will not have to slog through the clutter of ads and popups that Forbes forces on them.

As I did a first pass edit of 120 columns I noticed that many of them were inspired by video interviews that I did with founders and executives. With my current interest in the history of our industry (see Security Yearbook 2020) I began to think of those 150 interviews as a historical record. I have interviews with Udi Mokady, CEO of CyberArk, Amit Yoran, then CEO of Netwitness, Bill Conner, then CEO of Entrust, and Ruvi Kitov and Ruven Harrison, founders of Tufin. You can still see them all at www.vimeo.com/itharvest

That led to the idea: why not re-launch the video interviews? The last time I did them was 2016. We reserved the biggest hotel suite in San Francisco and brought in a four person camera crew to conduct 30 interviews in three days. I have been credited with starting a trend because we were the first at RSAC to do this. Now every security media company offers these. But the actual credit belongs to Phil Alape at Demos-on-Demand. (Phil is an experienced veteran of video production. Demos-on-Demand has created a great sales lead tool.) Wouldn’t interviews over Zoom serve the same purpose? In addition to executives of established firms I can interview the founders of a new generation of cybersecurity startups. That will give me plenty of material to write about.

Will this make it into Curmudgeon? That depends on the success of the new video series!

Posted on

That’s a Wrap. Until Next Year, RSAC.

My experience at the annual gathering of what seems like the entire IT security industry is different than most. Each year at the RSA Conference in San Francisco IT-Harvest reserves one of the biggest hotel suites in the city and outfits it as a video studio. Our flawless team of videographers at New Leaf Media haul in several carts of equipment, push all the furniture into a corner, hang an elaborate backdrop, and set up for a three-camera shoot.
studioshot
While everyone else is busy meeting, going to sessions, presenting, and walking the show floor, I am ensconced in our suite from 8 AM to 6 PM recording video interviews with industry executives, technologists, and thought leaders. Over the last six years we have recorded 150 such interviews.  I use them in my own research and embed them in my writing. If you are new to the IT security industry you could get up to speed quickly by watching these. They are hosted at www.vimeo.com/itharvest.

Here is the complete list of 29 video interviews conducted at RSAC 2016. We will be uploading them over the next several weeks.

Comodo. John Peterson is an old friend. We have interviewed him before. He joined us to talk about Comodo, which in addition to being the largest issuer of SSL certificates, offers PKI solutions for enterprise and endpoint protection for the desktop.

Vidder. I met Junaid Islam, CTO,  for the first time as I interviewed him about Vidder’s PrecisionAccess. Think white listing for access control. Users and their devices are authenticated before being granted access to only allowed applications.

Untangle. Untangle’s CEO, Bob Walters, explained how this UTM vendor is successfully executing on a go to market strategy for SMB; a rare approach in the UTM space where everyone wants to be an enterprise player.

vArmour. Former Deputy Under Secretary for Cybersecurity for DHS, Mark Weatherford, talked to me about VArmour’s security for workloads in the cloud.

CloudPassage. Amrit Williams, CTO of CloudPassage, and fellow alumnus of Gartner, talked about cloud security and protection across multiple platforms.

Digital Shadows. James Chappell, CTO and co-founder, introduced the concept of cyber situational awareness, an all-encompassing take on threat intelligence as it pertains to each customer.

Illumio. Andrew Rubin, CEO, returns to talk about how Illumine enforce policies across all workloads via a lightweight software agent that is installed in the operating system of any server, VM, or container. It collects network flows and workload information, and programs the native stateful firewall in the host (iptables in Linux, Windows Filtering Platform) to enforce inheritable protections.

Onapsis, the SAP security platform is described by Mariano Nunez, co-founder and CEO.

Cylance. Stuart McClure dropped by to update us on his machine learning informed endpoint protection solution. After two years, Cylance is gaining traction across many enterprises.

Hexatier is the re-branded GreenSQL.  I talked to the newly appointed CEO, Dan Dinnar, about enterprise adoption of cloud database firewalls.

FourV. Casey Corcoran, VP Strategy, described how FourV’s risk management platform calculates risk factors, in real-time, from the flood of existing security and IT systems data.

Flashpoint. Lance James, Chief Scientist, barely took a breath as he described the value proposition and power of mining the Deep&Dark web for threat intel.

Evident.io.  Tim Prendergast visited our studio to talk about Evident.io’s easy to deploy cloud policy management platform.

ThreatQuotient. John Czupak and Ryan Trost tag teamed an interview to talk about Threat Intelligence Platforms (Read more about TIPs in the IT-Harvest Threat Intel Market Research Report just published.)

Fortinet. Once again we talked to John Maddison, Senior VP at Fortinet about their extraordinary growth.

whiteCryption. Thorsten Held, Managing Director, introduced me to whiteCryption’s software HSM. A critical component of trusted communications.

Entrust Datacard. Datacard bought Entrust at an opportune time. I talked with CEO Todd Wilkinson about the growing market for digital certificates for identity.

Gemalto. Jason Hart, VP and CTO, had a wide ranging discussion about hardware HSMs and the wide breadth of enterprise security products at Gemalto.

Barracuda. I talked with Klaus Gheri, VP Network Security, about a new product Barracuda introduced to tie remote facilities back to the head office securely.

Cyren is executing on its strategy to branch out from being purely an OEM provider of URL and reputation feeds to dozens of security vendors. Lior Kohavi  returned to give us an update on Cyren’s stand alone product for advanced malware defense in the cloud.

Solutionary. John Petrie, CISO, talked about the company’s progress since the acquisition by NTT Docomo and future plans to consolidate MSSP services under a global umbrella.

Bomgar. Matt Dirks, the CEO of Bomgar, explained how the company saw an opportunity to expand from a secure remote desktop for customer support to privileged user management.

Vasco. Ken Hunt, a youthful CEO of one of the oldest security companies, described Vasco’s two-factor authentication and digital signature solutions for financial institutions and other industry verticals.

RedSeal. It was a pleasure talking to Ray Rothrock, CEO of RedSeal, once again. He introduced the concept of digital resilience and how RedSeal is building it into their risk management dashboards.

Arbor Networks. It is well worth watching the series of interviews I have conducted with Dan Holden, Director of ASERT, Arbor’s research team. This year, as always, we had a free ranging discussion on the past year’s developments in the threat space and trends he sees in the industry.

RSA Security. I talked with Sanjay Raja, Senior Director of Product Marketing. We had a great conversation about RSA’s product coverage and future plans.

Skybox. This year I talked once again with CEO and Founder Gidi Cohen. Skybox is looking to expand its position in the risk management space aggressively with the help of a recent infusion of $96 million. Ravid Circus chimed in on the technical side.

PhishLabs. John LaCour, Founder, talked about advanced techniques for hardening an enterprise against the scourge of phishing attacks.

Versasec. Joakim Thoren, CEO, introduced me to Versasec’s complete line of smartcard enabling products.

You can imagine that my head was packed full after three days of intensive talks with so many technology vendors. I think I was in a fog by the time I stumbled onto the show floor to see as many exhibitors as possible. I did take 15 minutes to present the results of just completed research on the entire IT security vendor space for RSA TV. Much more on that to come.

Watch this space where we will be posting each of the videos as they come out of post-production. That will give us enough content to talk about until BlackHat when we will be recording more!