One of the really cool things about this analyst gig is that we get to field client inquiry calls – 30 minutes where we hop onto the phone to speak with our clients and answer their questions about the topics that we cover. As of the week before Christmas, analysts on the security and risk team have jumped onto over 300 inquiries so far this quarter when not on a plane or on site with a client (and this is a slow quarter given all the holidays!). Vendors are one topic that we discuss quite a bit with S&R pros because, let’s face it, there’s are vendors that are really good at marketing and there are also vendors that just haven’t shown up on your radar.
Research report ideas are often born from inquiries as we notice trends in the types of questions that are asked. As we continue to hammer out research agendas for 2013, we’re thinking of adding a new stream of research for our security playbooks: Vendors You Should Know. It would not be the same as a Forrester Wave which compares established vendors, but rather a report which highlights smaller, emerging vendors that are disrupting the existing market with a unique, innovative technology or service to solve a client’s painful challenge or perhaps alter current approaches to information security. It’s a report to recognize emerging vendors who raise the bar, but may not necessarily raise the most buzz. These would be living research documents that are updated periodically as market events and technological developments warrant changes.
S&R pros, does this type of research appeal to you? Which areas would you like for us to identify vendors you should know? What business and security challenges are you grappling with where you would like to see us profile emerging vendors that could help?
Keeping up with the threat and IT landscape, looking ahead to future technology and disruptive technologies, and keeping up with the regulatory landscape to identify what it means to your organization is no small task. It’s also not a technology issue, but one that involves your most valuable asset: people. S&R pros, call it maintaining your security edge: keeping skills fresh, encouraging new ideas to flow, and preventing the security group from getting stale and set in their ways and habits. Fail to invest in your people, and an exodus of talent will the least of your concerns as a new type of internal threat is born. A security team and an organization that maintains their security edge will be better equipped to protect the organization and its assets through better decision making at all levels.
I’m kicking off research on this topic in the coming weeks, and would love to hear what you think it means to maintain your security edge. My initial ideas approach the topic from three angles:
Individual security contributors. These are the folks that need to keep their skills fresh and network with peers. Consider opening up opportunities for them to take continuing education courses, achieve certifications, or attend conferences. Encourage participation in online communities or social networks to connect with peers.
The security group as a whole. This is where group think may occur, and lead to less than optimal decisions, especially if there hasn’t been much focus given to the development of individual security contributors. Bringing in new blood and a fresh perspective with an external advisor can be beneficial. Or, perhaps, engage in information sharing with other organizations where appropriate.