Our man on the street Matt Stephenson chats with Richard Stiennon about his upcoming book Security Yearbook 2020, a comprehensive history of the cybersecurity industry where he does a bottom-up analysis of all the vendors and key people who have made the industry as we know it today.
About Richard Stiennon
Richard Stiennon (@cyberwar) is Chief Research Analyst for IT-Harvest, the firm he founded in 2005 to cover the 2,200 vendors that make up the IT security industry. He has presented on the topic of cybersecurity in 29 countries on 6 continents. He is also a lecturer at Charles Sturt University in Australia.
Richard is the author of Surviving Cyberwar (Government Institutes, 2010) and the Washington Post best seller There Will Be Cyberwar, and he also writes for Forbes and The Analyst Syndicate.
Stiennon was previously Chief Strategy Officer for Blancco Technology Group, Chief Marketing Officer for Fortinet, Inc., VP of Threat Research at Webroot Software, and VP Research at Gartner, Inc. He has a B.S. degree in Aerospace Engineering and an MA in War in the Modern World from King’s College, London.
About Matt Stephenson
Insecurity Podcast host Matt Stephenson (@packmatt73) leads the Broadcast Media team at BlackBerry, which puts him in front of crowds, cameras, and microphones all over the world. He is the regular host of the InSecurity Podcast and host of ThreatVector.
Every week on the InSecurity Podcast, Matt interviews leading authorities in the security industry to gain an expert perspective on topics including risk management, security control friction, compliance issues, and building a culture of security. Each episode provides relevant insights for security practitioners and business leaders working to improve their organization’s security posture and bottom line.
Can’t get enough of InSecurity? You can find us at ThreatVector InSecurity Podcasts, iTunes/Apple Podcasts and GooglePlay as well as Spotify, Stitcher, SoundCloud, I Heart Radio and wherever you get your podcasts!
MATT: Hey, it's Matt Stephenson. Welcome to the very first video episode of InSecurity. I cannot think of a better person to ring in this entirely new era than Richard Stiennon.
MATT: You are the Chief Research Officer at IT-Harvest. The stack of books you have written was probably this tall when last we spoke.
RICHARD: Well yeah. This tall, yeah.
MATT: Well but if you stack enough of them up, we get that tall.
RICHARD: This is true.
MATT: When last we spoke you were in the process of working on the—
RICHARD: —Secure Cloud Transformation. But last week talked I was just having the idea, what is next for me? It turns into Security Yearbook 2020. A complete history of the IT security industry. Not the technology, not the hacks or the cyberattacks. Certainly not a history of cryptography, but a history of our industry. The vendors and the people that have made the $100 billion+ business that we're in.
MATT: Is that all?
RICHARD: Yeah. I'm thinking it's $300 billion, but I won't know until I'm done with my research, which is coming up pretty fast. I'm doing a bottom-up analysis, first time it's ever been done, of all the vendors. Then I estimate the revenue for each vendor. Then I add them all up and see what we get.
MATT: Now I notice when we have talked about this, and I've seen the imagery for it, it says 2020. The implication being that there could be a 2021?
RICHARD: There will definitely be a 2021. Each year I'm going to collect the stories from different pioneers in our industry and publish those as separate matter inside the book, inside the overall history. There's a never ending supply of people have done amazing things for us. Then I'll update it with all the changes that occurred the previous year. A record of the history as well.
MATT: We are at Black Hat this week in the larger Hacker Summer Camp. There's all kinds of things going on in addition. DEF CON next week. There's the Diana Initiative. There's BSides Las Vegas and a bunch of stuff that we don't even know about because it's too underground. A guy like you, who has been doing this since there's been a this, and knows everybody that matters in this thing. When you come out for these events, what is it that you're looking for?
RICHARD: One, I want to meet as many people as possible. But two, I walk the show floor and I get this vibe of what, at least, are the vendors seeing as the future of the industry? It usually takes about six hours on the floor, so over two days, to actually pick up on that. I always get that at our site.
RICHARD: Now even the vendors treat Black Hat a little like our mid-term thing.
MATT: It's a little edgier. It used to be at least.
RICHARD: Yeah. Edgier. But they don't necessarily bring out their innovations or their changes of direction at Black Hat. But it will be a really good test of where they industry is at. For instance, at RSA this year we had Microsoft, Google, AT&T all getting into the SIM space at once. That's a huge trend for that to happen. But now we've had enough time to see how's that going for them? I hope to pick up on that and see if they really think SIM is something that needed to be reinvented.
MATT: Are you seeing anything with regards to the coming 5G next revolution, evolution, whatever we call that, that's going to be impactful?
RICHARD: No. I've been writing about it because it just dramatically changes how we network. If now your cellphone gets faster speed than any corporate network can provide, other than the ones that use 5G, it means there's just going to be no way to extend the perimeter to everybody's cellphones. Other than new ways.
RICHARD: I'm watching what Zscaler's doing because they are definitely playing off of that. All of the so-called ‘zero trust’ networking. Let's just great a separate network, use GRE and tunneling. We'll just take everybody into our cloud and then give them access to the apps that they need. It's kind of a cool development.
MATT: Gives me something to do this week, aside from gambling.
MATT: Then I've got to do this. I know I'm putting you on the spot here. I overheard, you were talking with our producers beforehand. You don't have to give the secrets away or where you might have been when this nefarious activity came. I hear that you like to play craps.
RICHARD: I do like to play craps. That's my game.
MATT: There might have been a situation arose where you were doing better than they would have prefer?
RICHARD: Several times. As a matter of fact, usually if I'm at a table long enough they pick up on the fact that I'm trying to exercise dice control, which is just change the odds slightly in my favor. Reduce the number of sevens that I throw. If you played long enough you would start beating the house if you could do that. They pick up on what I'm doing because I'm probably too obvious, which is the next phase right? Okay, do the dice control but don't be as obvious. But I've been kicked out of Monte Carlo. I've been kicked out of here, the Mandalay. They don't have pictures of me yet.
RICHARD: I haven't been kicked out of the Tropicana. I always go back there. They're friendly and nice people there.
MATT: There we go. Not that people in Mandalay aren't nice, but Richard Stiennon cybersecurity expert hacking Las Vegas. That's what we're doing.
MATT: Shameless plugs. People looking for information about you and what you're up to. Where do they go?
RICHARD: Yeah. Always follow me on Twitter @cyberwar. You can find me at the website that's now that's up and running for security-yearbook.com. That'll be updated with all the stories as I get them written.
MATT: Get the first one because it's going to be a collector’s item. As always, you know where you can find us. We are at threatvector.cylance.com. On social it is @CylanceInc, @BlackBerry. I'm Matt Stephenson @packmatt73. See you soon!
Video postproduction services by Dusty Bibles Studio Productions: @dustybibles