Richard Stiennon Headshot
Report a problem with this profile
[email protected]

Richard Stiennon        

IT Security Industry Analyst & Author

Richard Stiennon is Chief Research Analyst for IT-Harvest, the firm he founded in 2005 to cover the 2,387 vendors that make up the IT security industry. He has presented on the topic of cybersecurity in 31 countries on six continents. He was a lecturer at Charles Sturt University in Australia. He is the author of Secure Cloud Transformation: The CIO’s Journey and Surviving Cyberwar (Government Institutes, 2010) and Washington Post Best Seller, There Will Be Cyberwar. He writes for Forbes, CSO Magazine, and The Analyst Syndicate. He is a member of the advisory board at the Information Governance Initiative and several technology startups. Stiennon was Chief Strategy Officer for Blancco Technology Group, the Chief Marketing Officer for Fortinet, Inc. and VP Threat Research at Webroot Software. Prior to that he was VP Research at Gartner, Inc. He has a B.S. in Aerospace Engineering and his MA in War in the Modern World from King’s College, London.

Speech Topics


Why Risk Management Fails

The three tenants of IT Risk Management are asset identification, value assessment, and vulnerability management. In this provocative presentation Stiennon demonstrates that all three are impossible and therefore time, money, and effort expended on risk management are misplaced. He advocates for a threat centric approach to IT security.

Take aways:

Most risk management programs are impossible to achieve and they do nothing to protect an organization from targeted attacks. Only by incorporating threat management can an organization counter advanced targeted attacks. In battle situations, leaders focus on threats, not risks.

How The Surveillance State Has Changed IT Security Forever

The rapid rise of surveillance by the NSA and other government spy agencies poses a new threat to every IT security department. Gone are the days when hackers, cyber criminals, or even espionage by foreign governments were the major driver of IT security investments. Since the 2013 revelations that the NSA had successfully executed on a mission of “information dominance” and “collect everything,” the new driver is massive data collection and how to counter it. Stiennon predicts that the IT security industry will respond quickly to this new threat with increased investments in encryption, key management, and the defenses required to protect the means of encryption. This will mean a tenfold increase, to $632 billion, in security spending by 2023.

IT Security spending is already growing at 24% a year. Four times what most analysts predict. Employment in IT security will grow tenfold The NSA is a threat that will be countered by a revolution in IT security technology.

Cyber Defense

With known adversaries from foreign governments to domestic surveillance the security challenge has changed from one of proper configurations and operational procedures to on of countering targeted attacks. In this presentation Stiennon describes the world’s best practices for thwarting sophisticated attackers.

How to create and staff a cyber defense team. Continuous monitoring coupled with security analytics is an additional required layer of defense. Lockheed’s cyber kill chain is the right approach, for now. Autonomous attacks will arise soon and the tools needed to thwart them are not even on the horizon.

The Revolution in Military Affairs Has Given Rise To The Real Threat of Cyberwar

Expanding on the topic of his Master’s dissertation at King’s College London Stiennon relates the history of the Revolution in Military Affairs within the major military organizations of the world and how the rush to Network Centric Warfare has laid the groundwork for cyber attacks and the incorporation of cyber weapons into each military’s battle plans.

Military preparedness is focusing on cyber offense to the detriment of defense. The rapid adaption of Network Centric Warfare has left most militaries vulnerable. The next war will be multi-domain, led by cyber.

Related Speakers View all


More like Richard