Logo
Richard Stiennon Headshot
Report a problem with this profile
[email protected]

Richard Stiennon          

IT Security Industry Analyst & Author of "Surviving Cyberwar," "There Will Be Cyberwar" & "Curmudgeon: How to Succeed as an Industry Analyst"

Richard Stiennon is the Chief Research Analyst for IT-Harvest, the firm he founded in 2005 to cover the 3,300+ vendors that make up the IT security industry. He has presented on cybersecurity in 31 countries on six continents and was a lecturer at Charles Sturt University in Australia. He is the author of "Secure Cloud Transformation: The CIO’s Journey," "UP and to the RIGHT: Strategy and Tacts of Analyst Influence," "Surviving Cyberwar," and The Washington Post Best-Seller "There Will Be Cyberwar." He writes for Forbes, CSO Magazine, and The Analyst Syndicate.

Additionally, Stiennon's "Security Yearbook 2020" was launched in February 2020. It is the only history of the IT security industry and is updated each year with a complete directory of all security product vendors listed by category and country. He has since released a 2021, 2022, 2023, and upcoming 2024 version. He also published "Curmudgeon: How to Succeed as an Industry Analyst" in 2020, the first book on how to become and excel as an industry analyst.

He is a member of the advisory board at the Information Governance Initiative and several technology startups. Stiennon was the Chief Strategy Officer for Blancco Technology Group, the Chief Marketing Officer for Fortinet, Inc., and the Vice President of Threat Research at Webroot Software. Prior to that, he was the Vice President of Research at Gartner, Inc. He has a B.S. in Aerospace Engineering and an MA in War in the Modern World from King’s College, London.

Speech Topics

Cyber Defense

With known adversaries from foreign governments to domestic surveillance the security challenge has changed from one of proper configurations and operational procedures to on of countering targeted attacks. In this presentation Stiennon describes the world’s best practices for thwarting sophisticated attackers.

How to create and staff a cyber defense team. Continuous monitoring coupled with security analytics is an additional required layer of defense. Lockheed’s cyber kill chain is the right approach, for now. Autonomous attacks will arise soon and the tools needed to thwart them are not even on the horizon.

The Revolution in Military Affairs Has Given Rise To The Real Threat of Cyberwar

Expanding on the topic of his Master’s dissertation at King’s College London Stiennon relates the history of the Revolution in Military Affairs within the major military organizations of the world and how the rush to Network Centric Warfare has laid the groundwork for cyber attacks and the incorporation of cyber weapons into each military’s battle plans.

Military preparedness is focusing on cyber offense to the detriment of defense. The rapid adaption of Network Centric Warfare has left most militaries vulnerable. The next war will be multi-domain, led by cyber.

How The Surveillance State Has Changed IT Security Forever

The rapid rise of surveillance by the NSA and other government spy agencies poses a new threat to every IT security department. Gone are the days when hackers, cyber criminals, or even espionage by foreign governments were the major driver of IT security investments. Since the 2013 revelations that the NSA had successfully executed on a mission of “information dominance” and “collect everything,” the new driver is massive data collection and how to counter it. Stiennon predicts that the IT security industry will respond quickly to this new threat with increased investments in encryption, key management, and the defenses required to protect the means of encryption. This will mean a tenfold increase, to $632 billion, in security spending by 2023.

IT Security spending is already growing at 24% a year. Four times what most analysts predict. Employment in IT security will grow tenfold The NSA is a threat that will be countered by a revolution in IT security technology.

Why Risk Management Fails

The three tenants of IT Risk Management are asset identification, value assessment, and vulnerability management. In this provocative presentation Stiennon demonstrates that all three are impossible and therefore time, money, and effort expended on risk management are misplaced. He advocates for a threat centric approach to IT security.

Take aways:

Most risk management programs are impossible to achieve and they do nothing to protect an organization from targeted attacks. Only by incorporating threat management can an organization counter advanced targeted attacks. In battle situations, leaders focus on threats, not risks.

Related Speakers View all

More like Richard