Welcome to the 2020 Security Annual from TAG Cyber

You can download the free PDF today at https://www.tag-cyber.com/.

As you will notice, this year’s work looks different from what we’ve done in the past – and hopefully, you’ll agree it’s so much better! Liam Baglivo and I decided last year that we wanted to improve the shape and feel of our work, commensurate with our goal of always exceeding your expectations (and our own too). After a bit of searching, we discovered the fantastic design team at WKSHPS in Manhattan. And after a couple of meetings in their cool office (polished plywood floor and rows of gorgeous books in their conference room), we agreed to work together on this book. And that’s how the new 2020 work you have in front of you was born.

As always, our goal is to democratize world class cyber security industry research and advisory material to the masses (that’s you, by the way). We thus provide the narratives, articles, and interviews of this book as an aggregate collection of cyber security industry market reporting. Each section is intended to be crazily useful and insanely free and open source. Every business advisor I’ve engaged during the past three years has begged me to sell our reporting. Yet we remain convinced that the information should be free. Recall the observation from Stewart Brand of Whole Earth Catalogue fame: “Information wants to be free, because the cost of getting it out is getting lower and lower all the time.” He was right.

The themes of our 2020 work remain consistent with observations from past years: Cloud services continue to improve and become more secure (Capital One notwithstanding); mobility is more embedded in day-to-day computing habits; perimeters are being dissolved under the new flag of Zero Trust Security (ahem, coined at Forrester); automation continues to drive more streamlined processes, especially in the hallowed Security Operations Center (SOC); and the use of artificial intelligence – deep learning, in particular – is coming into its own as a legitimate means for detecting previously observed malware and attacks based on learned patterns. Yes – 2020 is likely to shape up as another truly exciting year in cyber security.

And yet – there remains much that is sadly depressing about our industry. One issue is that new security start-ups are being spawned at an unsustainable pace and with bad mission statements. Here’s a common refrain: “I learned cyber while running an elite military group,” claims the founder of ACME Cyber, “so I founded ACME to cash in big time. Uh, did I really say that last thing out loud? Can we cut that out?” OK – so perhaps this is a bit of an exaggeration, but you get the idea. My advice to new companies: Figure out what you honestly believe in. Then decide if a cyber security company is consistent with your beliefs. What you do is less important than why you do it. Making money is no reason to start a company. Take it from me.

Unlike in past years, we did not make any changes to the TAG Cyber Fifty Controls. The control categories still worked for our analysis, albeit with different emphases in our commentary. (We try not to invent new categories each year for marketing purposes, like Gartner). And most of our Trend Charts are also largely consistent with previously published graphs – again, with some adjustments commensurate with observations made in 2019. Our goal is for these chapters to become a useful roadmap for your strategy and tactics in building a cyber defense.

Throughout 2020, we’ll be issuing these chapters as individual Market Reports. So, watch for weekly reissuance on social media and the TAG Cyber website – which we redesigned this past year. And on this topic of websites, we decided this year to embed and maintain our massive list of cyber security vendors in a database accessible on-line. The TAG Cyber website thus includes a link for users to gain access to the database and to run basic queries to find companies of interest. Each of the fifty control discussions in this volume include lists of companies that cross-reference with the topic of that chapter – so this will provide an initial guide. Security engineers and other interested parties can thus easily figure out which vendors are providing GRC support, or which happen to mention Wisconsin in their title, and so on. We are building more advanced query capability now. I hope it helps you. Oh – and it’s free, of course.

To close, I will offer my annual pep talk: I wish I could just say to keep up the good work, and many of you are maintaining excellent security protection for your organization (or at least yourself). But many of you are not, especially in the United States Government, where the level of cyber security support is openly acknowledged to lag. If you are in this category, then please do whatever is necessary to step up your game. This volume provides a basis for action by cyber defenders to significantly improve their protections. I know that most security schemes are weak for other reasons – politics, budget, personality, bad bosses, and on and on. But this is no time for excuses: Use the work provided here to take things to the next level. Start today.

Dr. Edward G. Amoroso, September 2019

Chief Executive Officer, TAG Cyber LLC

Fulton Street Station on Broadway