In The Tech Trenches: Analyst Interviews – Richard Steinnon, IT-Harvest

For our latest In the Tech Trenches interview we spoke with Richard Steinnon, who is the Chief Research Analyst for IT-Harvest, the firm he founded in 2005 to cover IT security trends.

Richard head shot3 original 213What drew you to a career as an analyst and what do you enjoy most about your role?

I can’t say I was drawn to it, I fell into it. I was approached by Gartner; they were interested in my background working on firewalls and then I learned on the job. Lots of people said to me that ‘it’s the perfect job for you.’ I must admit that I do have a predilection for analysis! There’s nothing like standing at a podium in front of 5,000 people and laying down your insights on IT.

How does your firm differentiate from other analyst firms?

Against big firms, it’s just me – so because I have to cover more territory with my research, I see it all. My research is typically things that I publish on my website and through my Forbes column, although in December I am publishing my first market research on the threat intelligence space. Clients engage me to help with strategy workshops on their product direction, help them find financing, or acquisitions. I can also assist them with their responses to analyst questionnaires – for example, if they’re working on a Magic Quadrant. I also spend a lot of time reviewing proposed laws and legislation as part of my book writing efforts.

Are you launching any new services or research?

Recently I began putting together a database on the security sector and it contains 1,450+ players, and I’m looking to estimate the revenue and gauge the participation of every single player. I’m going to start to publish research on the overall make-up of the security space – geographically and by sector, individual focus, etc. Threat intelligence will be the first report. Then I’ll look at security analytics and cloud security as well as gateway security platforms.

 Describe your firm’s client base – which type of executives typically subscribe to your services?

Like most small analyst firms, 90% of my clients are vendors. I offer them strategic insights via a retainer-based model. Typically they are executive level staff. My end user clients are practitioner level up to CIOs and sometimes CEOs.

For vendor clients I also help make introductions to help with strategic partnering. When industry happenings occur they’ll put in a call to me to get my perspective. Other times it’s for help with lead generation. I also do a fair amount of webinars and public speaking. Each year at RSA – I run a series of video interviews with executives from key vendors – those will fit in well with how I catalog the space.

I’m also actively publishing books. My first analyst-focused book was Up and To The Right: Strategy and Tactics of Analyst Influence. The feedback I had from readers regarding ‘up and to the right’ was that people appreciated being guided through the thought process of the analyst. My second book will be called Curmudgeon – and that’s about how to be a successful analyst. I’ll probably release that about halfway through next year.

I also launched my latest book ‘There will be Cyber Warfare’ in October 29. The book’s about how cyberwar will be the next inevitable form of combat and that we will experience some kind of cyber event akin to Pearl Harbor: essentially, a lost battle due to the enemy dominating the cyber domain. Ultimately, the military also has to secure the things they build. They have a cyber-command and have to talk about IT ops, just like General Motors would have to talk about it. But the military has neglected the security of the things they have made for them, just as auto companies have. In reality you have to be concerned about the products you make and scan them for vulnerabilities.

What kinds of questions are you getting most frequently from your clients these days? And what kinds of questions do you think they should be asking more often?

My vendor clients ask for advice on marketing. If you want to stand out with a marketing concept, why not take another look at doing direct mail and run billboards in key locations? Maybe consider running an ad in a busy airport. It just seems to be that the telcos tend to take these approaches now, but I think tech vendors sometimes miss an old trick there. It’s the same with the quarter page ad you see in the Financial Times. They always seem to be selling watches. Why not network security gear?

With my end user clients, it’s the same thing. Their questions are often siloed. They sometimes go straight to thinking about which is the best firewall, endpoint or network admission control solution. They should ask more about the threats and the best way to counter them. They need to get out of product decision mode and think more about defense. Things are getting so complex and putting an overarching security strategy in place first helps them prioritize the product spend better. Ultimately, folks care most about not being on the front page of the news because of a breach.

Which developments in the world of technology interest you the most today? And which key trends have not received the attention they deserve?  

For general technology, I think the hottest thing going today is in the control system. It’s like the shift forward that happened when Apple had motion sensors fitted into the iPhone – this has evolved, leading to the developments we see today with drones. That kind of technology needs a really remarkable control system. Things have progressed a lot. 3D Printing is another very interesting area – that’s all about control. Sensors are changing the world, and self-driving cars are just one example of that.

For security, one really fascinating area will be protecting industrial control systems. In many cases people are deploying all these new Internet of Things orientated controls without any thoughts to security. The effects of an industrial breach are going to be much worse than losing your homework assignment, as in some cases people could lose their lives if key infrastructure fails.

What do you like to do to relax when youre not doing the day job?

I like to drink whiskey. I definitely like reading fiction – usually that’s sci-fi or turn-of-the-century novels. I recently read the book that the Martian that the film was based on, and I found that to be great hard science. I like to re-read the Lord of the Rings books every two years. The Moon is a Harsh Mistress is another favorite. I’m a big fan of Heinlein. I also like to cross country ski when I get the chance.

Closing commentary by Blanc and Otus AR: Key Takeaways

Thank you Richard for sharing your perspective. The B&O AR team has ordered our copy of your new book and we are looking forward to reading it! Richard raises some great points that vendor teams and tech decision makers should consider carefully. Here are some key takeaways:

  • Leverage Analyst Insight Early: Analysts can add the most value when shaping strategy during the formative stages. Use analyst insights early to bullet proof your product roadmap, go-to-market messaging and acquisition strategy.
  • Marketing, Embrace the Physical: While it’s essential to leverage traditional digital trends – and smoothly incorporate them into your communications strategy – you sometimes can’t beat the personal touch in the physical world. Traditional direct mail is now so under-used by B2B marketers that the vendors that do it well might have a much better chance of standing out than was the case in the past. As was highlighted in our updated tech decision maker study, it’s essential to marry both physical and digital channels to accelerate the sales cycle. Physical still matters, folks!
  • Run your Own Recon, Learn Front Line Lessons: It’s been said that when generals plan their new strategies they always end up planning to fight the last war. Avoid that mistake, look backward and Run analyst inquiries often to keep up to date on new approaches and lessons learned, as well as what is (and isn’t) working for customers.