Author and industry analyst Richard Stiennon will be giving us an overview of the cybersecurity industry today in his presentation called “Getting To Know The Entire Cybersecurity Industry for DevOps.”
Some HistoryThe story begins in 1993, when Stiennon was an automotive engineer in Detroit. He moved into the world of ISPs as the internet gained household popularity. Things really changed when he joined an MMSP that joined forces with Check Point software—a company that was foundational to what was to become the IT security industry. This company, started by Gil Shwed, Marius Nacht, and Shlomo Kramer, created the market for commercial firewalls. They ended up largely responsible for the tech investment culture in Israel.
It wasn’t a straight path to success for Stiennon. Instead, it was a winding tale of opportunities and connections that resulted in contributing to the way that security is marketed today.
Is the Security Industry Consolidating?
One thing you may hear today is that the security industry is consolidating. Stiennon tells us that consolidation is a myth.
First, it’s not consolidation when, say, a company like McAfee acquires additional security companies. This is a larger company looking for opportunities and acquiring companies that show potential. More and more companies enter the space every year, finding unique niches in the security space.
Another myth around cybersecurity involves growth. In fact, growth is misstated:
You can’t grow from $2.5B in 2003 to $85B in 2013 at 9% CAGR (compound annual growth rate). It’s more like 34% CAGR. If the industry is really growing that fast, then perhaps we really don’t understand the size of the industry.
An Increase in Security Interest
Early on, threat actors weren’t as organized as they are today. That changed in 2003, thanks to the KGB and other actors, when cybercrime really took off. Additionally, cyber espionage kicked off a few years later. By 2013, Edward Snowden famously exposed the depth of NSA surveillance.
As these efforts grew, IT security spending grew as well. Now we’re at a point where we’re spending $335B on security. This won’t slow down until the threat actors go home or slow down.
Answer: No, We’re Not Consolidating
So let’s take a look again at the companies involved in all this spending. First, it’s interesting to note that of all the companies involved in security, few exist in the cloud security category. Additionally, back to the point about consolidation, if we have 2,336+ companies, then we don’t have consolidation.
The categories of companies cover a large variety of security needs. Early in the timeline, we started with network, data security, IAM, GRC (governance, risk, and compliance), and endpoint security vendors.
Now we’ve got a lot of new buckets that show the lack of consolidation again.
Ending With a Discussion of Categories of Growth
There’s plenty of evidence for growth in the cybersecurity industry. For example, there’s the security operation centers where we see people sitting in rooms monitoring security across large screens. This group will soon be automating responses to threats as they start to occur.
Another area of growth includes IOT security: not only for the IOT devices in your home but also in manufacturing and wherever devices exist.
Then there is application security. Application security is most familiar to us. That entails writing secure code and automating checks to verify that the developers deploy secure code.
Security analytics is growing as well. That’s because we have too much data. We’re not just finding the needle in the haystack but the needle in the needlestack. We need to analyze data to know when we’re getting attacked and to know how to stop the attack.
There’s also fraud prevention, which includes identity verification. It can work to prevent fraud in your organization and make sure that sales are valid. These companies also get bought up by Visa and other players in the credit market.
Other categories exist and new ones emerge frequently. Overall, the entire security industry is a growing and expanding field. New opportunities will continue to develop as the industry matures and threat actors find new vulnerabilities and opportunities. It is growing, not slowing.
This post was written by Sylvia Fronczak. Sylvia is a software developer that has worked in various industries with various software methodologies. She’s currently focused on design practices that the whole team can own, understand, and evolve over time.
Photo by Michael Dziedzic