Login  |  Register  |  Contact


About Our Research

Who the heck are you guys? What do you do?

We’re just some security geeks who also happen to be industry analysts. Because we are practitioners, we believe that there’s far too much bullshit out there in the industry, so here’s a little corner for some people who know what they’re talking about and like to give practical advice you can understand. You can learn more about what we cover and how we cover it in our Research Library.

I’m sorry; did you just say a bad word?

In fact we did. If that offends you, you’ll probably want to hang out somewhere else. One of our core philosophies is “No Bullshit Research”, and that means we don’t always watch our language and never pull any punches.

What’s this “No Bullshit Research” thing?

It’s one of our guiding operating philosophies. Everything we tell you, in person or in writing, should be clear, pragmatic, and hype-free. If something (or someone) sucks, we’ll tell you it (or they) sucks. We hate overly complex models or tools primarily designed to sell big consulting contracts, and prefer pragmatic solutions. Being analysts, we still pontificate from time to time, but 90% of what we produce should help you directly solve the problems you encounter in completing your objectives. We’ve worked in the trenches, still remember how tough it is, and strive to give you useful advice to get your job done better, faster, and cheaper.

Why do you wuss out and only say “No Bull” on the home page?

We don’t want to get sued if your kid clicks on the bookmark.

How do you think you can compete with Gartner, Forrester, or the other big analyst firms?

We don’t. Gartner is a billion-dollar company that’s actually pretty good at what they do. We have a different business model, and while we’re still analysts, we target a different part of the market. We release the vast majority of our research for free, and use social media and web technologies to engage directly with end users without having to charge them. While we are working on some subscriptions products, but they are different than what’s offered by most analyst firms.

How can you give away your research for free? Don’t you have kids, dogs, and cats to feed?

While we give most of our research away for free, we charge for content licensing, speaking, webcasts, consulting/strategy work, and other projects. If you are interested in working with us, you can check out our services page. It’s kind of the rock band model – we give the album away for free, and make our living on tour (but we lack a bus, groupies, musical talent, or any sense of style).

Who pays you for this?

Most of our paying clients are vendors, followed by the investment community and then media (freelance writing). We do have some end user clients, but the truth is we talk to most of them for free and charge for research products and longer consulting/strategy projects.

If you take money from vendors doesn’t that make you biased? How can we trust anything you write?

Maybe, but we don’t think so. We developed the Totally Transparent Research policy to limit any vendor bias in our work, and to do so in a way you can validate for yourself. While the vendors pay many of the bills, we know that if we lose objectivity no one will listen to us, we’ll be essentially useless, and even the vendors won’t need us anymore. That doesn’t mean we don’t have strong opinions… we are advocates for end-users and provide actionable recommendations for that community. To be an effective advocate, you need opinions.

Why take money from vendors at all?

Because you are cheap. And if you aren’t, your procurement office or CFO is. The only way we can provide quality research is to charge you, or charge them. They have these things called “marketing budgets” and will do crazy stuff like spend thousands of dollars to put a one-inch logo on a PDF file. But only because we get boatloads of readers as we deliver the content for free, we don’t require them to register, and quite frankly, our stuff is really good! The reality is we don’t want to build a sales force to sell you syndicated research, so we use a different model.

What’s this Totally Transparent Research thing?

It’s the guiding principle of everything we do. It’s so important we dedicated a page to it.

How else do you limit vendor influence?

We have a few other policies to keep ourselves honest. We never write any primary research mentioning specific companies or products. We very deliberately avoid getting into the vendor comparison game, and you won’t see us producing any kind of vendor rating, magic boxes, or ranking documents.

We also do not provide custom quotes for press releases. If you see a quote from us, it came from published research and the source should be cited. We never charge for this, and any vendor, client or not, can quote our research (with permission, since we need to make sure it isn’t taken out of context).

If we are on a call (or IM, or email) with you giving you advice on products, we’ll tell you which companies we’ve worked with. We occasionally post our current customers on the blog, but don’t keep a single running list on this site since it changes so often (you probably don’t care about everyone we’ve ever done a webcast with).

We accept briefings from any vendor in any market we cover, free of charge. We don’t hold back on sharing opinions or our advice. We believe in karma, so if we do the right thing and add value to every conversation, most folks will look for opportunities to work with us.

In short, we’re incredibly anal about our objectivity, and while we take money from vendors we put as many controls as we can in place to limit inappropriate influence. Since we also do everything out in the open, so you can see where our research comes from and make your own decisions. We do criticize the other analyst firms for is being too closed and opaque about what they do, how they draw their conclusions, and why they say what they do. With Totally Transparent Research we can open things up so that even if you don’t agree with us, you’ll know why we take the positions we do.

Does that mean you’ll never give me advice on vendors or products?

Hell no – we love giving you our opinion. We won’t put it in a research paper or promote a vendor on a webcast, but we’ll do our best to give you direct, actionable advice on what may work better for you. Just read our blog – we write about vendor successes and failures all the time. We are acutely sensitive to the need for CONTEXT. What’s good for you might be bad for someone else, so before we give a recommendation we need to know a little about you and your organization.

What’s with the attitude and ego?

We are opinionated to a fault. It’s how we make our living. We are also very good at what we do – just ask us. The reality is that if we didn’t add value people wouldn’t pay us for our opinions. But we also hate the smug “Fortress of Solitude” attitude you get from a lot of analysts, and expect you to smack us upside the head if we act like that.

About the Research Library

What’s the Research Library?

That’s where we organize all our published work on a given topic – including blog posts, papers, presentations, and any other media or external links. Each page is dedicated to a single topic, and organized to help you find that information as quickly as possible. We think this is a great way to make things easier to find. We know the major topics people come to the site for, and by organizing them in the Library you’ll know what to read, in what order, rather than struggling with a search engine that gives you a gazillion irrelevant links.

Why don’t you have XX topic in the Library?

There’s only so much we can cover. We’re constantly adding to the Library, but we give preference to our core topics, where we know what we are talking about. If you have a request, just email us or comment on the blog.

Can I get a complete copy of the Library?

Sure – just subscribe to the RSS feed and it will show up in your feed reader. Whenever we update a page we change the date, so that should pop it up to the top of your the feed (depending on your reader).

About Securosis.com

Why do you make me register on the site?

We don’t – registration is totally optional for all our free areas. We don’t require registration to comment or otherwise participate. Frequent commenters can register and be put on a special list to avoid comment moderation. You can thank comment spammers for that. Please check out our Privacy Policy for more details.

What’s the deal with the two views/feeds for the blog?

When we first started the blog it was pretty much just Rich talking about his cats, workouts, and the occasional diatribe against the Security Industrial Complex. As we’ve added people and expanded our research we realized we were overloading people with some of our heavier research. While some of you want to dig in on our big, multi-part series’ on deep technical or framework issues, many of you are more interested in keeping up to date with what’s going on out there in the industry, and prefer to read the more in-depth stuff as whitepapers.

Thus we decided to split the feed into two versions. The Complete feed/view includes everything we publish. We actually hope you read this one since this is where we publish our research for public review, and we rely on our readers to keep us honest. The Highlights feed/view excludes Project Quant and heavy research posts. It still includes all our drive-by commentary (as we like to call it), the Firestarters, Incites, and Friday Summaries, and anything we think all our readers will be interested in.

Don’t worry, even if you stick to the Highlights feed we’ll still summarize and point to the deeper content.

Do you track my browsing?

We don’t do any user tracking, but we have logs like every other site out there, and if you register we get a little more information on you just because of how the system is built. We are big privacy freaks, and don’t even use Google Analytics or other tools that could violate your browsing privacy and expose it to an outside organization. We do track broadcast emails and newsletters sent using MailChimp and AWeber, but those stats are private to us and we never share them. Even if you are registered, we never provide your information to clients or any other third party. Though if you aren’t careful we may send you a holiday card.

What about FeedBurner? Doesn’t Google use that to track me?

Yes, so we’re moving away from FeedBurner. We started using FeedBurner before Google bought it, and if we just turned it off we’d break all our subscriptions. On the site all the RSS links are direct to us, and FeedBurner is only active to support old subscribers who haven’t switched yet. The direct link to the blog feed is http://securosis.com/feeds/blog. You can get updates in the research library at http://securosis.com/feeds/research.

Eliminating FeedBurner and other stats tracking doesn’t help our business, but our main priority is ensuring your privacy.

What’s “NoScript Friendly”?

The NoScript extension for Firefox is one of our favorites, and we use it for all our browsing. We designed the site to minimize any use of scripting, even if it meant dropping some functionality, given that we figure a lot of our visitors like NoScript as well. We do still use some scripting in places where we can’t work around it, but the major functions of the site should generally work without you having to enable any scripts. For some features JavaScript is a necessary evil, but you will never need it for the blog or Research Library.

Why didn’t you approve my comment? That’s just censorship!

Actually it’s because we don’t like you. To be clear, we don’t censor blog comments, and have implemented comment moderation only because friggin’ comment spammers were overrunning the site. We don’t allow personally insulting (to anyone) comments, or those totally off topic. If your comment didn’t get posted, it probably triggered our spam filter and you can email us to look for it.

What does the site run on?

This site runs on ExpressionEngine.

Who did your design work?

Insight Designs out of Boulder Colorado did our design template, and we implemented most of the site ourselves. Adam Khan of Engaging.net helped us migrate our old content over, and periodically cleans up the messes we make in ExpressionEngine.

Why do I have to sign up separately for the Daily Digest and the site registration?

We use MailChimp for emailing the Daily Digest and all our other content since it has a bunch of really cool features, and does a great job of sending out the RSS feed. The bad news is that it isn’t integrated into ExpressionEngine yet, so you have to sign up in two place. Don’t worry, we (and a lot of other people) are working on it and we hope to unify our subscriptions soon.

Random Questions

Favorite beer?

Arrogant Bastard by Stone Brewery. Actually, anything by Stone Brewery (and they have a blog). There’s really no reason to drink any other beer, except to remind you why you only drink Stone beers. If you work for Stone, please sponsor us. In beer.

Favorite coffee shop?

Press in Phoenix, AZ. We meet there all the time, and at night it’s a wine bar. (Special mention to Weather and Coffee, which is sadly out of business).

Where do you do Happy Hour?

We used to meet at a place called The Office, but it recently closed. Evidently we weren’t spending enough money there. We’re looking for suggestions in the Desert Ridge area of Phoenix, and since Press expanded their beer selection it’s working well as a temporary stand-in. Update- we’re excited to announce that Wolfley’s is now where the Office used to be, and has a better beer selection. We seem to have a new home.

Can I come?

Sure – if you are in the Phoenix area on a Friday afternoon, drop us a line.

Favorite Movie?

Star Wars, of course. With Pulp Fiction being a close second. If you disagree, we don’t want your business.

Favorite sport?

The NFL, by a mile. We also like the MMA stuff, and watch college basketball in March. So don’t be surprised if we come down with a case of Madness in mid-March and can’t schedule meetings.

Why don’t you follow me on Twitter?

Because you are boring and we don’t like you. Actually, we don’t follow anyone from the @Securosis corporate account – we follow people from our personal accounts. You can follow us here:

But we know a lot of people, so we can’t follow everyone, so don’t take it personally. We generally follow people we’ve had a beer with and don’t hate.

How many dogs and cats do you really have?

Rich has cats, Adrian has dogs, and Mike has kids. We won’t reveal the numbers or you’ll be able to guess all our passwords, but they are greater than 1.

What’s the combination on your luggage?

1-2-3-4. The same as all our passwords.