Every year Mike, Adrian, and I get together for a couple days to review our goals and financials, and to make plans for the next year. This year we scheduled it in Denver, and by an amazing coincidence Jimmy Buffett was in town playing.

Really. I promise. Total coincidence.

I have been to more than my fair share of shows (and have to write this Summary on Wednesday because I will be at another show Thursday in Phoenix), but it was Mike’s first and Adrian’s second. Needless to say, a good time was had by everyone except Mike’s stomach. I warned him about the rum-infused gummy bears.

2013 was kind of a strange year for us. It looks like we grew, again, but a lot of it was shoveled into Q4. All three of us are running all over the place and cramming on projects and papers, hoping our children and pets don’t forget what we look like. I even thought about skipping our planning, but setting the corporate strategy is even more important than our other projects.

I went into this trip with an open mind. I knew I wanted to change things up a bit next year, but not exactly how. In part to do more direct end-user engagement, but also to allow me to continue my more in-depth and technical cloud and Software Defined Security work, which isn’t necessarily easily dropped into licensed papers and webcasts.

We actually came up with some killer ideas that are pretty exciting. I don’t know if they will work, but I think they hit a sweet spot in the market, and fit our skills and focus. It’s definitely too early to talk about them, and they aren’t as insane as building a new software platform, so launching won’t be a problem at all. We are going to hold back until January to start releasing because we need to finish the current workload and do the prep for the new shiny endeavors before we can talk about them.

And this is a great situation to be in. I just spent two days hanging with two of my closest friends and my business partners, catching a Buffett show and planning out new tricks for our collective future. I’m tired, and my brain is fried, but as I go back to the grindstone of the road and writing, I not only get to finish my year with some cool research, but I get to start planning some even more exciting things for next year.

Not bad.

On to the Summary:

Webcasts, Podcasts, Outside Writing, and Conferences

Favorite Securosis Posts

Other Securosis Posts

Favorite Outside Posts

Research Reports and Presentations

Top News and Posts

Blog Comment of the Week

This week’s best comment goes to DS, in response to Incite 10/23/2013: What goes up….

We’ve known for years (or should have known if we read the research) that security breaches don’t impact stock value. This is a trap many security folks find themselves in because they don’t understand their business, or business at all, so they use the most obvious and coarse metric of business impact.

The impact from a breach is complex and cannot be measured by one factor. There are fines and penalties. There are negative perceptions which can be leveraged against you (I can’t say how many sales calls I got from RSA competitors after their breach), there is lost productivity from having to divert resources to deal with customer complaints, there is lost focus on strategy while execs try to deal with the press requests and client enquires.

RSA’s breach cost around 100M if you believe the press. This is 100M not spent on developing new products or landing new customers, but instead spent preserving their base and protecting SecureID. This is not 100M well spent.