- Securosis is a new breed of IT research firm focusing on the broad information security and compliance markets. As opposed to relying on big sales forces and high pay walls, we publish our primary research for free on our blog. Yeah, we know, it’s different and scary. But it works.
In terms of our primary research model, our focus is to help mid-market IT and security professionals successfully execute on their projects, by providing actionable information to accelerate their progress. It doesn’t mean our research isn’t relevant to large enterprises and government agencies. It just means our primary constituency is someone who wears a security hat as well as a number of other hats on a daily basis.
Each week, Securosis publishes a ton of research on what’s happening in the security business, all focused on keeping our readers connected and focused on what’s important, not on the noise. Our weekly research includes:
Securosis FireStarter: Periodically Securosis holds an internal, no-holds-barred research meeting. Each analyst prepares a topic and the other analysts typically rip it to shreds. The end result is a thought generator that challenges our perspectives and demands further discussion. We publish the findings of that research to “stir the pot” a bit and get the echo chamber vibrating.
Securosis Incite: Something we’ve adopted from Security Incite is a hard-hitting summary of the news happening in our industry. Each Wednesday we send out 7-8 links with analysis of what’s happening out there and why it’s important.
Securosis Weekly Summary: Just in case you don’t have anything better to do over the weekend, on Friday we send out a list of things we’ve posted on the blog and also each analyst’s favorite outside post. This keeps you up to date on what we’ve been up to.
Ad Hoc Posts: Yes, the art of blogging is far from dead. During the week, once or twice a day we post something of interest. It could be a more detailed treatment of an announcement, something that’s been bothering us, or part of our primary research (which is always posted to the blog first).
For each of our coverage areas, we have a defined hierarchy of primary research documents we prepare to ensure deep coverage and actionable advice:
Understanding and Selecting: This series of posts provides the backdrop for each security domain. The research takes a product category perspective and helps readers understand why and how they’d use certain technology, and what is important when evaluating products and offerings. As an example, check out our work on Understanding and Selecting a Database Activity Monitoring Solution.
Building a [Topic] Program: The next level in our research is how to structure a security program to solve a specific problem. This is about more than just figuring out what product to buy, but the underlying processes and techniques required to address a specific problem. You can see our Building a Web Application Security Program for an example of this research.
Project Quant: For a select few coverage areas, we go very deep and actually define very granular process maps and establish metrics to quantify those processes for an aspect of security. We do a public survey to make sure we nail the process map and publish the survey results when we get a statistically significant sample. Check out Project Quant for Patch Management to understand this research.
Are you tired of having to hunt through screen after screen of crappy search results just to find the few bits of information you need? Or trawl through endless forums and unrelated blog entries just to educate yourself on a new topic? We are too… that’s why we created the Securosis Research Library.
The Library is designed to be your first stop when researching a new topic. We’ve collected our best blog posts, white papers, and multimedia materials together in a structure designed to help you find what you need as quickly as possible. Unlike search results or a wiki, we’ve organized the material for each topic in the order we think it will be most useful, rather than by date or some other arbitrary sorting method. We don’t cover every security topic you could think of, but we’re constantly expanding into new areas and filling in coverage that’s lighter than we’d like.
Where possible, for technology-related topics we include a list of Free/Open Source and commercial products. We try to keep these lists updated, but if you see something we are missing please email us so we can add it. This is just a list of what’s available in alphabetical order – we aren’t endorsing any particular products.
We update the material in the Library on an ongoing basis, and each entry is dated with the last update.
If you’d like to keep your own copy, just subscribe to the RSS feed. Since we update the date on each entry when we make changes, your RSS reader should keep a current, local copy of the entire library. Pretty cool, eh?
We hope you find it useful, and please email us with any suggestions, errors, or omissions.