Security Yearbook 2023

Richard Stiennon

IT Harvest Press, 2023


Navigating the Cybersecurity Industry Maze

The only way to understand the cybersecurity marketplace is to look at it from multiple perspectives.  Richard Stiennon takes on this task every year in his Security Yearbook including the just released 2023 Yearbook.  This challenge reminds me of the parable of the elephant and the blind men.  None of the men individually can describe the actual object.  I’m not sure if they ever figured out what they were dealing with.  Mr. Stiennon’s books are the best bet for you to start to grasp the security industry, if not fully encompass it.  I look forward to getting a copy every year.

If you are like me, you find it difficult to understand the real features and benefits of the many security products and services on the market. Vendors of products and services used to focus on a niche, like firewalls or endpoint.  Now everyone is offering a platform and “products” are morphing into “services”.  At the same time, creative start-ups are extending their technology and demanding attention from customers.  Creating a cost efficient and effective security defense is harder than ever.  The Yearbook is published every year and is a look at the security industry, including all of the 3,269 vendors operating in that space.  The book includes several content sections that will help you grasp this diverse marketplace.

The five perspectives reported by Security Yearbook include overview, history, business side, security incidents and detailed vendor directory.  First is overview.  The security industry is divided into 17 major categories, which are:

Network Security IoT Security Training
Data Security MSSP Deception
IAM Application Security Security Testing
GRC Fraud Prevention  
Endpoint Security Threat Intelligence  
Security Operations Email Security  


I wonder what next year will bring?  More categories?  Customers ultimately want cyber peace of mind, not GRC or Endpoint Security.  How will this affect the number of categories?  Will we have one category of cyber resilience, replacing all the others?

A brief history of key people, companies and technology trends follows the overview.  This is a fascinating history to be read and appreciated over time, not consumed in one sitting.  Cybersecurity was a simpler business and understanding where it started is a great advantage in understanding different vendor offerings.  So many of today’s products are combined offerings resulting from acquisitions.

The business side of the security business is obviously essential.  Ideas rise and fall depending on their ability to catch the eye of investors and/or customers.  If you are planning your cyberdefense strategy understanding this turmoil is key.  There are 3,269 vendors profiled in the Security Yearbook.  You can no longer just bet on “big blue” to stay safe.

The few vendor failures are discussed as a starting point.  Then the 322 M&A events of 2022 are listed, with discussion of the major events.  Finally, the 451 funding rounds for 2022 are listed, ranging in value from $1.4B (Splunk) to $0.1M (Identitypass).  If you are considering utilizing a smaller vendor, you need to have this list.  By the way, Security Yearbook is global in scope; Identitypass is based in Lagos, Nigeria (they also seem to have raised more funds, according to Tech Crunch).

An important aspect of the security market is security incidents.  In fact, a lot of products and product categories were developed in response to attacks and breaches.  The major incidents are profiled by month, with short analysis.  It will be up to creative entrepreneurs to figure out which event can spawn a new security product or category.

The final 89 pages is an alphabetical listing of the 3269 vendors;  information on each includes location and category.  Further information will be available through IT-Harvest’s dashboard.

One Security Yearbook use case for me is education and teaching.  It is fine to teach students about CIA and CSF, but I emphasize also KYI (Know Your Industry).  They will not be able to implement CIA without judicious and informed application of vendor products and services.  The sooner they start learning this the better.  In this industry, we are all students and need to keep learning.




About the Book Reviewer

Frederick Scholl

Frederick Scholl is an accomplished Global Senior Information Security Risk Manager. Dr. Scholl earned a BS and Ph.D. in Electrical Engineering from Cornell University. In 1991, Fred founded Monarch Information Networks, LLC to enable forward-thinking organizations to protect their information. Previously, he co-founded Codenoll Technology Corporation (NASDAQ: CODN). He chaired the IEEE committee that wrote the first standard for Ethernet communication over fiber optic links, now used world-wide.