This RSA session was actually two separate presentations dealing with the misconceptions in the security industry. The first, by Richard Stiennon, chief research analyst at IT-Harvest, focused on some of the misconceptions in the industry and used data from his analyst research to demonstrate why these beliefs are not true. The second part was given by Gary McGraw, CTO Citigal, and dealt with the misconceptions around security and DevOps. You can get both presentations here: https://www.rsaconference.com/events/us16/agenda/sessions/2504/myth-busting-the-security-landscape-and-development
Richard first pointed out that the industry consolidation that everyone talks about is just not true. He points out there are 934 network, endpoint, data, IAM, and GRC security companies that he knows of today. Yes, there are acquisitions, but if there were truly a consolidation, each of these areas would have a few big players and maybe a few small outliers left. The reason we don’t see consolidation, he explained, is because the biggest companies can’t predict what is going to happen next in this market. It is just changing too fast. So the seed money goes to the little startups, which innovate and then get bought up. But there will always be startups, and many of them will remain independent.
Richard also claims that the growth rate cited by Gartner (4.7%) is woefully underestimating the market. Richard predicts the overall security market will grow at about 24% or more and that it will grow to be a $640 billion market by 2023.
With that kind of growth, no wonder there were 40,000 people at RSA and over 300 exhibitors!
Gary’s portion of the presentation listed the seven myths of security and development. As I’d already attended several DevOps-related talks this week – one of which included Gary – I had already heard many of these points, but the seven myths were:
We came up with own set of AppSec Fallacies as well. You can view the pdf here.