Photo Credit: Iztok Alf Kurnik via Compfight cc
Many people outside the IT world have never heard of Forrester, Gartner, 451 security or IDAnalyst. They are unsure about what value these companies, and the analysts themselves, provide. But I think I’ve finally come up with a way to explain it:
Analysts look at a given market space, or problem space and try to understand it and convey this understanding to their clients in the form of advice. This is similar to a museum curator who works to understand an item given to him, for instance a vase. The curator aims to assess the value of the vase by assessing it by age, production source, characteristics, designer etc. Similarly the analyst aims to assess the value of a specific security solution in the ownership of his clients by assessing the characteristics of the solution and the vendor.
You could also compare the Analyst to a librarian who catalogues books, stacks and sorts the shelves and chooses which books, or categories/topics, get to occupy this month’s “recommended/promoted reading” shelves.
Obviously new books get written all the time, and we’re constantly expanding the size of the library, adding new shelves to encompass new topics or categories of books or expanding the size of existing shelves to fit an ever increasing volume in certain categories.
Some categories get retired as they become irrelevant, some are proven factually incorrect or were written on fundamental principles that have been discredited. Some solutions become irrelevant or are discovered to be fundamentally broken and are therefore discarded.
Whatever the fate of a given book, cataloguing and comprehending an entire world’s writing of books and knowing which books to recommend requires both skill and dedication. Therefore I think we all ought to respect the Security Analyst, just as we respect the librarian and the museum curator. They have an invaluable role to play.