Preface to the 2019 TAG Cyber Security Annual Volume 1

On Tuesday, September 18, 2018 - the TAG Cyber Team (now a whopping twelve of us in total) will be releasing our 2019 TAG Cyber Security Annual. The three-volume series will be available for you, as in previous years, as free PDF downloads from or from the websites of our fifty-three awesome technology sponsors. Below is the preface to Volume 1, which I sincerely hope will help save you time and effort as you navigate the complexities of our industry. I'll let you all know when the download link is live on the 18th!

To the Reader:

This is our third year offering cyber security industry coverage, advice, and analysis through our TAG Cyber Security Annual. We hope our efforts have saved you valuable time, effort, and money, because that is our mission: To democratize the availability of world-class cyber security industry analysis – to everyone – for free. When we started TAG Cyber, we assumed that enterprise network teams under Chief Information Security Officers (CISOs) would be our audience. Since then, however, we’ve learned that investors, entrepreneurs, reporters, teachers, civil servants, managers, and even board members find our work useful.

The first guide we developed in 2016 was essentially a text-book on fifty different vital aspects of running an enterprise security function for an organization. It introduced the TAG Cyber Fifty Security Controls, and created quite a stir in our industry – but perhaps not for the reasons we expected. Most of the commentary was that the material was too voluminous, and virtually impossible to digest in any meaningful way. Our response was that the three volumes were resources to support source selection and research, but we grudgingly accepted that maybe two-thousand pages of dense material was pushing things a bit.

The second guide we developed last year in 2017 was still a monstrously long work, but we spent an entire summer developing visuals to support our analysis in each of the fifty areas. A template was created that showed the first, second, and third generation observations and trends for each of the controls – and this worked out quite nicely. We have been receiving emails and notes from all over the world from practitioners finding the visuals helpful. And frankly, most of the input has asked that we continue to develop these visuals, and to continue to make things a bit shorter and easier to digest. (OK, we got it.)

Accordingly, this year's guide was designed to make things as user-friendly as possible. Obviously, we have updated content and analysis, but our focus was to shape our new Volume 1 into a much simpler read, one that could be consumed in a couple of sittings. This was a tall order for writers who can turn any little idea into a ten-page treatise that goes on-and-on. But we chopped and clipped and removed, and the result – as you will see, is a much more compact Volume 1 report that gets to the point quickly for each area. (And yes, Volumes 2 and 3 are still the size of encyclopedias – sorry.)

We are pleased to announce, however, that our super long-form reporting is not dead – in fact, much to the contrary. What we’ve decided to do is develop and issue our more extensive writing, research, and analysis for each of the fifty TAG Cyber Security Controls in a series of individual reports that we will make available to you for free on a weekly basis this coming year. Watch our Twitter @hashtag_cyber and @TAG_Cyber or follow Edward Amoroso on LinkedIn to get more information about these reports. Hopefully, this will feed your inner need (and ours) for more depth.

We also made some necessary updates to the fifty controls – adjusting the names of some, and adding relevant functionality or procedures to others. These changes came directly from our understanding of the industry and practitioners; that is, the original TAG Cyber controls included a heavy dose of pedagogical intent – which means that we included many items we believed should be there. But over the past three years, we have adjusted our more original view to match more closely what we see in industry. The good news is that every control change is for the better, in terms of cyber risk reduction.

We’d like to close here with a word of encouragement to those of you who work as practitioners protecting infrastructure across various business and government sectors from the potentially negative, or even disastrous, effects of cyber threats: Recognize that it is youwho currently maintain order in our society; recognize that it is you who keep essential services available for citizenry; recognize that it is you who make businesses secure for innovation and progress; and recognize that it is you who will ensure a vibrant global future where technology makes our lives better.

Keep up the good work – and we hope the information and research in our volumes provide you with some time to think.

Dr. Edward G. Amoroso

TAG Cyber LLC - Fulton Street Station on Broadway