“Curmudgeon: How to Succeed as an Industry Analyst” by Richard Steinnon. Book reviewed by U.S. Army Major General (Retired) John Davis, VP Public Sector, Palo Alto Networks.
Curmudgeon is a great read with lots of tips for cybersecurity professionals interested in understanding the industry analyst community and its substantial impact on the cybersecurity (or any) industry. However, I don’t recommend it for the Cybersecurity Canon Hall of Fame. I don’t say this as an indictment in any way of the author or his work. After all, Steinnon didn’t write this book with the Canon community in mind. His primary purpose is to help those interested in succeeding as an industry analyst and I think it serves that purpose exceedingly well. Additionally, it provides some best practices for many of the skills that are also required to be successful thought leaders in the cybersecurity community. It fills a niche role in the Canon for that alone.
Curmedgeon: How to Succeed as an Industry Analyst is a book I chose to review for the Canon because I have always been fascinated by cybersecurity industry analysts and their significant impact on our industry. The author, Richard Steinnon, is one of the most well-known cybersecurity industry analysts, so my thinking was - why not try to better understand the analyst community to find opportunities to shape an analyst’s understanding and influence, and help educate them about the latest innovations happening in cybersecurity? Besides, my family calls me a curmudgeon and on the book’s cover is a picture of a disheveled, sour-faced, grumpy-looking old dude with a giant fly resting on his balding head. How could I resist a lesson in self-awareness?
What I found out up front in Steinnon’s introduction is that I picked the wrong book. He actually wrote another book prior to Curmudgeon called UP and to the RIGHT: Strategies and Tactics of Analyst Influence. This was a book about his experiences consulting with cybersecurity vendors on how to influence Gartner (Steinnon was an analyst there) to improve a company’s position on the Magic Quadrant. This is a tool Gartner uses to rate companies on their completeness of vision and ability to execute (which are the two axes on a graph and why you want to be “up and to the right” with Gartner’s rating of your company). So, that is the book I should have started with instead of Steinnon’s second book, Curmudgeon. Nonetheless, here is my review of Curmudgeon and I’ll highlight some of the points that I think are relevant to some in the Canon audience.
If you’re interested in becoming an industry analyst, this is your book. In fact, Steinnon claims it’s your only book as there are no others on the topic. The book starts with examining whether or not you are “analyst material.” I would suggest that many of these qualities are relevant for some in the cybersecurity community. I especially enjoyed his explanation of why “storytelling” is such a powerful skill for many of us in the cybersecurity business. The author then takes the reader on a journey through the history of industry analyst business, which I found interesting.
Next Steinnon shares his thoughts about effective habits for analysts, some of which I would argue provide insight about how the cybersecurity industry could create and maintain better relationships with the analyst community to better serve the mutual interests of both parties. Then, the author dives into why he uses the curmudgeon term itself, and how an analyst can be one in the sense of performing his profession correctly. I found it surprising that being a curmudgeon analyst is not what I thought and, again, understanding this perspective of an analyst on these curmudgeonly qualities can help build a healthier relationship between them and the cybersecurity industry.
The book then provides a guide for how to become an industry analyst and some tips along the path. There are some golden nuggets for cybersecurity thought leaders in this part of the book. Examples include creating a website, your blog, a newsletter and managing your social media presence. The latter includes some great secrets to getting followers if that’s relevant to your role. The author provides some important advice about writing for other publications, speaking at conferences and writing a book…all relevant to cybersecurity thought leaders.
There’s a chapter in the book about starting your own analyst firm and I even found some portions of interest to the cybersecurity community in general. These include lessons about objectivity, how to take a briefing effectively and what to look for, speaking engagements, white papers, market research reports and consulting. There’s another chapter about what Steinnon calls the “influence channel” and I found some really superb insight on the following that I believe is relevant to the cybersecurity community: What a good vendor briefing looks like; Speaking and being efficient and effective in managing your speaking circuit; How to make a great presentation by telling a story; Impromptu speaking; Research; Writing; and other Do’s and Don’ts. In fact, I found the best nugget for the cybersecurity industry community in the influence channel chapter. Steinnon included excerpts from his first book, UP and to the RIGHT, about his advice to the cybersecurity industry companies on how to effectively brief analysts, how to build a relationship with analysts, how to form the overall opinion of your company and effectively plant a tagline in the analyst’s brain. It also includes information about making connections with analysts at conference, speaking gigs with analysts, how to handle analyst and investor days, talking to the press and daily flow of communication. A lot of great insight and some that I found surprisingly helpful, personally.
Finally, the book ends with a collection of different perspectives from six other well-known analysts and Steinnon’s description of what success looks like based on his personal experiences. There are also some very useful appendices on writing resources and a list of the various analyst firms.
In summary, Curmudgeon by Richard Steinnon contains some important insight for a portion of the Canon audience. However, it is written primarily to help industry analysts succeed and therefore not a Canon Hall of Fame contender. It is worth reading because it provides an understanding of the analyst profession, what makes an analyst “tick,” and tips to succeed. This is important to some in the cybersecurity community because an analyst’s influence can be significant on your business’s bottom line. It’s also worth a read because it provides some great insight and best practices for many of the skills that are also required to be influential thought leaders in the cybersecurity community, such as writing, speaking at keynotes and panels, what to look for during briefings, managing your presence in traditional and social media, critical thinking, and many more. It deserves a niche role in the Canon for that alone.