Why Cybersecurity Analysts are the industry’s best advocates

What are the images you associate with a Cybersecurity Analyst? Maybe you think of a person who combs through breach reports, hunched over a security dashboard, working in isolation. 

But actually, the role of an analyst requires a strong ability to communicate with a wide range of stakeholders. And actually, they play an incredibly important role as advocates – or even spokespeople – for the cybersecurity industry as a whole. 

As well as working to observe and report on breaches and vulnerabilities, analysts speak for the sector. They shine a light on what’s working and call out what isn’t – and by doing this, they shape how the world understands cyber risk. They’re the bridge between deep technical insights and the wider business, government, and media landscape. 

When we interviewed Richard Stiennon (Founder and Chief Research Analyst at IT-Harvest), he said that this advocacy role has never been more vital. He’s been writing and speaking about cybersecurity since the mid-1990s, and he said:

“An analyst's full time job is to monitor their space. They have to keep track of new developments, trends, changes in the market, and threatscape and government regulations. While they can point out areas where vendors are making the wrong moves , they typically serve the industry by advocating for its efficacy. In effect, they are spokespeople for the industry.”

And at a time when cybersecurity is facing public misunderstanding and policy pressure, having this link between insider knowledge and external communication really matters. 

Analysts can translate complexity for a non-cyber audience 

Non-cybersecurity people don’t connect easily with technical security language. Within the industry, we speak in jargon (probably more than necessary – but that’s a conversation for another blog) and don’t have time to translate that into language that the general public can understand. 

Analysts have a critical skill set: they understand the tech, but they also know how to help other people understand it. They can talk about it without relying on technical language, and they do this in their reports, articles, keynote speeches, and interviews; which helps decision-makers grasp what matters and why. 

For example, when Stiennon wrote his book Secure Cloud Transformation: The CIO’s Journey it wasn’t just a technical dive into cloud security – it was a story-led, accessible guide to help business leaders navigate digital change. 

And the power of that storytelling shouldn’t be underestimated. Because while cybersecurity tech can be a discipline of ones and zeros, the way it impacts people and organisations is deeply human. Analysts build the connections between the tech and the human impact and present them in a way that everyone can understand. 

And they’re not just watching the industry – they’re shaping it too 

If you think of cybersecurity as a living ecosystem, then analysts are the observers perched on the highest trees. They’re tracking every move. That doesn’t mean they’re passive though; because through their commentary on everything they see, they shape the conversations happening across (and beyond) the industry. 

Stiennon’s business, IT-Harvest, is (in his words) “reinventing the industry analyst business, starting with cybersecurity.” 

“We are a data-driven analyst firm. While traditional advisory services are still an important part of what we do, the foundation is in the data we collect and curate on 3,570 vendors worldwide.”

That depth of data lets analysts spot trends that others might miss. For example, Richard shared that IT-Harvest analysed job postings across all their vendors last year and found something surprising: 

“In total they had 67,000 openings. That supports our data that 54% of all vendors have grown in headcount in 2023, despite all the dire warnings of a recession.”

Insights like this can flip a common narrative on its head. While headlines might scream about tech layoffs or economic slowdowns, the security industry is still growing – and that’s powerful information for investors, customers, and job seekers. 

Analysts can step up as advocates at events like Black Hat MEA 

Analysts don’t just influence from behind a screen. Events play a crucial role in how they do their work – and how they connect with the industry.

“Meeting people face to face is critical for an industry analyst,” said Stiennon. “Industry scuttlebutt, rumours, and explanations may be shared on a show floor that would not be communicated in a Zoom call or email exchange. Insights come from walking the show floor and absorbing the gestalt.”

At Black Hat MEA, analysts get a ground-level view of what’s happening. They talk to vendors, researchers, government reps, and security practitioners. They listen. And in doing so, they gather the kind of insights that can't be found on an internet forum or search engine.

It’s part of what makes analysts such valuable voices – they’re embedded in the community, so they hear the unspoken questions and pick up on emerging concerns long before those issues hit the mainstream.

Why analysts and advocates matter now more than ever 

Trust is a critical issue in cybersecurity. Effective security practices and technologies require trust from the public (who want to know their data is safe), from investors (who want to make solid portfolio decisions), and from governments that rely on private sector expertise to shape regulation and response. 

Analysts help foster that trust. 

They cut through the marketing noise and provide independent insights into what’s really effective. They challenge assumptions and highlight the vendors, ideas, and approaches that are truly making a difference. 

So when you’re reading a report, listening to a talk, or comparing cybersecurity vendors, remember: the analysts behind those insights aren’t just researchers. They’re storytellers. Advocates. Interpreters of an industry that, for all its complexity, is absolutely central to how we live and work today.