The thoughts and ramblings of Martin Mckeay

Tag: Survey

451 Group on API Trends – Spot On, for the Intended Audience

Today’s post for ‘Too Long; Did Read’, is a review of the 2022 API Security Trends Report, written by Dan Kennedy of the 451 Group/S&P for noname Security. Going forward I’ll add a couple more pieces of information to each post: Is it behind a registration page and how long of a read is it. Alex (@alexanderjaeger) suggested the first, because many of us won’t fill in the fields needed to get to a report behind a regwall. The second I’m adding because the amount of time needed to read a report often influences if it’s read or not. A 10-page report with one or two redeeming qualities can be easier to read than a 100-page report with buckets full of interesting stuff.

Overall Impression – For its target audience, this paper is one of the best I’ve read this year. It has significant analysis scatter throughout, it uses plots appropriately, and the colors are easy to read, for the most part. You have to keep in mind that this is an analyst’s report, so it’s based on survey data. I generally think of surveys as ‘soft data’ and do not hold this type of information in the same regard as data from logs, alerts, and other data taken directly from sensors. This is definitely a personal bias, but I’ve seen too many surveys done badly over the years.

The intended reader is anyone considering the future of APIs. This includes organizations creating the next wave of products, both engineers and marketing teams. CSO’s who want to know their peers experience with current technologies will get a lot out of the API Security Trends Report, as well as teams looking to better understand API protections before making a purchase. It is not for front-line blue/red teams or other security professionals who want deeply technical knowledge. Which is not what we should expect from most analyst reports in the first place. I give this report a solid A.

Reg Wall: Yes – https://nonamesecurity.com/api-security-trends-report

Length / Read time: At 17 pages, this report took me 45 minutes to read and take notes on. A casual read should take 15-30 minutes.

Continue reading

PwC Survey – Decent report, too little analysis

I’m repurposing the initialism ‘TL: DR’ to mean ‘Too Long: Did Read’. I have been writing industry reports since 2015 and reading them far longer, which gives me a wealth of experience to assess the content of industry reports so you don’t have to.

I’m kicking off this series with the PwC’s Global Economic Crime and Fraud Survey 2022. I found this report while reading Lori MacVittie’s monthly newsletter, The Tech Menagerie. As my friends in Boston would say, Lori is ‘wicked smaht’ and someone you should follow. Note: none of my friends actually talk like that unless they’re making fun of their own home town.

Overall impression – This not a cybersecurity report, it’s a report for CFOs, CMOs, and other executives looking for information about fraud in the industry. It’s worth reading for a security professional because it reflects the concerns those executives are worried about. Survey data is one of my least favorite ways to build a report, but PwC is correct in framing this as opinions, rather than facts.

My key takeaway from the report is the rising concern about hackers and cybercrime among executives across all industries. My key complaint is the lack of analysis in the report. ‘Here’s the data’ is different from ‘Here’s what the data means.’ I’d give this report a solid B, which could have been an A with additional analysis.

Continue reading