Securosis

High-Level Overview

Securosis is an information security research and advisory firm dedicated to transparency, objectivity, and quality, with a strong focus on enhancing cloud security for organizations using field-tested techniques and frameworks.[1][2][3][5] It provides services like project accelerators, primary research publishing, training (including Cloud Security Alliance CCSK and Advanced Cloud Security programs), and custom consulting to help clients secure cloud deployments faster and more effectively without sacrificing agility.[5] Based in Phoenix, Arizona, the firm generates around $2 million in revenue with a small team of about 4 employees, operating in the market research and cybersecurity niche.[4]

Origin Story

Securosis was founded by Rich Mogull, who serves as Researcher & CEO, bringing over 20 years of experience in information security, physical security, and risk management.[3] Mogull previously held roles as Research Vice President at Gartner (where he co-chaired the Gartner Security Summit), independent consultant, web application developer, software development manager at the University of Colorado, and systems/network administrator.[3] The firm emerged from Mogull's expertise in data security, application security, emerging technologies, and security management, emphasizing a shift toward practical, transparent research amid industry hype.[3][5] Key team members include analysts like Adrian Lane (22+ years in database/data security, with executive experience at Ingres, Oracle, and Unisys) and others with backgrounds in security research firms like META Group, SHYM Technology, CipherTrust, and TruSecure, who joined after frustrations with vendor-driven hype to provide pragmatic advisory services.[3]

Core Differentiators

• Totally Transparent Research: Publishes the vast majority of research for free via blog and licensable papers, adhering to strict objectivity standards without vendor influence.[3][5]
• Cloud-Native Focus: Offers field-tested techniques, frameworks, and programs to make cloud environments "more secure" than traditional datacenters, emphasizing agility, resiliency, and cost savings.[2][5]
• Practical Services: Project accelerators with assessments, workshops, and support; customized training (e.g., CCSK, Applied SecDevOps); and retainer-based consulting drawing from real-world experience.[5]
• Expert Team: Leadership with deep industry pedigrees from Gartner, Oracle, and pioneering security firms, delivering pragmatic advice over hype in a cynical, battle-tested approach.[3]

Role in the Broader Tech Landscape

Securosis rides the cloud computing disruption, positioning itself as a guide for organizations transitioning to truly cloud-native models amid mainframe-era legacies, where agility and security benefits are realizable only with specialized frameworks.[5] Its timing aligns with escalating cloud adoption and security demands, countering overhyped vendor narratives with objective, field-tested methods that enhance cloud security postures.[1][2][3] In the cybersecurity ecosystem, it influences through free research, training, and advisory that democratizes high-quality insights, fostering better practices for enterprises and vendors in a market rife with compliance and threat challenges.[5][6]

Quick Take & Future Outlook

Securosis is poised to expand its niche in cloud security acceleration as hybrid/multi-cloud environments proliferate, with demand for its unbiased research and training growing amid rising threats like AI-driven attacks and regulatory pressures. Trends like SecDevOps maturity and zero-trust architectures will shape its trajectory, potentially scaling through more public classes and partnerships. Its influence may evolve by powering broader ecosystem adoption of "cloud-native secure" standards, reinforcing its role as the voice of reason in an increasingly complex security landscape—much like its founding obsession with transparency continues to cut through the noise.[3][5]