There's a big brouhaha going on in the security blogosphere right now about Amrit and Rich leaving the analyst world to become high-level security excutives at vendors - Matasano, Shimel and Rothman all have weighed in with their thoughts on it. And, far be it from me to be quiet on such an interesting topic.
The general thrust of the argument seems to be thus: on the anti-"analysts taking jobs with vendors" side, how can analysts be independent if their next job is likely to be with a vendor? Doesn't that make them biased?.
And on the pro "analysts taking jobs with vendors" side, analysts are people too. They have families to feed. And if we didn't listen to Gartner et. al. so much, we wouldn't care.
And both sides have a great point - it's hard to trust an analyst when you don't know who he/she is negotiating with behind the scenes - it's one of the reasons that the SEC used to restrict the activities of analysts within investment firms. Note that I said "used to" - these restrictions were gradually lessened as banks and investment firms merged repeatedly through the 80s and 90s, and eventually, the system failed in a most spectacular way. If you read Bethany McLean's brilliant work on the Enron case (the book and the movie), she details the way that the dependence of the investment firms on investment in Enron from their customers kept their analysts mouths shut.
At the same time, I have slightly less sympathy for companies who treat Gartner's opinion the same way that we treat Wall Street analysts - this is especially true in security. Generally, companies are treating the analyst community "like demi-Gods" (in Alan's words) because of a single pervasive belief:
"Outside people are smarter than inside people" (Actual quote from a co-worker)
Unfortunately, that one's a hard-wired neurological tendency to have - we take for granted what is close to us every day, and we start to develop a resistance to the things that we persistently hear. It's why consultancy is such a huge business, and why there are so many persistent jokes about it: "what's a consultant do? Takes your watch, tells you the time, and keeps your watch". So, companies are always going to need outside advice. Unfortunately, we end up going mostly to people who make "demi-god pronouncements" rather than teaching via the Socratic method.
So, to this end, I'm making an announcement, in the spirit of the geniuses over at 7-Up (the Un-Cola) - I'm hereby declaring Episteme to be the first "Un-Analyst" firm. I'm going to give lots of opinions in the form that make people think about what they're doing and how it fits for their environments. And I'm going to spend a lot of time asking questions that make people think and lead them to find their own answers. There are going to be papers written about how things are and asking questions about how they should be - killing sacred cows and questioning "that's how we've always done it". And using the 5 Whys a whole lot.
And I'm not going to give "demi-god" like pronouncements - only push people to think about how to build technology, teams and careers through asking a lot of questions. And through teaching people how to tell time rather than by taking their watches.
Perhaps I'll make the logo a big question-mark.