We're all familiar with the best-known graphics, in which there are #WINNING parts of the page and #LUSING parts.
In fact, I like anything that lays out concepts and relationships so that I can pick them up at a glance, like this lovely "subway map" from The Real Group.
I've argued that my employer needs a "magic dartboard" so that we could write reports like this:
"Vendor X is in its third year right next to the bullseye. On the other hand, Vendor Y took a wrong turn recently and is now firmly wedged in the fake wooden paneling on the wall."
I myself have presented a Punnett Square of Doom before; we have Christofer Hoff's Hamster Sine Wave of Pain; and we have the one that started it all, Andrew Jaquith's Hamster Wheel of Pain.
Someone even proposed a magic quadrant for analysts, with one axis being "ego" and the other being "clue." (I'm not drawing that one up; someone else will have to do that.)
However, the issue in drawing something out, especially as a chart or graph, is that people want to see numbers (mostly so they can argue with them: "We should be at least 3.5 to the right!"). And where there are numbers, there is a danger of misleading math holding it all together: quantitative depictions of what are really qualitative properties.
I don't think anyone means "20/300" when describing a company's vision.* There's also a tendency by decision-makers to turn the positioning into a binary sort of proposition: "Upper right or not? Okay, I'll sign the purchase order."
I've never had a discussion in which I successfully argued for one vendor over another based on one being eighteen pixels down but twenty degrees north-northwest of the equator.
So what kinds of graphics are useful without turning the exercise into a rating system?
I started a mind map of vendors in one particular sector, in which I simply tried to categorize them by offerings, show who was reselling whom, and who was partnering with whom. It turned into a confusing mass of spaghetti faster than you could say "al dente."
It certainly wouldn't help anyone who was trying to evaluate products.
The problem is, sectors within security are blurring and merging, companies are building out portfolios, and everyone's adding discrete functionality from different categories. Static and dynamic security analysis, for example, aren't separate revenue streams for some vendors who do both, and it'll just get more muddled when you add "glass box" or "hybrid" testing to the mix.
To make matters worse, some vendors invent a new sector for themselves: "We're not Category X! We're next-generation big data hybrid security snorkeling!" There just aren't enough drinks at RSA to make up for that kind of headache.
So any kind of graphic that I can come up with to depict market placement is going to look more like Jackson Pollock than a fixed geometry, maybe with contrails behind some of the vendors going in different directions from their current paintdrop.
Especially with the startups, the best I could do would be to create a magic pinball machine. I'll mull it over some more and let you know what I come up with for the next report.
*Although it would be really fun to get into business astigmatism or technology presbyopia. Hey! Magic Spectacles!
Cross-posted from Idoneous Security