UPDATE: After 10 years, the Library was taken offline in early 2026 due to insufficient funding. Thanks to all those who used it over the years. We regret not being able to continue supporting this community resource.
We launched the Cyentia Industry Research Library to curate cybersecurity industry reports, making them more accessible and useful for the community. It is and always will be free and open to the community. About 1.5 years after launch, it now contains over 2,000 reports, each summarized and categorized to help visitors find documents that match their topics of interest. There is some evidence that it is meeting this goal. For instance, Mark Chaplin – a Principal at the Information Security Forum – recently tweeted “One of the first places I go when performing research is the Cyentia Institute.“
Future Goals
We see a much larger potential for the Library but we have been limited in the time and resources needed
to reach that potential. Because of this, we are considering options for external funding to support this
effort that will benefit the cybersecurity community. We envision allocating these funds to pursue the
following goals/projects:
- Expand data sources: The Library currently contains only industry research reports in PDF
format. We would like to expand the range of documents to include academic publications, trade
journals, blog posts, etc. We would also like to include sources of raw data of various types
relevant to cybersecurity. - Automate contextual processing: The Library currently uses a keyword-based categorization
system to aid searching. To truly organize and contextualize the corpus of information in a
meaningful way would require text normalization, natural language processing, topic modeling,
deep learning models, etc. - Build analytic infrastructure: While we want the Library to support research and analysis, it
currently offers no functionality to aid those activities. We would like to develop functionality to
extract data and data visualizations, contextualize that data, support ad-hoc visualizations, etc.
Statista.com is an example of this type of functionality. - Rate source quality: Thus far, the Library makes no distinction among sources and documents
with regard to quality. That may be ok if the main goal is finding content. But if the Library is to
expand to support broader functions, assessing and rating the quality of content will become
essential. A quality standard would need to be developed and infrastructure deployed to enable
distributed assessments and scores. See draft of assessment criteria. - Perform meta-analysis: We ultimately envision the Cyentia Library as a type of Cochrane
Library, housing meta-analyses or “systematic reviews” for the cybersecurity industry. We used
the Library for this purpose in a meta-analysis of ransomware as a proof-of-concept. Together, the
previous four goals support the ability to perform meta-analyses of content curated by the Library
on a larger scale, including the production of formal studies and resources to facilitate users in
conducting their own meta-analyses.
We hope that an improved library service will have two major impacts on the cybersecurity industry:
- To become an influential source of reference and ground-truth for practitioners and decision-makers. This will also serve as an education to raise the level of scientific literacy within the industry.
- Serve as a guide for researchers on how to improve their research practices, what to report, how to report their findings, and to highlight where research is lacking
Interested in sponsoring or contributing to this initiative to expand the Industry Research Library? Reach out!