Three years ago – can’t believe it’s been that long – we released the Cyentia Library. Our goal was (and still is) to curate cybersecurity industry reports to make them more accessible and useful for the community. Academic sources provide many great tools for conducting literature reviews, but finding research on the practitioner side is surprisingly difficult. There’s no dedicated source for searching reports from security vendors and research firms. The Cyentia Library aspires to be that source.

But as any corporate strategy guru will tell you – aspiration isn’t execution. We started off quite well, growing the initial set of 275 reports to over 1,000 that are each summarized and categorized to help visitors find documents that match topics of interest. And there’s some evidence that the Library is serving the purpose for which we created it. For instance, Mark Chaplin, a Principal at the Information Security Forum, tweeted “One of the first places I go when performing research is the Cyentia Institute (Library).” That’s cool – thanks Mark!

As we grew the Library, however, it quickly became apparent that it was a much larger and more complex task than we first anticipated. Finding a couple hundred old reports is easy; tracking new ones as they’re released – not so much. The process of summarizing and classifying documents grows increasingly difficult as the size of the corpus grows. So too do the technical requirements for storing and processing that larger corpus. How do you track sources when vendors come and go, names change, and links to content aren’t permanent? Beyond that, we as a company have to prioritize projects that pay the bills. All that to say, maintaining the Library hasn’t been as easy as we thought for a variety of reasons.

We haven’t fixed everything with this new re-release, but we have addressed the underlying technical barriers preventing us from moving forward with improvements and new features. We totally rebuilt and moved the Library application, which is why you’ll be redirected from to Major thanks to David Severski for putting in a lot of his own time into that effort. The new site retains features of the old site, such as the “topic maps” designed to help you locate where and how much reports cover the things you’re wanting to research.

Every report in the Library has one of these topic maps. The topics covered are listed on the left and columns correspond to page numbers in the report. So it’s pretty clear that our IRIS 20/20 report discusses security incidents throughout and you can flip to page 14 if you’re mainly interested in financial losses from those incidents.

We also improved the way topical tags are applied to reports. I won’t get into the details right now, but this challenge has sparked many fascinating internal conversations and experimentation around machine learning and natural language processing. Expect some really cool updates in this area in the future.

Finding what you’re looking for, however, is not restricted to topics/tags assigned by us or by our bots. You can now search the library using terms of your choice. When viewing a particular report’s page, you’ll find a short summary, a listing of related reports, and a link to download the report from the source/vendor. The top tags assigned to the report are also shown and clicking on one of those tags will bring up more reports covering that topic.

If you like what you see, you can also subscribe to our newsletter to receive a periodic digest of new research added to the Library. You can also subscribe to an RSS feed for new reports in the Library or even subscribe to topic-specific RSS feeds. For instance, want to stay on top of new research on ‘vulnerability management’ or ‘risk analysis’? Great – monitor those feeds. And if you still don’t find what you’re looking for, you can let us know about reports we’re missing so we can add them to the Library.

We’re excited about this re-release and thank you for your patience during the prolonged period in which the old Library wasn’t updated with new reports. You should see a steady flow of new research and improved features from here on out. We do want the Library to be a beneficial resource for the cybersecurity community, so let us know how we can make it even more useful in helping you to find industry research. Thanks!

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.