Security Thought Leaders

Introduction

Stephen Northcutt from the security laboratory conducts in depth interviews with the thought leaders in information security. For every novel security product, there is a thought leader, a man or woman of vision that sees the need and guides the creation of the security product. If there is someone missing whose voice you feel should be heard, drop me a note, stephen@sans.edu.

Table of Contents

• What is a Security Thought Leader - Updated November 18th, 2009
  
• Framework for Security Thought Leader Interview - August 26th, 2009
  
• Maury Shenk, TMT Advisor, Steptoe & Johnson - January 31st, 2010
  
• Chris Wysopal, CTO, Veracode - January 27th, 2010
  
• Amir Ben-Efraim, CEO, Altor Networks - November 25th, 2009
  
• Ed Hammersla, COO, Trusted Computer Solutions - Updated November 19th, 2009
  
• Amit Klein, CTO, Trusteer - September 27th, 2009
  
• An Interview with Ron Gula from Tenable about the role of a vulnerability scanner in protecting sensitive information - Updated August 13th, 2009
  
• A. N. Ananth, CEO, Prism Microsystems, Inc. - August 7th, 2009
  
• Lance Spitzner, The Honeynet Project, founder - Updated May 11th, 2009
  
• Jeremiah Grossman, Founder and CTO of WhiteHat Security - Updated April 24th, 2009
  
• Mike Yaffe, Director of Product Marketing, Core Security Technologies. - April 15th, 2009
  
• Chris Petersen, Chief Technology Officer, LogRhythm - March 13th, 2009
  
• John Pirc, IBM, ISS Product Line & Services Executive: Security and Intelligent Network - February 17th, 2009
  
• Leigh Purdie, InterSect Alliance, co-founder of Snare: Evolution of log analysis - January 28th, 2009
  
• Bill Worley, Chief Technology Officer, Secure64 Software Corporation - December 9th, 2008
  
• Doug Brown, former Manager of Security Resources, University of North Carolina at Chapel Hill - October 30th, 2008
  
• Amrit Williams, Chief Technology Officer, BigFix - June 30th, 2008
  
• Andrew Hay, Q1 Labs - May 13th, 2008
  
• Gene Schultz, CTO of High Tower - April 4th, 2008
  
• Tomasz Kojm, original author of ClamAV - April 3rd, 2008
  
• Bill Johnson, CEO TDI - April 2nd, 2008
  
• Gene Kim, Tripwire - March 14th, 2008
  
• Kevin Kenan, Managing Director, K2 Digital Defense - March 14th, 2008
  
• Leigh Purdie, InterSect Alliance, co-founder of Snare - March 7th, 2008
  
• Marty Roesch, Sourcefire CEO and Snort creator - February 26th, 2008
  
• Dr. Anton Chuvakin, Chief Logging Evangelist with LogLogic - January 28th, 2008
  
• Kishore Kumar, CEO of Pari Networks - January 23rd, 2008
  
• Interview with Dr. Robert Arn, CTO of Itiva - November 1st, 2007
  
• Interview with Charles Edge - September 15th, 2007
  
• Ivan Arce, CTO of Core Security Technologies - Updated May 6th, 2009
  
• Mike Weider, CTO for Watchfire - Updated July 23rd, 2007
  
• Interview with authors of The Art of Software Security Assessment - Updated July 9th, 2007
  
• Ryan Barnett, Director of Application Security Training at Breach Security, Inc. - June 29th, 2007
  
• Dinis Cruz, Director of Advanced Technology, Ounce Labs - June 11th, 2007
  
• Brian Chess, Chief Scientist for Fortify Software - June 9th, 2007
  
• Caleb Sima, CTO for SPI Dynamics - Updated May 29th, 2007
  
• An Interview with David Hoelzer, author of DAD, a log aggregator - May 1st, 2007
  

What is a Security Thought Leader

November 18th, 2009
By Stephen Northcutt

The SANS.org Security Thought Leader project began with a simple Google query back in 2007. I had landed on a web page of Cisco' titled: Cisco Federal Security Thought Leadership. I looked at the page and did a double take. It had topics, it had pictures, but it did not have people, well John Stewart was at the very bottom. So, I started wondering, just how does one define "security thought leadership"? I went to Wikipedia and their opening statement is: "Thought leader is a buzzword or article of jargon used to describe a futurist or person who is recognized among their peers and mentors for innovative ideas and demonstrates the confidence to promote or share those ideas as actionable distilled insights (thinklets)."

I do not totally agree with the definition, but since it is Wikipedia, it will evolve. But, key points of thought leadership clearly include:

• Person - things cannot be leaders
• Recognized by their peers, a person is not a thought leader simply because they call themselves that
• Mentors, a thought leader passes their information on to help others
• Temporally relevant, in these days of social media timing is just as important as content, news is being reported by the minute
• Originality, retweeting is important, but it is not enough
• Innovative ideas, the concept of intellectual leadership
• Shares ideas as actionable distilled insights, I was never big on the whole thinklet craze, but actionable makes all the sense in the world to me

In our industry, information security, we tend to overuse the term thought leader. I did a Google search, April 23, 2009 for "security thought leader" and there were 1,400 results. I am pleased to say that the top pages make more sense than they did just a year ago. Oddly, another thing ended up as page one, hit one from Google, a press release for "Oracle Recognizes Integrity as Oracle Applications Security Thought Leader". This is a bit scary, some company I have never heard of leads the entire planet as the number one, security thought leader. I have a lot of work left to go, but invite you to read the stories of Ivan Arce, Brian Chess, Anton Chuvakin, Marty Roesch, Ed Hammersla and many more.

How do you become a thought leader? It is not that hard, it is largely a matter of having and sharing informed opinions. Seth Godin in his book Tribes says that once a thousand people are following you on Twitter, Facebook or LinkedIn or a mailing list, you are leading a tribe, which is just another way of saying you are a thought leader. As a suggestion, try to be focused and pick a topic or subject and build your "street creds" around that topic. Ignaz Philipp Semmelweis was a well known doctor, but history will always remember him for instituting hand washing as a part of patient care. Pick the crusade that is right for you!

The Security Thought Leader project is now in its third year. Over the years to come I hope to introduce you to some really great men and women. They will each meet the criteria we have defined ( with Wikipedia's help ) for thought leadership. And I could certainly use your help, what are the chances I know everyone that is a real thought leader for a field the size of information security in a world as vast as ours? ZERO. So, if you know someone special that has made a major contribution to the field, give me an introduction please, stephen@sans.edu.



<<Thought Leader Home