Interactive Courses + DFIR NetWars Available During SANS Cyber Security Central in June. Save $300 thru 5/12.

Thought Leaders

Table of Contents

What is a Security Thought Leader

Stephen Northcutt - November 18th, 2009

The Security Thought Leader project began with a simple Google query back in 2007. I had landed on a web page of Cisco' titled: Cisco Federal Security Thought Leadership. I looked at the page and did a double take. It had topics, it had pictures, but it did not have people, well John Stewart was at the very bottom. So, I started wondering, just how does one define "security thought leadership"? I went to Wikipedia and their opening statement is: "Thought leader is a buzzword or article of jargon used to describe a futurist or person who is recognized among their peers and mentors for innovative ideas and demonstrates the confidence to promote or share those ideas as actionable distilled insights (thinklets)."

I do not totally agree with the definition, but since it is Wikipedia, it will evolve. But, key points of thought leadership clearly include:
  • Person - things cannot be leaders
  • Recognized by their peers, a person is not a thought leader simply because they call themselves that
  • Mentors, a thought leader passes their information on to help others
  • Temporally relevant, in these days of social media timing is just as important as content, news is being reported by the minute
  • Originality, retweeting is important, but it is not enough
  • Innovative ideas, the concept of intellectual leadership
  • Shares ideas as actionable distilled insights, I was never big on the whole thinklet craze, but actionable makes all the sense in the world to me
In our industry, information security, we tend to overuse the term thought leader. I did a Google search, April 23, 2009 for "security thought leader" and there were 1,400 results. I am pleased to say that the top pages make more sense than they did just a year ago. Oddly, another thing ended up as page one, hit one from Google, a press release for "Oracle Recognizes Integrity as Oracle Applications Security Thought Leader". This is a bit scary, some company I have never heard of leads the entire planet as the number one, security thought leader. I have a lot of work left to go, but invite you to read the stories of Ivan Arce, Brian Chess, Anton Chuvakin, Marty Roesch, Ed Hammersla and many more.

How do you become a thought leader? It is not that hard, it is largely a matter of having and sharing informed opinions. Seth Godin in his book Tribes says that once a thousand people are following you on Twitter, Facebook or LinkedIn or a mailing list, you are leading a tribe, which is just another way of saying you are a thought leader. As a suggestion, try to be focused and pick a topic or subject and build your "street creds" around that topic. Ignaz Philipp Semmelweis was a well known doctor, but history will always remember him for instituting hand washing as a part of patient care. Pick the crusade that is right for you!

The Security Thought Leader project is now in its third year. Over the years to come I hope to introduce you to some really great men and women. They will each meet the criteria we have defined ( with Wikipedia's help ) for thought leadership. And I could certainly use your help, what are the chances I know everyone that is a real thought leader for a field the size of information security in a world as vast as ours? ZERO. So, if you know someone special that has made a major contribution to the field, give me an introduction please,