The Role of the Chief Security Evangelist

The Role of the Chief Security Evangelist

In today’s world, it’s no surprise that cybersecurity seems to grow more and more important to enterprises by the day. Practically not a day goes by without a new headline about a data hack, ransomware attack, or other cybersecurity breach. With the speed at which new threats develop, it’s essentially impossible for any one person to be 100 percent aware of every cyber threat out there. That’s why it is important for an organization to either appoint a single chief security evangelist or for the CSO to also function as an evangelist. By spreading the message of the cyber dangers affecting their organization, the chief security officer adds to the collective knowledge of the industry, arming other organizations with valuable insight, gaining important information from others, and strengthening the collective whole against the latest cybersecurity dangers. In other words, the role of the security evangelist is not only to speak, but also to listen.

To be effective, the chief security evangelist must know the products and services his or her organization offers inside and out. The chief security evangelist must understand all the possible use cases for the product, know the issues the customers are facing, and be completely informed of the road map for the product. The chief security evangelist must be comfortable interacting with users, clients, and the community at large. Each of these groups offers unique opportunities to communicate the value of security, how to implement it, and raise general awareness of security issues. They each also offer opportunities to receive information, such as how their brand is perceived in the marketplace. Product users, for example, will have a very different experience with the product than the C-level that chose to implement it, and each may be able to provide different but equally valuable feedback on potentially critical security issues. Collecting these various points of view gives the chief security evangelist the valuable opportunity to refine his or her messaging based on the medium and the changes in the marketplace.

The chief security evangelist should feel equally comfortable interacting with customers, trusted partners, and external communities. At work, the chief security evangelist’s peers may be the C-level, but the audience that it would be the most effective for the evangelist to reach may be “in the trenches” – IT Admins, SysAdmins, security admins, and those who deal with security issues on a daily basis. Most importantly when talking to a customer’s C-suite, the job of the chief security evangelist is to build relationships, be a trusted partner, and communicate best practices. When speaking to those who actually administer the product, it is equally significant for the chief security evangelist to demonstrate intimate knowledge of the technical aspects of the product and the key cybersecurity threats in the marketplace at the time, beyond the headlines. The security evangelist should not just know the names of all the latest malware strains, but how their attacks penetrate network defenses, how they modify files, and how they are remediated. It’s a tricky balance of very high-level and very specific information, but if the chief security evangelist can talk effectively about security at both ends of the spectrum, he or she will maximize his or her value to the organization. If all companies in the world had well-informed chief security evangelists who were equally skilled in taking in information as they were at sharing information, the world’s data would be that much safer.

 

Now is the Time for CSOs to Assess Crypto-Attack Readiness

We are witnessing a new wave of crypto-cyberattack. WannaCry has moved on, and Petya (also dubbed “NotPetya” and “GoldenEye”) is now in town. This new crypto-attack is creating havoc among enterprises throughout Europe and it is quickly making its way to Asia and into the U.S. So far, Petya has triggered floods of threats and ransom demands. It may not even be true ransomware – it may actually be a “wiper” attack or even an act of cyber warfare.

Given the heightened concern of how these crypto-attacks are upsetting the enterprise, it is appropriate to state that the risk associated with this threat category has increased. CSOs, CIOs, security team, and risk management decision-makers should prioritize this risk differently now than they have done in the past.

I am inclined to believe CSOs across enterprises are assessing their preparedness in handling this type of risk in both proactive and reactive mode. This is a moment in which leaders should be devoted to evaluating and assessing their current security posture, regardless of whether they have been affected by this malware.

CSOs evaluate their risk to the organization as a combination of probability and impact. Now is the perfect moment for CSOs to ensure they have appropriate coverage in all of their critical endpoints. When their assessment reveals their current state of inappropriate endpoint coverage, it is time to consider the probability their enterprise could be affected by such an attack, as well as the potential impact if and when such an attack strikes.

At Code42, we are available as subject matter experts to help assist customers with security preparedness. We are available to lend our expertise, as well as to help determine the percentage of endpoints in their organizations that may be at risk. Now more than ever, security should be top of mind for everyone in the C-suite. At Code42, ensuring that enterprises have appropriate coverage of their critical endpoints is what we live for. Reach out to us today if you have questions on how we can assist with your security preparedness.

Facebook Twitter Google YouTube