In today’s world, it’s no surprise that cybersecurity seems to grow more and more important to enterprises by the day. Practically not a day goes by without a new headline about a data hack, ransomware attack, or other cybersecurity breach. With the speed at which new threats develop, it’s essentially impossible for any one person to be 100 percent aware of every cyber threat out there. That’s why it is important for an organization to either appoint a single chief security evangelist or for the CSO to also function as an evangelist. By spreading the message of the cyber dangers affecting their organization, the chief security officer adds to the collective knowledge of the industry, arming other organizations with valuable insight, gaining important information from others, and strengthening the collective whole against the latest cybersecurity dangers. In other words, the role of the security evangelist is not only to speak, but also to listen.
To be effective, the chief security evangelist must know the products and services his or her organization offers inside and out. The chief security evangelist must understand all the possible use cases for the product, know the issues the customers are facing, and be completely informed of the road map for the product. The chief security evangelist must be comfortable interacting with users, clients, and the community at large. Each of these groups offers unique opportunities to communicate the value of security, how to implement it, and raise general awareness of security issues. They each also offer opportunities to receive information, such as how their brand is perceived in the marketplace. Product users, for example, will have a very different experience with the product than the C-level that chose to implement it, and each may be able to provide different but equally valuable feedback on potentially critical security issues. Collecting these various points of view gives the chief security evangelist the valuable opportunity to refine his or her messaging based on the medium and the changes in the marketplace.
The chief security evangelist should feel equally comfortable interacting with customers, trusted partners, and external communities. At work, the chief security evangelist’s peers may be the C-level, but the audience that it would be the most effective for the evangelist to reach may be “in the trenches” – IT Admins, SysAdmins, security admins, and those who deal with security issues on a daily basis. Most importantly when talking to a customer’s C-suite, the job of the chief security evangelist is to build relationships, be a trusted partner, and communicate best practices. When speaking to those who actually administer the product, it is equally significant for the chief security evangelist to demonstrate intimate knowledge of the technical aspects of the product and the key cybersecurity threats in the marketplace at the time, beyond the headlines. The security evangelist should not just know the names of all the latest malware strains, but how their attacks penetrate network defenses, how they modify files, and how they are remediated. It’s a tricky balance of very high-level and very specific information, but if the chief security evangelist can talk effectively about security at both ends of the spectrum, he or she will maximize his or her value to the organization. If all companies in the world had well-informed chief security evangelists who were equally skilled in taking in information as they were at sharing information, the world’s data would be that much safer.
The Code42 CTRL-Z Study 2017