So after three years of internal debate, I finally decided to join Twitter.
Prior to a couple of months ago, I simply did not see the benefit of joining Twitter and, as such, decided against it (granted much of this had to do with my ignorance).
To me Twitter was just another website I had to worry about collecting my personal information with very little insight as to their Information Security/Privacy Policies and Procedures and Controls.
The main reason I finally gave in is I have since resigned from my previous position and no longer have access to the technical security resources that I once did. Upon my departure, I asked my technical resources where they received most of their information security news and they each responded with “by following others on Twitter”.
So after 23 followers, following 62, and 9 tweets later, I am now part of the Twitter community (@AWeidenhamer).
So where am I going with this and how does any of this have anything to do with the title of this blog? Up to this point I have had mixed feelings about Twitter. Although, it is a very good resource to stay up-to-date on Information Security related topics, it’s also a playground for people to push their own agendas and let everyone else know how sweet and smart they are.
Some of the Security Professionals I follow literally tweet multiple times every half hour. Some of the tweets are simply retweets of the tweets that the person posted a half hour prior (if that makes sense). At times, it feels like spam. It’s difficult and time consuming to actually wade through all the tweets that are useful and those that are not.
Many of the compulsive Information Security tweeters call themselves Security Evangelist and some even hold this as an official title for their respective companies. These people possess quite a bit of information security knowledge and are typically very well ingrained within the Security Community (as I’m guessing is part of what they are paid to do).
I often wonder is Evangelist really the right title for these individuals. Perhaps “Strategic Marketer” or simply “Intelligent Information Security Professional and Educator” would be more appropriate. Most of the companies that actually hire a fulltime FTE to hold the “Security Evangelist” title are doing so for marketing and sales purposes.
In other words, many tweets and conference presentations are based on topics in which the respective company has a solution for (i.e. Mobile Device Management, Server Consolidation, Bandwidth, etc).
I think if you actually research the origin of Evangelism, most would agree this term was used originally to preach the Christian gospel with the main goal being to CONVERT. Considering that the main audience for these quote unquote “Security Evangelists” is to the security community, I’m not entirely sure how much conversion is actually happening as we all understand the importance of security.
To me it would be more evangelistic to tweet and present on Information Security topics to those that do not understand the importance of security. CEO’s, line-of-business managers, human resource personnel would all fall into this category to name a few.
Perhaps it would be more evangelistic to speak at a Forbes CEO Conference as opposed to Defcon or BlackHat. Obviously, the specific conference would have to accept CFP’s based on these sorts of topics.
This blog isn’t meant to offend anyone and especially those that actually hold this title. As already mentioned, many of these individuals possess quite a bit of information security knowledge and many have contributed greatly to the community.
However, it’s very difficult, in my opinion, to be evangelistic if the main audience is of that of your peers and many seem to be pushing a company agenda. I suppose it would be possible to be an ENTER COMPANY NAME HERE Security Evangelist.
If the only qualifying point to be a “Security Evangelist” is to promote Information Security, than all Information Security professionals are evangelists. I am Andrew Weidenhamer, QSA, CISSP, CISA, CIPP, PA-QSA, and Security Evangelist.
- Andrew Weidenhamer