What a Security Evangelist does, and why you need one

Here is a simple truth: You can create the most revolutionary product ever, but if you can’t get word about it out, you’ll fail.

Information security vendors employ security evangelists to help them connect with users, clients, and the community at large. This job title often gets a bad rep, and it’s frequently mistaken for an exclusively marketing role. In reality, plenty of professionals with a technical background sport this job title on their business card.

The person behind the job title

Our community is comprised of many talented individuals, involved in all sorts of roles, from CEOs to researchers and PRs. Over the years I interacted with exceptionally clever people in every single of those roles. One of them is Javvad Malik, a blogger turned analyst turned Security Evangelist working for AlienVault.

Security Evangelist

Javvad Malik in his office

In the last few years, Malik has emerged as one of the more effective communicators in our industry, in touch with both the research community and the corporate world.

He’s a sharp and passionate jack of all trades. You can watch him in security-themed YouTube videos with his daughter, see him running around with a video camera interviewing security pros at major conferences, always ready to discuss information security topics. He’s even an infosec pop star!

Being negative is easy – pragmatic analysis is hard. People respond well to simple, straightforward criticism, which is one of Malik’s strengths. It also makes him a natural choice for a security evangelist, and the reason I decided to pick his brain to find out more about this (often controversial) role.

The importance of the Security Evangelist role

While a carefully selected SE can help your organization communicate better, some will benefit from the setting up the role more than others.

“I’d say vendors should evaluate why they believe they need an SE and think about what they hope to get out of it,” says Malik. In other words, don’t create the role simply because your competitor did.

“The SE role shouldn’t be about marketing and generating leads. Rather, it’s about building good will in the community. It’s a slow-burn and companies should be committed to it for the long haul,” points out Malik.

I’ve met security evangelists that were technical, while others were merely marketing folks. Unlike the CTO role, the SE role can vary immensely from vendor to vendor. There’s essentially no defined job description.

“Technical or not, at the heart of it is the broad intention to communicate the value of security and how to implement it. It’s largely an educational and awareness-raising role that will vary based on the audience you’re targeting,” says Malik.

Good communication is undoubtedly very important in the information security industry. Not only do vendors have to regularly explain a complex subject to a wide audience, but they also need to collaborate with the infosec community in order to develop and establish their products.

A marketing budget can only get you so far. In order to build successful relationships, you need trust. This is what a security evangelist can help you with.

Communication is key

“The ability to communicate knowledge in a manner that doesn’t sound patronizing or will alienate the audience is key for filling the SE role successfully. This encompasses all forms of communication: verbal, written, with customers or potential customers, with the media and so on,” explains Malik.

With that in mind, if you have industry knowledge and you can communicate well, you have the pre-requisites to pursue a career as a security evangelist.

“The best aspect of my role has been getting the opportunity to really dig deep into what security teams want and what their most pressing issues are,” says Malik. In reality, a security evangelist doesn’t sell, his job is to share ideas and techniques, and brainstorm.

“There were times when people came up to me at conferences and commented on how one of my YouTube videos explained a concept to them that they were previously struggling with, or made them aware of a method they didn’t know of, or that their professor at the university showed them one of my videos in class. This kind of feedback is tremendously rewarding and I feel like I’ve made a positive impact,” says Malik.

Is there a specific infosec job you’d like to find out more about? Are you doing something our readers should know about? Let me know.

Don't miss