Insider: The world of security evangelism

Insider: The world of security evangelism

For some, when you think of evangelism, you imagine sales and thinly veiled product placements. For those used to dealing with evangelists, such as the media, there is far more to the position than sales. We recently got a chance to speak to HP’s new security evangelist, Rafal Los, to talk about his new position and security evangelism as a whole.

At The Tech Herald, we have tapped Los for Web Application Security commentary on more than one occasion. The reason is simple; he offers information in easy to follow segments and is blunt in his delivery. While he is a known employee of HP, he always avoids pitching products to us when we ask him for information. To be honest, we have to actually mention HP before he will explain their take on things.

Still, there are plenty of misconceptions in the IT industry when it comes to evangelism. Most of this is due to the close ties that evangelists have to the sales and marketing teams within a company. At the same time, the bad reputation that some evangelists have is due to how they are utilized by their bosses.

Take for example Ryan Naraine and Dennis Fisher, who are Security Evangelists for Kaspersky Labs. They are respected reporters, and never once have they blatantly pitched Kaspersky, despite countless articles written between the two of them on anti-Malware related topics.

Other examples of positive evangelistic usage, based on our experiences with them, come from Sean-Paul Correll, who is with Panda Labs, and David Perry from Trend Micro. There are some bad examples as well, but we will avoid naming them here. They know who they are.

While in Las Vegas for BlackHat last month, we caught up with Los to talk with him about his new position. We asked about his initial thoughts when he was tasked with the job, as well as some of the drawbacks to his position and common misconceptions.

Overall, he was pleased and excited with the new position, but then again, he has been a vocal supporter of Web Application Security for years.

“There is a ton of opportunity, and I think I’ve got my work cut out for me. There’s a lot of work to do, industry awareness, internal awareness, and just evangelism in general,” Los said.

So what are the drawbacks to his new job?

“The biggest personal drawback is the travel and that it keeps me away from home and my routines. On a professional level, the responsibility of being an "evangelist" (essentially the public-facing entity for an entire organization's message) isn't simple either,” he explained.

His role means that he has to mesh HP’s business strategy and industry trends, all while balancing it “…against what really helps our customers succeed through a message that makes sense, and isn't perceived as pushing an agenda. That is certainly not trivial.”

“Being an evangelist means breaking through the agenda-based forces that divide the security industry along vendor lines, create confusion for businesses, and act as a barrier to their success, and it's tough.”

So is this selling out? Los doesn’t see it that way at all.

“I think that this is the exact opposite of selling out. Selling out would be doing the everyday thing, right? Being the sales guy,” he said. “This is something I’m passionate about, something we’re [HP] passionate about, and to us it’s a big deal.”

Two of the most common misconceptions are that security evangelist is just another name for a sales role, used to further the HP agenda, as one person put it to him, and that a company as big as HP just won't take this seriously.

“Both couldn't be further from the truth,” he said. “It's amazing how many people have already rushed to provide assistance, support, and opened doors internally and externally for me to get the message out. Frankly, I can't wait to prove the doubters wrong.”

HP will give Los a lot of latitude to talk about what is relevant and what’s important over what sells he told us. While HP sells Web Application security appliances and software, “it’s more important to us, as an organization, that our customers and the industry realize that Web Application Security is a big deal.”

The first thing he wants to tackle is breaking security out of the security silo.

“I know, it's been said before but no one's doing anything about it! We scan, test, and collect vulnerability metrics and no one cares outside the security organization. The risk level doesn't actually drop, yet we pat ourselves on the back as we fail the business. Becoming an integral part of the 'business of IT' is something security must learn to do, and it's more than just tools (products). It requires a level of thinking most organizations are afraid of.”

To Los, this means that security must become a sub-topic of quality testing. 

"Think about that. Overall software quality should have three components or three questions it answers: Does it work? Does it perform? Is it secure?  If any of those three fail it's a loggable, traceable, reportable and fixable defect."

Essentially, Los told us, the process is one of Application Lifecycle Management, and security swallowing its pride and becoming a component of software quality "rather than trying to continue to fail on its own."

Los has blogged and spoken publically about security topics that range from Web Applications to common IT mistakes. This new role at HP is in reality positive recognition for the advice and insight he has offered to the community for years in an unofficial capacity. 

It won’t be easy. It will be a serious challenge, and that’s something he lives for.


Like this article? Please share on Facebook and give The Tech Herald a Like too!

From our Other Sites

Man Makes Tiny Edible Pancakes with Tiny Kitchen Tools (Video)

This Japanese guy cooks up some pancakes…nothing special there right? Well he uses tiny implements to do it and makes perfect little pancakes. Kinda cool and they look tasty!

What Color is this Dress?

White and Gold or Blue and Black?
Well this one has been trending all over the web, just what color is this dress? It all started in Scotland when the mother of a bride-to-be sent a picture to her daughter asking what she thought of the dress. The bride and groom each saw the image differently, this then got posted online and picked up by some viral sites. The lighting in photo is probably  causing different people to see it as either white and gold or blue and black. Prof Stephen Westland, chair of color science and technology at a University in the UK told the BBC that it was impossible to see what other people see but that it was most […]

McLaren 675LT Pictures

Some great shots of the forthcoming McLaren 675LT. This coupe will get you to 60mph in less than 2.9 second and go all the way to 205mph.

McLaren 675LT Details

McLaren’s 675LT will debut at this year’s Geneva show and promises some eye-popping performance. The coupe only 675LT has a 3.8 liter V8 that will get you from 0-60mph in less than 2.9 seconds and to 124mph in less than 7.9 secondsMore than a third of the parts have been changed compared with its stable mate […]

McLaren 675LT Wallpaper

Some cool McLaren 675LT Wallpaper. The McLaren 675LT is the latest coupe to come from the supercar maker and has a top speed of 205mph.Click on an image to open a page with multiple sizes that you can download to use as wallpaper for your mobile or desktop.More McLaren Wallpaper.

Octopus hunts on land, grabs crab (Video)

This crab is minding its own business searching the rock pools for food when suddenly an octopus leaps out of the water and grabs it. The amazing thing is that the octopus does not just jump on the crab it actually pulls it all the way back to the rock pool it came from. If you check the second video you will see it is not unknown for octopus to come out of the water and the one in the second video has a crab with it, though is not hunting one! Octopus Walks on Land at Fitzgerald Marine Reserve The video was taken by Porsche Indrisie in Yallingup, Western […]

Stunning Mars Rover Selfie

This image by the Curiosity Mars rover is not exactly your typical selfie. It is made up of a bunch of images taken by the rover during January 2015 by the Mars Hand Lens Imager. This (MAHLI) camera is at the end of the robot’s arm. For a sense of scale the rover’s wheels are about 20 inches diameter and 16 inches wide. Check the annotated image below for more information on the surroundings. Also if you really want to see some detail click this very large image, 36mb, at NASA.  

How the Sahara Helps Feed the Amazon (Video)

Sahara to Amazon
This cool video from NASA shows how dust is transferred across the Atlantic to the Amazon rainforest and helps nourish the plants growing there. For the first time scientists have measured the amount of dust and the amount of phosphorus in the dust. The later acts like a fertiliser and helps replenish the phosphorus the rainforest loses each year, around 22,000 tons. Amazing how something we perceive as being desolate like a desert actually has an important role in sustaining somewhere we see as teeming with life. Image and video from NASA’s Goddard Space Flight Center.

Bouncing Laser Guided Bomb (Video)

This amazing video shows a laser guided bomb bouncing back up after hitting its target. We actually think this is a non-explosive bomb designed to test guidance systems but it is still pretty remarkable and somewhat scary.

South Koreans Swallowed by Sinkhole (Video)

Thankfully the couple survived their adventure.
This amazing footage taken from the CCTV on a passing bus shows the moment two pedestrians in South Korea fall down a sinkhole in the street! Rescue workers managed to save the pair, who were treated in a nearby hospital for minor injuries. According to reports the city authorities and the Korean Geotechnical Society are looking into the cause.