With the risk of cyberattacks on the rise and demand for security education skyrocketing, many security analysts are finding themselves transforming to security evangelist roles.
Whereas security analysts are typically confined to risk management or the CISO's team, security evangelists get to step outside their comfort zone to work across teams such as marketing and communications.
The Journey From Analyst to EvangelistFormer Gartner analyst Jeffrey Wheatman joined security vendor Black Kite as its first "cyber risk evangelist" in March. Wheatman brings decades of cybersecurity and risk management knowledge to the role in attempting to accelerate Black Kite’s strategies in third-party risk management, according to a company statement.
Prior to Black Kite, Wheatman was the VP of Gartner's cybersecurity and risk management group for more than 15 years where he helped the firm's clients improve their information security and IT risk management programs.
Black Kite was one of the vendors Wheatman worked within the security rating service market at Gartner. He and Black Kite’s leadership both saw third-party risk and extended-ecosystem risk becoming a huge problem. Now that he's at Black Kite, he can focus on this subset rather than tackling a range of security problems as he did while at Gartner.
Wheatman's former colleague Augusto Barros had a similar journey after moving to the vendor side two years ago when he joined Securonix.
Barros had slightly different reasons to move to the vendor side. He worked at Gartner for more than five years as a VP research analyst. Prior to that, he mostly focused on security consulting.
“I never worked for a solution provider. ... It was something that started to get my interest,” Barros told SDxCentral, adding he wanted to apply his knowledge and perception of security to help build a product.
At Gartner, he had opportunities to talk to vendors about their products and vision and had the visibility of which ones are “trying to help customers in the right manner,” he explained.
Back then, he saw major trends in the user and entity behavior analytics (UEBA) market, including the convergence of UEBA and security information and event management (SIEM) technologies delivered from the cloud. Securonix is one of the vendors that executed that trend well, he said. “That’s what made me pick Securonix as the defender to join,” Barros said.
What Does a Security Evangelist Do?Barros shared what his typical week looks like as a member of the product marketing group within Securonix. He communicates with the marketing team and reviews documents to make sure that they deliver the right product messages. He also represents the vendor at various events and conferences where he presents their technology developments, threat research, and security market analysis.
Another of Barros' responsibilities is to inform the chief strategy officer and other executives about the recent trends, threat changes, and customer pain points based on his readings, research, and conversations to make sure the company’s roadmap is aligned to the trends, he explained.
Wheatman also supports the sales team on standard Black Kite messaging.
One of the roles of an evangelist is to get the word out through presenting at events, blogging, webinars, and reports, he noted. “My goal as an evangelist is to get the message out that third-party risk, extended-ecosystem risk is a huge problem for everybody.”
Plus, he also helps standardize how these problems can be solved, Wheatman added. “I’ve seen a lot of technology markets crash and burn because there's a lack of consistency about how the problems are defined.”
Because of this, Black Kite works with shared assessments groups, supply chain risk groups, and the federal governments to define the third party and enterprise risks, he added.
Why Do Security Vendors Need an Evangelist?Beyond telling customers and prospects why the vendor’s solution is better than competitors, security evangelists also help to clarify what type of technology meets their needs, Barros said.
“I think that's where the evangelist ends up being useful for the market, [it] is making them aware that our solution exists, and what it delivers, and how we can help them,” he added.
“Sometimes the question is not only what a type of technology is [but also] do you need a service, do you need to hire someone to do that for you, do you need the technology to do that yourself?” Barros explained. “There are many questions around that and I think that's where the evangelist can help.”
For security vendors, evangelists can make sure their products are aligned with customers' needs and demands.