What does a Security Evangelist actually do?

For much of 2013 I was F5’s security evangelist. It’s a fun title and a very interesting role. To those outside the tech industry, or even those outside the security industry, the role can require some explanation.

So what does a Security Evangelist do? Instead of trying to explain it, perhaps it’s easier to see what kept me busy during 2013.

Spoke at 8 conferences. Giving a talk at RSA Europe in Amsterdam was a professional highlight for 2013. I had been preparing for this talk for two years and it went quite well: 96% of the feedback forms said the talk was either Excellent or Very Good.

Then there was the panel about elliptic curve cryptography hosted at a nightclub in San Francisco with very convenient access to the bar afterward. It should go without saying that an evangelist (of any kind) should be good at public speaking. If you need practice (and everyone still says um too often) visit your local Toastmasters group.

Others conferences that I got speak at were the Cyber Security Symposium in Sacramento, a couple of marketing events in London and Sao Paulo and the Gartner Data Center conference in Las Vegas.

Spoke at 5 User Groups. User Groups are my favorite part of evangelism! Some of the sales people heard that I really like baseball, and as the year progressed they started scheduling user groups at baseball fields around America! So we would have a good talk about security at a field and then watch the game afterward. I saw 5 different ballparks in 2013 – PNC, Kansas City, Wrigley Field, Yankee Stadium and Oakland Stadium. I’m looking to continue this trend in 2014, salespeople Hint Hint!

I never watch myself on video. I don’t know why. Even though they say I’m pretty good I just can’t deal with it. Being on camera is part of the Security Evangelist job, too. In 2013 I did three video podcasts with the awesome guys at devcentral.f5.com, at least one video interview with F5’s own roving reporter, Pete Silva and an extended video interview for USA Today.

Then there was the popular Webinar on Hacktivism for SC Magazine. I talked a bit about the famous patriot hacker “The Jester” and poked a little bit of fun at the hacktivist group “Anonymous.” When it was time for Q&A all the questions I got were from Anonymous members! OMG I had to backpedal so fast. I didn’t want to end up like Mat Honan. Sadly this webinar isn’t available anymore or I would recommend you watch it just to see me squirm at the end.

Every now and then I’ll run into Jim Manico, of OWASP fame. He supports user groups as well, and we’ve hung out in London and Amsterdam. I just missed him in my hometown of Denver, where he partied with Jericho (see weird picture with @attrionorg).

Wrote 5 Whitepapers. Whitepapers are the hardest part of the job, in my opinion. It is difficult to write at that level. Here are the papers from 2013.

Speaking of writing, in 2012 I wrote five magazine articles but in 2013 just one.The 2013 article was “How Do we Get out of the DNS DDoS Trap” in Network World. It was a response to the largest DDoS attack the world had seen – also known as the Spamhaus attack.

Briefed 7 industry analysts. Back when I was a developer I did not understand the amount of influence that analysts really have in the industry. I’m not just talking about stock-price influence. Customers really do listen to analysts and therefore it’s important that analysts understand your optimum position. In 2013 I briefed analysts from Gartner, IDC and Forrester and others.

Engaged 30 individual customers. Engaged, not enraged. Okay some of them are enraged. Haha. Customer Engagement is probably the “biggest” part of the evangelist’s job. It’s a sales support function. If you have something interesting to say, then people will want to hear it. So there are specific roadshow events and then just collections of customers to visit. I used to sweat before each individual visit, especially if it was a high profile brand. However, what I’ve found is that you never know (you never know) how the meeting will go. They might tell you that the customer wants to talk about one thing but you get in there and it turns out they really want to hear about something entirely different. So after a while you just fly in and wing it. And you know what? If you know your stuff you’ll be fine.

Visited 25 cities. With all the conferences and customers, I travelled over 150 days and 150,000 miles. Eight countries on 4 continents. Here’s a ridiculously cheesy 90-second video tribute to my 2013 travels. I always try to make time to do the touristy thing when I’m traveling so I saw probably a dozen different museums in Europe (including a torture museum), a half-dozen cathedrals, a glow-worm cave in Australia, and ate some great beef in Sao Paulo. Not a bad year, tourist-wise.

Fished three of America’s great rivers. Okay, this isn’t related to Security Evangelism AT ALL but I did hire guides to float the North Platte river in Wyoming, the Yellowstone river in Idaho and the Gunnison in Colorado. One of my resolutions for 2014 is to spend more time fly fishing.


So that’s a year in the life of a Security Evangelist: lots of speaking, writing and traveling. The glamour of all the cool travel is a definitely a perk.

I do want to leave you with one story though. Sometimes instead of just engaging customers or mesmerizing crowds, you have a neat moment like this one:

I was on a call with a customer – their network team and security team were at odds over a new architecture. The network team loves F5, but the security team doesn’t (this is changing but still happens). I established my security credentials and then gingerly took the side of the network guy (our champion in this sale). The security team pushed back and I eventually come around to their position from a security perspective. At the end of the call both teams agree on some changes to the new design and move forward. Why do they have to have a security evangelist help two teams (who work for the same company) agree on a project? Because sometimes people need a third-party referee who can see both sides. That’s what a security evangelist can do on a sales call.

There are a hundred other stories that come with being a security evangelist but this blog is already way too long. I’m looking forward to getting out on the road so look for me evangelizing near you in 2014.


Connect with David:Connect with F5:
        
Published Jan 09, 2014
Version 1.0
  • The quality of the podcast always trends higher when you're around, Dave!