Welcome!

Security Authors: Pat Romanski, Elizabeth White, Liz McMillan, Vincent Brasseur, Gilad Parann-Nissany

Related Topics: Cloud Expo, SOA & WOA, Virtualization, Security

Cloud Expo: Article

Most Powerful Voices in Security

Who are the Top 25?

The security community has a growing number of influential and important people, especially as the industry rises to meet the need to address more advanced security threats, such as targeted attacks. But how does a company in the security industry truly identify the influential people? And then once identified, how does one use influential voices to help promote their brand? In this study, we answer the first question - how to identify the most powerful voices in your industry, focusing on the security space, and as part of this we provide you a list of people to follow for the best, most up to date information, and who have the loudest voices to help help carry some of your key messages. In a future study, we will discuss how to further exploit that knowledge to market your brand.

As executives in a fast-changing and social world, many of us struggle with the ability to have our voices heard by our target customers, especially as news in our industry is gaining more attention (e.g. a "hot space"). You would think that if you were a part of an emerging category, that people would pay attention to you. However, getting above the "noise" is a problem for some companies.

Until now we've found ourselves using traditional and often ineffective marketing and sales tools. With firms like Radian6, Eloqua, Marketo and the like, CMOs are being presented with new ways of leveraging social networks to understand, target, and reach their markets.

According to leading researchers, some individuals in your target industry have greater influence than others, holding a virtual megaphone powered by their social graph. The term "social graph," coined a few years ago by Facebook CEO, Mark Zuckerberg, is also referred to as the "open graph," and is used to describe an aggressive initiative to connect the dots between the relationships and associations built on Google+, Facebook, Twitter, Linkedin, Foursquare, other public social networking services, and emerging private enterprise social networks like Salesforce's Chatter, Yammer, and others. Emerging companies like Klout also use the open graph to measure the number of people you reach, how much those people amplify your message, and ultimately the strength of your network.

When you look at established industries like Security, more well-known people, like executives of incumbent security companies, are considered the influencers, while others who are less known exist in niches in the blogosphere or in newly formed circles. Examples of niche groups might include the Cloud Security Alliance, or U.S. congressman Mac Thornberry's Cybersecurity Task Force. You can argue that some people in these niche groups might not even be considered security "experts" or "thought leaders". However, by being associated with an area which is highly visible from a security perspective (e.g. cloud), their voices can still carry significant weight.

Our thesis is that these smaller groups in security can have the most powerful voices. Collectively; however, ALL these groups consist of a number of the most vocal, most followed and re-posted commentators in the security community today. If you are involved in security (as a new startup or an established player), there are a select number of people you need to know.

In compiling our ranking of the Most Powerful Voices ("MPV") in security, we took advantage of concepts similar to Google PageRank for people, working with researchers and thought leaders such as Mark Fidelman (see "The Most Powerful Voices in Open Source").

The metrics needed to measure both broadcast power and profundity were identified through a number of studies performed across several industry categories. Although there have been many advancements in the area of social marketing, the work presented here still requires techniques not yet offered by any single social graph tool available today.

The MPV formula is based on "reach" by examining the number of followers and buzz an individual has on sites like Google and Twitter. We then determine how much impact an individual has with their followers and subscribers. We ask questions like: If you have a twitter account, how often are you uniquely referenced, or retweeted? How much buzz is created around your blog posts, tweets, Quora answers, Linkedin groups, and other messages? How often is an individual referenced in the blogosphere?

Top Executive Voices in Security
The MPV formula illustrates how much additional broadcast power an individual has versus an average active person (defined later). For example, Eugene Kaspersky, CEO of Kaspersky Lab, has 5,035 times more broadcast power reach than the average person, while Enrique Salem, CEO of Symantec, has a respectable 855 times more broadcast power than the average person. At the surface, security executives are good targets when searching for powerful voices. However, most, if not all, powerful executives are governed or constrained on what they can say. You won't find CEOs of publicly traded companies providing transparent dialog about their opinions on controversial topics (although Leo Apotheker, CEO at HP, may prove me wrong on one or both of these points). In addition, it's quite difficult to get executives to speak on your particular topic, or about your brand. [Note: We included Ex-CEO from McAfee, David DeWalt, because we assume we'll hear of his next high-profile placement and we can update the company then].

Top Media/Blogger Voices in Security
Then there's the power of active security bloggers like Bruce Schneier ("Schneier on Security") who has a voice which is 8,252 times the average. Yes, that's more than Eugene Kaspersky! Why? Because he's willing to speak his mind on topics where people want transparent and insightful perspective. Also, a dialog can occur between the average person and a blogger. It's easier to reach even the most well known bloggers or editors of news and media properties.

Top Voices in Cloud and Security
We looked at the top 100 voices in cloud computing and searched for those discussing security. Some voices were found to be as high as 5,700 times the average person. As an example, Reuven Cohen, founder and CTO of Enomaly, may not be solely focused on the security industry, but security is the number one issue when it comes to cloud adoption. So why is Reuven's voice stronger than Eugene Kaspersky? We speculate that this is based on the fact that Reuven is a very ungoverned and vocal voice at an early-stage startup, and that the audience for these voices may assume that startups generally help define the trends and direction of the industry.

Top Government Leaders and Security
We debated whether to include government officials due to their more general public following. Government leaders have a much different audience than those following security executives. However, many government officials are actively involved in security. For example, Susan Collins, who is a ranking member of the Homeland security and Governmental Affairs Senate Committee, is a co-author of comprehensive cybersecurity legislation, which resulted in much debate in prominent media outlets such as Forbes and the Washington Post.

In addition, as we searched for people who are addressing topics in cyber security, we found people such as U.S. Representative for California's 49th congressional district, Darrell Issa and, of course, the 30th Deputy Secretary of Defense, William Lynn III, who currently maintain voices 31,195 and 25,935 times that of the average person, respectively.

Therefore, we ultimately decided to include government officials because when they communicate they generate a lot of attention.

Chief Information Security Officers
Our survey of over 100 CISOs resulted in the top 10 voices exceeding 1,300 times  that of the average person (e.g. See Mandiant CSO, Richard Bejtlich, and Facebook CISO, Joe Sullivan). CISOs or CSOs are prominent figures in the enterprise now. With the rise of advanced persistent threats (APTs), these executives are under growing pressure to lock down their company's intellectual property. In our recent discussions with several Fortune 100 CISOs, some believe there are several APTs lying dormant and undetected in their enterprise today. Look at the recent example of a highly sophisticated and targeted attack on Google's corporate infrastructure originating from China that resulted in the theft of intellectual property back in early 2010.

Therefore, when CISOs transparently talk about their findings (which may not happen often due to security reasons!), people will listen (see Yahoo! CISO, Justin Somaini's, survey on Information Security Function, Governance and Risk Management, Culture and Communication, Metrics and KPI's).

Security Analysts
Lastly, we surveyed over 75 of the top security analysts with the top 10 having voices which ranged from 347 to 710 times the average person. This is no surprise when you see analysts like Gartner's Neil MacDonald openly discussing sensitive topics like what RSA did wrong following the SecurID breach earlier this year.

The Most Powerful Voices in Security

(see the table below infographic for #1-#100)

Most Powerful Voices in Security

The Rest of the Top 100

Keep in mind the rankings are relative to the others on the list. That means everyone on the list has a much higher criteria impact than the average active person. Also, note that most of the dimensions that make up the MPV are from the past 90 days.

Rank

Most Powerful Voices In Security

MPV Score

1

Darrell Issa

1,405,336

2

William Lynn III

1,168,351

3

Bruce Schneier

371,731

4

Brian Krebs

261,450

5

Reuven Cohen

257,846

6

Eugene Kaspersky

226,808

7

Graham Cluley

224,717

8

Susan Collins

212,000

9

Werner Vogels

210,574

10

Christofer Hoff

122,306

11

Jeremiah Grossman

104,862

12

Richi Jennings

100,294

13

James Hamilton

80,600

14

Jeff Jones

75,658

15

Richard Stiennon

73,186

16

Stephen Foskett

72,678

17

Kevin Poulsen

72,158

18

Dana Gardner

67,704

19

Robert McMillan

66,140

20

Sramana Mitra

59,920

21

Richard Bejtlich

59,761

22

David Harley

57,098

23

Paul Miller

56,050

24

Dino A. Dai Zovi

53,015

25

Bret Hartman

49,820

26

Lenny Zeltser

48,171

27

Paul Henry

43,185

28

Brian Gracely

42,800

29

Alex Williams

42,105

30

Chris Wolf

41,252

31

Simon Crosby

40,124

32

Enrique Salem

38,520

33

Kim Zetter

37,496

34

Dan York

37,474

35

Krishnan Subramanian

35,901

36

Lori MacVittie

35,661

37

Todd Gebhart

35,330

38

Tyler Shields

34,912

39

David Kravets

33,481

40

Andrew Hay

33,136

41

Jay Radcliffe

32,285

42

Neil MacDonald

32,000

43

Branden Williams

31,810

44

Rich Mogull

31,131

45

Dr Anton Chuvakin

31,088

46

Dave Hansen

30,900

47

John Pescatore

29,650

48

Tim Wilson

29,430

49

David DeWalt

28,930

50

Scott Stewart

28,295

51

David Lacey

28,020

52

Bernard Golden

27,181

53

Patrick Murray

27,010

54

Dan Goodin

25,880

55

Derrick Harris

25,251

56

Avivah Litan

25,180

57

Matt Flynn

24,314

58

Abhishek Singh

23,610

59

Mac Thornberry

22,950

60

Tom Ritter

22,310

61

Scott Charney

21,850

62

Siobhan Gorman

21,120

63

Ellen Rubin

20,862

64

W. Mark Brooks

20,730

65

Greg Young

20,666

66

George Kurtz

20,615

67

Andrew Storms

19,130

68

Bob Blakley

18,540

69

Joe Sullivan

18,120

70

Mike Murray

17,922

71

Brian Babineau

17,913

72

Jessica Davis

17,790

73

Rob Rachwald

17,590

74

Dustin Amrhein

17,116

75

Mike Rothman

17,047

76

Luther Martin

16,910

77

Steve Ragan

16,790

78

Jon Oltsik

16,723

79

Tony Palmer

16,510

80

Eric Hall

16,204

81

Ian Glazer

15,884

82

Robin Wilton

15,644

83

Jim Reavis

15,584

84

Colin Watson

15,560

85

Phil Wainewright

15,551

86

Lauren Whitehouse

15,237

87

Kevin L. Jackson

15,130

88

Tom Cross

15,030

89

Earl Perkins

14,530

90

Ignacio M. Llorente

14,429

91

Mark Diodati

13,910

92

Barton George

13,898

93

Chirag Mehta

13,808

94

Eva Chen

13,600

95

Dan Blum

13,180

96

Jay Heiser

13,120

97

Mark McLaughlin

13,050

98

Byron Acohido

13,026

99

Nikolay Grebennikov

11,360

100

Kevin Kampman

9,600

Our study included over 140 security company executives, 320 bloggers and people in media, 100 of the top people in cloud computing, 30 people involved in specialized organizations like IBM's X-Force, over 20 government officials, over 130 leading CISOs, and 75 industry analysts from notable firms such as Gartner, IDC, Forrester, ESG, and others. In total we researched over 800 people.

Please note that our ranking is not the final word on the subject, but the beginning of a discussion. For example, a Director at Symantec (who will remain anonymous) assisted us in double-checking our work, and couldn't help but be of the opinion that Enrique Salem, Steve Trilling, and Rowan Trollope belong as 1-3 on every list (lol). So why isn't Michael DeCesare or George Kurtz from McAfee on the list? Eva Chen from Trend Micro? Harriet P. Pearson, Nick Coleman, or Phil Neray from IBM? Did we miss anyone? You maybe? What did we get wrong? Please give us your thoughts by commenting below.

Other MPV Criteria

Must be an active social media individual now (Buzz metrics were taken from last 90 days).

We included corporate twitter accounts only when it was clear that it represents the voice of the individual.

They are known to speak on topics within the security community.

We removed irrelevant hits where necessary such as those for similarly-named individuals.

We're defining the average active person as an active Internet user with an average level of impact, influence and use of social tools.

Next Steps

Are you wondering why some people made it on the Top 100 when they have less to do with security than others who didn't make the list? We hypothesize that a strong voice (who may not be a security expert) can actually speak to an audience who does care about security. In this case, they may be more useful than a week voice (who is an expert). Sure, we want to follow the experts and thought leaders to gather further domain knowledge, trends, and vision. But lets take the use case where you would like to challenge the status quo on a security topic....say, in the cloud computing space. Do you engage Eugene Kaspersky on the topic? Maybe.  But maybe you also engage Paul Miller. In a future study, we will discuss how to further leverage your network of influencers.

Be Proud If You Are In a Top Category

Are you one of the "Most Powerful Voices in Security"?

Add a note or a badge (below) to your website or blog to let people know that you are one of the most powerful voices in the security community.

Follow some of the more vocal security voices by automatically adding our twitter list here.

 

More Stories By Jim Kaskade

Jim Kaskade is CEO of Infochimps. Before that he served as SVP and General Manager at SIOS Technology, a publicly traded firm in Japan, where he led a business unit focused on developing private cloud Platform as a Service targeted for Fortune 500 enterprises. He has been heavily involved in all aspects of cloud, meeting with prominent CIOs, CISOs, datacenter architects of Fortune 100 companies to better understand their cloud computing needs. He also has hands-on cloud domain knowledge from his experience as founder and CEO of a SaaS company, which secured the digital media assets of over 10,000 businesses including Fortune 100 customers such as Lucasfilm, the NBA, Sony BMG, News Corp, Viacom, and IAC. Kaskade is also one of the Top 100 bloggers on Cloud Computing selected by the Cloud Computing Journal.

Comments (4) View Comments

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


Most Recent Comments
JimKaskade 09/14/11 03:43:00 PM EDT

MATT FLYNN comments, ...."[This is a list] based on reach and not knowledge, usefulness of analysis, or trustworthiness."....and that "the word 'influencers' brought me right back to Gladwell's book The Tipping Point and made me wonder if this is really a list written for marketers rather than for security decision makers. Even if that is the case, then it's probably a good idea to follow the people on the list as they might identify emerging trends - perhaps by analysis, but as Gladwell points out, perhaps by causation (whether intentional or not)." http://goo.gl/oyiuw

JimKaskade 09/14/11 10:45:00 AM EDT

Kim Zetter says that aside from Bejtlich, most people on the list are people she doesn't listen to at all, and that some of the smartest and most influential people are the ones who don't have a public persona at all.

I can't argue with Kim. I think the security space is inherently low-key. I recently met with a security expert who works a lot with the government. He purposely has NO presence on the web...no social graph.

So there are maybe three camps here...the unspoken, but influential (which Kim refers to), the very vocal (who generally are less of an expert), and then there are those who are well-known in security and vocal.

JimKaskade 09/13/11 10:05:56 AM EDT

Justin Somaini, Yahoo! CISO, had a great point yesterday. "It is interesting that people who actually "do" security are much lower than those who just talk about it. That begs the question if the industry is a self fulfilled prophecy of self exploitation. Unless the conversation is based on substance then we end up with an over discussed and incorrect problem. ala APT's."

The analogy...it's like asking a Hollywood rock star to wear your new brand of jeans. Do they know about style, fit, organic denim material? No. But they do understand the value, and they like to talk about their fashion, and they have a loud VOICE.

So, if you have a new product in the Security space, or a new perspective, and you would like to have an open dialog about it, does it make sense to have that conversation with the "Hollywood Rock Star" who has the loud voice? It might help you get some attention around your topic, your product.

I don't know....it's the question I'm curious to answer, and the strategy, as a CEO, that is new to high-tech companies trying to get "above the noise"....without creating more noise.

JimKaskade 09/09/11 11:44:00 AM EDT

Just heard from Mikko H. Hypponen, Chief Research Officer from F-secure.

Mikko has a powerful voice in the security industry - an obvious oversight.

We will have to add him into the next iteration ;-)

@ThingsExpo Stories
How do APIs and IoT relate? The answer is not as simple as merely adding an API on top of a dumb device, but rather about understanding the architectural patterns for implementing an IoT fabric. There are typically two or three trends: Exposing the device to a management framework Exposing that management framework to a business centric logic Exposing that business layer and data to end users. This last trend is the IoT stack, which involves a new shift in the separation of what stuff happens, where data lives and where the interface lies. For instance, it's a mix of architectural styles ...
The 3rd International Internet of @ThingsExpo, co-located with the 16th International Cloud Expo - to be held June 9-11, 2015, at the Javits Center in New York City, NY - announces that its Call for Papers is now open. The Internet of Things (IoT) is the biggest idea since the creation of the Worldwide Web more than 20 years ago.
The Internet of Things is tied together with a thin strand that is known as time. Coincidentally, at the core of nearly all data analytics is a timestamp. When working with time series data there are a few core principles that everyone should consider, especially across datasets where time is the common boundary. In his session at Internet of @ThingsExpo, Jim Scott, Director of Enterprise Strategy & Architecture at MapR Technologies, discussed single-value, geo-spatial, and log time series data. By focusing on enterprise applications and the data center, he will use OpenTSDB as an example t...
An entirely new security model is needed for the Internet of Things, or is it? Can we save some old and tested controls for this new and different environment? In his session at @ThingsExpo, New York's at the Javits Center, Davi Ottenheimer, EMC Senior Director of Trust, reviewed hands-on lessons with IoT devices and reveal a new risk balance you might not expect. Davi Ottenheimer, EMC Senior Director of Trust, has more than nineteen years' experience managing global security operations and assessments, including a decade of leading incident response and digital forensics. He is co-author of t...
The Internet of Things will greatly expand the opportunities for data collection and new business models driven off of that data. In her session at @ThingsExpo, Esmeralda Swartz, CMO of MetraTech, discussed how for this to be effective you not only need to have infrastructure and operational models capable of utilizing this new phenomenon, but increasingly service providers will need to convince a skeptical public to participate. Get ready to show them the money!
The Internet of Things will put IT to its ultimate test by creating infinite new opportunities to digitize products and services, generate and analyze new data to improve customer satisfaction, and discover new ways to gain a competitive advantage across nearly every industry. In order to help corporate business units to capitalize on the rapidly evolving IoT opportunities, IT must stand up to a new set of challenges. In his session at @ThingsExpo, Jeff Kaplan, Managing Director of THINKstrategies, will examine why IT must finally fulfill its role in support of its SBUs or face a new round of...
One of the biggest challenges when developing connected devices is identifying user value and delivering it through successful user experiences. In his session at Internet of @ThingsExpo, Mike Kuniavsky, Principal Scientist, Innovation Services at PARC, described an IoT-specific approach to user experience design that combines approaches from interaction design, industrial design and service design to create experiences that go beyond simple connected gadgets to create lasting, multi-device experiences grounded in people's real needs and desires.
Enthusiasm for the Internet of Things has reached an all-time high. In 2013 alone, venture capitalists spent more than $1 billion dollars investing in the IoT space. With "smart" appliances and devices, IoT covers wearable smart devices, cloud services to hardware companies. Nest, a Google company, detects temperatures inside homes and automatically adjusts it by tracking its user's habit. These technologies are quickly developing and with it come challenges such as bridging infrastructure gaps, abiding by privacy concerns and making the concept a reality. These challenges can't be addressed w...
The Domain Name Service (DNS) is one of the most important components in networking infrastructure, enabling users and services to access applications by translating URLs (names) into IP addresses (numbers). Because every icon and URL and all embedded content on a website requires a DNS lookup loading complex sites necessitates hundreds of DNS queries. In addition, as more internet-enabled ‘Things' get connected, people will rely on DNS to name and find their fridges, toasters and toilets. According to a recent IDG Research Services Survey this rate of traffic will only grow. What's driving t...
Connected devices and the Internet of Things are getting significant momentum in 2014. In his session at Internet of @ThingsExpo, Jim Hunter, Chief Scientist & Technology Evangelist at Greenwave Systems, examined three key elements that together will drive mass adoption of the IoT before the end of 2015. The first element is the recent advent of robust open source protocols (like AllJoyn and WebRTC) that facilitate M2M communication. The second is broad availability of flexible, cost-effective storage designed to handle the massive surge in back-end data in a world where timely analytics is e...
Scott Jenson leads a project called The Physical Web within the Chrome team at Google. Project members are working to take the scalability and openness of the web and use it to talk to the exponentially exploding range of smart devices. Nearly every company today working on the IoT comes up with the same basic solution: use my server and you'll be fine. But if we really believe there will be trillions of these devices, that just can't scale. We need a system that is open a scalable and by using the URL as a basic building block, we open this up and get the same resilience that the web enjoys.
"Matrix is an ambitious open standard and implementation that's set up to break down the fragmentation problems that exist in IP messaging and VoIP communication," explained John Woolf, Technical Evangelist at Matrix, in this SYS-CON.tv interview at @ThingsExpo, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
We are reaching the end of the beginning with WebRTC, and real systems using this technology have begun to appear. One challenge that faces every WebRTC deployment (in some form or another) is identity management. For example, if you have an existing service – possibly built on a variety of different PaaS/SaaS offerings – and you want to add real-time communications you are faced with a challenge relating to user management, authentication, authorization, and validation. Service providers will want to use their existing identities, but these will have credentials already that are (hopefully) i...
Cultural, regulatory, environmental, political and economic (CREPE) conditions over the past decade are creating cross-industry solution spaces that require processes and technologies from both the Internet of Things (IoT), and Data Management and Analytics (DMA). These solution spaces are evolving into Sensor Analytics Ecosystems (SAE) that represent significant new opportunities for organizations of all types. Public Utilities throughout the world, providing electricity, natural gas and water, are pursuing SmartGrid initiatives that represent one of the more mature examples of SAE. We have s...
P2P RTC will impact the landscape of communications, shifting from traditional telephony style communications models to OTT (Over-The-Top) cloud assisted & PaaS (Platform as a Service) communication services. The P2P shift will impact many areas of our lives, from mobile communication, human interactive web services, RTC and telephony infrastructure, user federation, security and privacy implications, business costs, and scalability. In his session at @ThingsExpo, Robin Raymond, Chief Architect at Hookflash, will walk through the shifting landscape of traditional telephone and voice services ...
Explosive growth in connected devices. Enormous amounts of data for collection and analysis. Critical use of data for split-second decision making and actionable information. All three are factors in making the Internet of Things a reality. Yet, any one factor would have an IT organization pondering its infrastructure strategy. How should your organization enhance its IT framework to enable an Internet of Things implementation? In his session at Internet of @ThingsExpo, James Kirkland, Chief Architect for the Internet of Things and Intelligent Systems at Red Hat, described how to revolutioniz...
Bit6 today issued a challenge to the technology community implementing Web Real Time Communication (WebRTC). To leap beyond WebRTC’s significant limitations and fully leverage its underlying value to accelerate innovation, application developers need to consider the entire communications ecosystem.
The definition of IoT is not new, in fact it’s been around for over a decade. What has changed is the public's awareness that the technology we use on a daily basis has caught up on the vision of an always on, always connected world. If you look into the details of what comprises the IoT, you’ll see that it includes everything from cloud computing, Big Data analytics, “Things,” Web communication, applications, network, storage, etc. It is essentially including everything connected online from hardware to software, or as we like to say, it’s an Internet of many different things. The difference ...
Cloud Expo 2014 TV commercials will feature @ThingsExpo, which was launched in June, 2014 at New York City's Javits Center as the largest 'Internet of Things' event in the world.
SYS-CON Events announced today that Windstream, a leading provider of advanced network and cloud communications, has been named “Silver Sponsor” of SYS-CON's 16th International Cloud Expo®, which will take place on June 9–11, 2015, at the Javits Center in New York, NY. Windstream (Nasdaq: WIN), a FORTUNE 500 and S&P 500 company, is a leading provider of advanced network communications, including cloud computing and managed services, to businesses nationwide. The company also offers broadband, phone and digital TV services to consumers primarily in rural areas.