Security or Product Evangelist?
My friend Martin has had a little while to start stretching his wings over at StillSecure. He has moved into a new realm for himself and for a lot of other people. He is probably filling the most open Security Evangelist position in the industry both because of who he is and because of the marketing strategies of his employers. I think it is a great position for him but I still think he has a lot to learn. Then again, so do we all.
So when I read at Matasano Chargen that they have a problem with Martin bringing up “The Terrible 59″ I was concerned. Why would this be a problem? Sure, I don’t agree with the list (you can see my opinion on Martin’s and Farum’s site) but why would playing up this list up be a problem for a company’s evangelist?
Then I got to thinking, is Martin a Product Evangelist who is touting Cobia and how it will improve network security through convergence? Or, is he learning how the product integrates within the network, determining the needs of the customer, and is he thinking of ways to improve Cobia to address future security concerns and thus performing the role of Security Evangelist?
Personally, I think he is doing both for a number of reasons. Of course he wants to sell the product. Although I am willing to bet that if this product goes under StillSecure will find something else for him to do, but right now it is his bread and butter. So, pumping up the publicity of his company is within his best interest. So, he is filling the Product Evangelist side for now. But he is also fulfilling the part of Security Evangelist for Cobia. He has been running his tail off getting the contacts he will need to determine how his product is doing and where security it going. He is networking (and boy to I envy him for the people he has meet in the past few weeks).
So, for now I am proud of the effort Martin is putting forward. I am willing to let him make mistakes as he feels his way to creating his position. And I know that he appreciates the input from the folks at Matasano Chargen because they help him grow and define himself.
So, if you have a few minutes or some spare testing cycles, go check out Cobia. I don’t have a box with enough resources to do it myself but I bet there are some of you out there who might have a need and can help my friend with information.
I’m sure that some people might see this as a blatant StillSecure advertisement. Well I am here to tell you. I have never even booted a StillSecure system. But I have never heard anything out-and-out bad about their product. Their marketing might be a bit forceful but there are plenty of companies out there who could only wish they had the personalities to generate Internet media exposure like the StillSecure crew does. But, to be honest, I have to side with Thomas Ptacek and Richard Bejtlich especially since Alan has called out Astaro’s open source efforts at RSA and in Podcast #34. You are either Open Source and the community has a say in the direction of the software and you adhere to some type of Open Source licensing or you are a commercial product whose source code is open for review and people can freely contribute to it if they are willing to accept your licensing.
Go forth and do good things,
Cutaway
Technorati Tags: Security Ripcord, Martin McKeay, Matasano Chargen, StillSecure, Cobia, Security Evangelist
Help support my training and travel to security conferences. Get your SANS Training and GIAC Certifications through the Security Ripcord.
You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
April 5th, 2007 at 12:18 am
My problem isn’t that Martin has a new job marketing for a product. I’ve had that job before. It’s fun.
My problem is that everybody involved knows that the ITSECURITY-DOT-COM list is nonsense. Not just “a little wrong”. Total nonsense. But not everyone in the world knows that. Some people, such as (apparently) StillSecure’s marketing, could actually believe that list was representative of the industry.
Martin knows I’m right about this. But Martin isn’t correcting the record. Martin isn’t just wrong. He’s disingenuous. There are 59 other people who don’t show up on that silly list that deserve more recognition than any of us do. Why is Martin pretending that isn’t so?
I like Martin’s writing. I don’t know him, but he seems like a good guy. Let’s convince him to get on the right side of this issue. Places like ITSECURITY-DOT-COM probably need to be eradicated. He can help. He should help.
April 5th, 2007 at 3:33 am
Thomas,
Glad to hear you like my writing. I like your’s most of the time as well. I don’t necessarily like being the focus of your writing, but that’s one of the dangers of being a blogger.
I’ve stated my opinion on the itsecurity.com list several times ( http://cobia.stillsecure.com/?q=node/152 http://www.mckeay.net/secure/2007/03/thomas_wins_funniest_im_on_the.html) and I think it’s what someone could throw together fairly quickly and that’s about it. It’s worth every bit of time that person put into it. But it’s only worth a fraction of the energy you’ve put into denouncing the list. Let it go, your continued venom about the list does more to promote the list than anything I’ve written on it.
Do I feel a little tickle at being on the list? Yeah, enough that I linked to the site. It’s an interesting list to be on, but it’s not an authoritative essay on who’s had the most impact in the field of security. Did I keep sending traffic their way afterwards? A little, since our marketing department loved the list and is using it. That’s they’re job, what they’re paid to do. Would I call the list something that “probably needs to be eradicated”? No, and I think that’s more than a bit over the top on your part.
I’ve stated my opinion on the list and if you still have a problem with it, it’s your problem.
Martin
April 5th, 2007 at 4:19 am
Let me test my theories
April 5th, 2007 at 4:37 am
To be clear, I’m spending energy on the list. It doesn’t take much energy to make it clear that I lost a bit of respect for you for sticking up for the list.
The list is worth the effort. That site is evil.
Berating you for liking the list is not worth the effort. I’m sure you’ll do something else to restore my respect for you.
April 5th, 2007 at 5:46 am
Martin (and whoever else may care),
Read Mr. Ptacek’s second comment twice before you comment on it. I didn’t get it the first time through and only picked up on his intent on the second pass. It might be his wording or it may be that I am just tired.
Everybody, for the love of everything that is holy in security…..go forth and go good things.
Cutaway
April 18th, 2007 at 2:40 pm
Is it just me or is cobia an awful lot just like Linux?
What does it do that a linux box doesn’t already do? Is it just a fancy UI on top of Linux?
April 20th, 2007 at 5:57 pm
Bruce,
There’s a lot more going on behind the scenes than just the UI. The handling of dependencies between modules is one aspect, the reporting capabilities are another. In a few weeks we will be releasing the SDK, so you can look for yourself and see what Cobia offers people who want to build modules.
Martin