What, exactly, is a “thought leader” in this space? Someone who discovers amazing new technologies? Someone who predicts the direction of security? Both? Neither?
This is one of those terms that just makes my skin crawl, and here’s why. I have not seen anything wholly NEW in this field in a long time. In fact, just about everything I see is some variation on an existing theme, in just about every way. Most of the people blogging, ranting, speaking at cons, etc. are all doing something that builds on work that came before…and that doesn’t necessarily make it bad, of course. Far from it – there’s some amazing stuff happening right now all over the place in infosec. But we’re really all building and feeding off one another. Some call it the “echo chamber”, since we tend to bounce things back and forth and love to hear ourselves think. In some cases, this is definitely true.
A while back, many were lamenting that we never talk in the security community. I think the opposite is true – I think we talk a LOT. My only lament is that we seem to talk about nothing but infosec! There is, of course, more to life than infosec…but I digress.
So next time you see someone labeling themselves as a “thought leader”, you should first laugh at their likely douchy nature, and then ask them exactly how they’re “leading”. Real leadership in this space tends to happen at a level unobserved by most. The CISO who backs her team politically and fights for key projects, the analyst who writes a sweet Python script to automate some rote pen testing task, the incident handler or forensicator who digs for hours to find the root cause of an event, and so on. That’s leadership, and it happens all the time.
As for thinking? Really, we’re all thought “followers” who absorb from one another. That’s what the community is good for. And we need all of it we can get.