First things first - it's been a while since I last blogged so my sincere apologies.
I come across the word 'Thought Leader(s)' and 'Thought Leadership' quite a lot in discussions and reading. It has got me thinking at times as to 'What is it?'. With regards to Information Security industry, I think there hasn't been any Thought Leadership at all. This encompasses innovation around security management including but not limited to policies, procedures, standards, vulnerability assessments, penetration testing, patching, risk management, data loss, compliance, monitoring, incident response, security awareness et al. Same old, same old.
Good old Wikipedia says this for 'Thought Leader':
"The term was coined in 1994, by Joel Kurtzman, editor-in-chief of the Booz, Allen & Hamilton magazine, Strategy & Business. "Thought leader" was used to designate interview subjects for that magazine who had business ideas that merited attention."
According to commentators such as Elise Bauer, a distinguishing characteristic of a thought leader is "the recognition from the outside world that the company deeply understands its business, the needs of its customers, and the broader marketplace in which it operates."
So, it is 'ideas that merit attention' and 'recognition from the outside world that one gets it'.
I cannot think of an individual or a company in the security industry that has come up with ideas that merit attention or are recognised from the members of the security community for a while. Can you? Please enlighten and discuss.
PS: I don't class reactive discoveries for e.g. APTs, Cybercrime, surveys and point solutions as TL. I also believe there is a lot of TL going on in security offence than in defence. If there is a better definition, again - do post your thoughts.
No comments:
Post a Comment