Infosec Rock Star


“Ted, to those about to rock, I salute you … and always enjoy listening and learning from you. I always pickup new tips and tricks.”

– Dr. Eric Cole, SANS Fellow, inventor of over 20 patents, author of numerous books, etc.

Why are some people so much more effective than others?

Why do some super smart people have almost no impact, but some seemly less smart ones have a major impact?

Geek will only get you so far

-Joe Eckhout

I’m Ted Demopoulos, and I do not claim to be a Rock Star. But many of my friends and colleagues are, and I’ve been talking to them, trying to figure out what makes them so great, what makes them rock!

I want your input too!

You do not need to consider yourself a Rock Star. We all have knowledge we can share, and I consider this a community project. These are not just my ideas. Not remotely!

Geek, or “Core Competency” is obviously important, whether it’s having the knowledge to be a kickass IDS analyst, or knowing how to manage, inspire, and lead a team.

Here are some of the key areas we’ll be exploring which affect how effective, or ineffective, you are.

And because so many people ask, we’ll also cover
  • Sex and Drugs – personally, “yes” and “coffee and alcohol”

Sex and drugs and rock and roll. Are very good indeed.

-Ian Dury and the Blockheads

and so is controversy, especially if you want ideas to spread!

This all began when I was asked to give a SANS at Night talk. I looked at the list of other speakers and topics, and not only was I in awe of them but also of their technical depth. Now I’m a fairly technical geek. I even love cryptography, even the math involved (really!), but . . .

I decided to give a non technical talk, on what it takes to be effective, to get things done, to have a (hopefully positive) major impact.

What, was I insane? A nontechnical talk at SANS? Well, I once spoke about Windows NT3.1 at USENIX – this couldn’t be any worse, and it was bound to be amusing at least!

The talk was an amazing success. I’ve given it many times since, gotten both great and positive (and some useful negative) feedback every time, and my talk and viewpoint has grown significantly over time “with a little help from my friends.”

One last thought, from a multi talented and Emmy, Grammy, American Comedy, Oscar award winning and kickass banjo player:


  1. Reply

    Great post, Ted!

    My thoughts on this are:

    1) You may not even WANT to be a Rock Star. Have you ever talked to one? (I haven’t, but I’ve seen them on TV). I don’t think some of them are very happy. They just want to play music. The pressure leads them to have catastrophic drug problems, etc. But there are some who have an EDGE (like Bono), who know their limits and stay in control. I actually don’t like to be involved in controversy, but I don’t mind doing the unexpected, making myself look a little awkward or silly. This gets you noticed, and if you ARE good, then they will pay attention, at least. So, if you aren’t keen on controversy, at least be a little off-the-wall once in a while – and it will be easier to see yourself as a Rock Star who can be looked up to. I know we have a LOT of amazing folks in the Infosec industry. It’s time you took a bow!

    2) I just read a book about a guy I feel is an Entrepreneurial Rock Star, but you’ve probably never heard of him. He sold his company for $22M and is living comfortably (I’d be happy with that). His name is Derek Sivers, and his company was CD Baby. The book is called “Anything You Want.” It’s pretty short, but I found it very useful and inspiring for entrepreneurs. It’s stuff you can actually do. The other “must read” book, if you want to build a business, instead of “own a job”, is Million Dollar Consultant by Alan Weiss.

    3) If you aren’t an independent consultant, and have a full-time Infosec job, you can still be a Rock Star. But I don’t think that means doing your job so well that you are indispensible in that role, unless you want it to be. But you should think about your future. Where do you see yourself in 5 years, 10 years? It’s also hard to stay relevant if you don’t get out and see what others are doing in the field. So, it can be a bit of a let-down at some point when your run in the current job ends. You may have to start over in another job. So, keep up to date on as much as possible in the industry, which I know is hard for full-time employed Infosec people. Most are working so hard to fight fires they won’t have time to read this very long comment. Sorry.

    Looking forward to seeing more posts Ted.



      • Ted Demopoulos
      • March 14, 2014

      Thanks Scott for your input,
      Million Dollar Consulting by Alan Weiss is a must read for more than just consultants for sure.
      I’ve listed it under resources. Will need to check out the book by Derek Silvers too!

      Think I may need to distinguish between Rock Star visibility, and Rock Star results. Not everyone wants Rock Star visibility. Some may want it globally, some just in their industry, just in their company, just within the group they work with, or not at all.

      Hey, the anonymous (I think he’s still anonymous) buy who developed/invented Bitcoin is having global impact, without global visibility!

    • Joe Eckhout
    • March 21, 2014

    Hey Ted…

    You spelled my name wrong. 😉 Eckhout

    I was board the other evening and looking at TED Talks (you need to talk to them about the name by the way) and found an interesting one.

    Frequently us Geek types, regardless of how hard we try not to, end up in management. This means we have to learn how to make friends, influence people, and not act like the Geeks we are. I found this TED talk pretty encouraging and could help some work though that awkward transition from Geek to manager.

    • Ted Demopoulos
    • March 21, 2014

    Hey Joe,
    Fixed your name 🙂 I did say this site wasn’t quite ready for prime time when I sent the email out, didn’t I!


      • Joe Eckhout
      • March 21, 2014

      Well I’m happy I could help improve it. 😉

    • Bob
    • May 13, 2014

    I wanna rock n roll all night and party every day!

    • Anonymous AJ
    • September 19, 2014

    Great Stuff,
    As someone who has always strived to be an Uber Geek, I always knew something was missing.

    Geek has gotten me pretty far, but not as far as if management were geeks too. This has some of the missing “Secret Sauce” I need.

    Plus I like how you wrap it up with Rock and Roll

    AJ, Geek and Rock n Roll Guitar player

      • Ted Demopoulos
      • September 19, 2014


      Good point – management, the folks typically in charge of assessing our performance and more, are not usually geeks. Thanks for your comment!

    • Clyde
    • December 22, 2014

    Just a quick word of thanks and Happy Holidays Ted!

    I’ve gotten a lot out of the 2 classes I’ve taken from you, a few Webinars (on technical and biz topics) in the past, and I’m getting a lot out of this site!

    Have you considered doing a Webinar or more on how to be an Infosec Rock Star?

    I also encourage everyone to download the “Infosec Rock Star: Incredible Results” guide!


      • Ted Demopoulos
      • December 22, 2014

      Thanks Clyde for the kind words and Happy Holidays!

      I’ve been giving quite a few talks titled “Infosec Rock Star: Incredible Results” but obviously people need to be local to sit in.
      If there is enough interest, I’m happy to do online events as well!

        • Paresh
        • January 18, 2017

        Hi Ted,

        Hope you are doing good, unfortunately I saw the email on new InfoSec Rock Star Blueprint registration 🙁 …but I am interested online version as well , not certain this one was / is ?
        Please let me know the prices as well if possible.
        Thanks in advance,
        Br – Paresh

          • Ted Demopoulos
          • January 21, 2017

          Hi Paresh,
          Great to hear from you! This class is currently running, no dates set for the next class, but we had two last year so chances are I may have time to schedule another – it’s just a question of time!

    • Ron Michaud
    • January 3, 2015

    Ted, you mentioned you had an update coming sometime to your Infosec Rock Star Guide? Is that sometime soon?

      • Ted Demopoulos
      • January 3, 2015


      Coming this month for sure.
      Just signup (upper right hand corner) and you’ll automatically get the new version as soon as it’s done. About 80% there.

    • Kai
    • January 11, 2015

    Hi Ted,
    I think your readers might find my How to become an infosec rockstar slide deck from last years CSA Summer Conference of interest:

      • Ted Demopoulos
      • January 11, 2015

      Hi Kai,

      Great stuff! Excellent slide deck and wish I could have been there live.
      Listening to AC/DC’s “Let me put my love into You” from your link right now.

      Great ideas, and especially how you present them. I’m going to give you credit as a contributor, with your permission of course!

  2. Reply

    Hi Ted

    Managed to (finally) steal a bit of time to go through your work of art. Pretty good guidance there. I can back up a lot of what you say with actual experience in the trenches.

    An example – we recently helped a large insurance company to employ a new group CISO – most on the short-list came in with similar certs / quals / experience. What separated the winner was the “rock star” effect and more – comments of “could I place this person in front of the board” and “is this person strong enough to stand up to the CIO” were points that were the deciders!

    So get certified and experience behind you but then focus on your communication skills to differentiate you from the pack. Then to finally take it a step further go for the large speaking engagements…write a book…do amazing things for charity etc etc…


      • Ted Demopoulos
      • February 15, 2015

      Thanks Craig! Having “Rock Star” qualities can really help a person stand out from the crowd. And EVERYONE can certainly learn and develop these skills, moving towards Rock Star.

    • Clive C
    • July 12, 2015

    Great presentation in Canberra Ted!

    • Martine
    • July 23, 2015

    Yes, the Canberra presentation was great, especially enjoyed that you stayed afterwards and answered questions and talked to folks including me!

    • Ricco
    • September 14, 2015

    Hey Ted,
    A lot of things ring very true. I personally only concentrated on the “geek” – and I had and am having fun, but I only got so far! I was close to illiterate when it came to writing anything for anyone other than fellow geeks to read! And I was terrified of giving presentations.

    I’ve since learned to communicate for better, and it has made a big difference! I’m building my non-geek skills surely but slowly, it’s fun, and it works

    • Yvonne
    • June 6, 2016

    Looking forward to your rerunning your course – hopefully again in 2016 Ted?

      • Ted Demopoulos
      • September 15, 2016

      Hopefully, not quite sure when Yvonne – depends on my travel schedule!

  3. Reply

    I took it a different route…separating “Infosec” from “Rock Star” … but I really enjoy both the security aspect (over 17 years leading skilled security teams so far) and the music (if you like blues and techno inspired rock, you’ll love Metaltech!!)

    Enjoying your writings dude!


      • Ted Demopoulos
      • October 15, 2016

      Thanks Rory,
      I think I’d like Metaltech!
      Got an old piano a few months back, slowly relearning, mostly old blues and jazz – Dixieland, Boogiewoogie, etc. Having a blast!

  4. Reply

    You know who was the last rock star? Simon Freakin’ Le Bonn! Duran Duran without Simon would be a drag fashion show. Not that there’s anything wrong with that.
    Joe Eckhout, you spelled bored wrong.

    • chris nickerson
    • December 15, 2016

    Having been in prominent roles in and out of info sec…. I have some experience with this “thing.”

    I leave you with a talk I did on the topic at derbycon.

    Hope it provides some light from the other side of the curtains.

    • Ted Demopoulos
    • December 16, 2016

    A great video Chris – I watched it for maybe the 3rd time.

    • Mike Harris
    • January 3, 2017

    I am perfectly happy being an InfoSec Roadie. I don’t want the bright lights or notoriety. I practice my InfosSec craft with pride and distinction and quietly teach the next generation of IT gurus how to do everything more securely. It is the great roadies doing the heavy lifting behind every notable rock star after all.

    I wear enough hats and don’t need to be the star of the show. I’d rather mentor the next generation of Infosec rock stars than be one myself.

    Information Security Officer, Adjunct professor, CISSP HCISPP

      • Ted Demopoulos
      • January 4, 2017

      Mike, love your thoughts and I’ll add that I believe some roadies are in fact Rock Stars.

      Here is a concrete example. At SANS, Norris is gentlemen almost no one outside of SANS knows, he was the first A/V and more guy, and travels setting up the A/V equipment, Internet access, and more. Today there is a central warehouse where equipment, books, and more live, and they get shipped or driven depending in the location of the conference. Norris, or now Norris and his crew, make everything happen smoothly. With the enormous number of events, this is no small undertaking.
      Norris IS a roadie, was the first SANS roadie in fact, and the very few of us that work with him directly know he is not just a great guy, but a Rock Star!

    • Sam R
    • October 23, 2017

    Look forward to reading the book, thanks for the offer to the PaulDotCom listeners. Just wanted to give you a headsup, in the shipping of the book out here to the wonderful rainy land that is the Pacific Northwest some water got into the package and the book showed up a little bit water damaged. It is still readable but just wanted to give you that heads up as we head into the season where rain becomes more prevalent around the nation.

      • Ted Demopoulos
      • October 24, 2017

      Hi Sam,
      Glad to send another copy – thanks for letting me know!

      Also if you get a chance, I’d love a review on Amazon (needs to go under kindle right now:

  5. Reply

    Great book Ted.

    I read a lot of self help books so the first half of the book was a great rehash in the context of infosec. The other half of the book was even better! I really didn’t expect to see that material and it taught me a lot. The startup material was just pure gold.

    Keep on keeping on my friend.


      • Ted Demopoulos
      • December 13, 2017

      Thanks Elliot!

  6. Reply

    Hi Ted –

    I’m Greg Scott and I’m considering signing up with Morgan James Publishing. I’m looking for feedback from a few other MJ authors and I found your book on Amazon. Your infosec topic is of interest and the easiest way I could find to contact you was a comment here. How was your MJ experience?


    – Greg

      • Ted Demopoulos
      • April 25, 2018

      Hi Greg – I’m a big fan of Morgan-James publishing. Will email you directly!

    • ClaudioS
    • February 23, 2020

    I read the Infosec book with great interest already some time ago and I always wanted to leave a few words to thank Ted for his masterpiece. I must say that it is written in a truly intelligent way and I think many of us, Infosec (or Cybersecurity) professionals, find themselves in Ted’s words. There are many quotations used by Ted in the book and, in my humble opinion, I would add one that is very suitable for Ted and his book: “Live as if you were to die tomorrow. Learn as if you were to live forever.” (Mahatma Ghandi). Undoubtedly climbing to Rock Star through the various levels (five as described in the book) rightly requires continuous learning. Patience and determination, accompanied by the precious advice that INFOSEC Rock Star gives us, have allowed us or will allow us to reach our goals. Thanks Ted!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.