← Back to Library

Many of the best security leaders aren’t on LinkedIn

Ross Haleliuk · Venture in Security · ·10 min read
Commentary by Hex Index staff

Ross Haleliuk cuts through the noise of Silicon Valley hyped on artificial intelligence to reveal a stark reality: the most effective security leaders are often invisible online because they are too busy solving unglamorous, critical problems to post about them. This piece is notable not for its critique of social media, but for its diagnosis of how that silence distorts the entire market, causing startups and investors to build products for a tiny, vocal minority while ignoring the actual needs of global enterprises.

The Illusion of the Visible Majority

Haleliuk begins by contrasting the frenetic energy of San Francisco with the grounded reality of cities like Houston or Washington, D.C., where the "echo chamber" of AI hype simply does not exist. He writes, "I live in San Francisco... but when you get outside of the Bay Area, the first thing you notice is that there are no billboards screaming about AI." This observation sets the stage for his central thesis: the cybersecurity industry has become a self-referential loop where visibility is mistaken for representativeness.

Many of the best security leaders aren’t on LinkedIn

The author argues that the people dominating LinkedIn feeds and conference panels are not the same people running the world's largest security operations. "Many of the best security leaders I've met aren't on LinkedIn," Haleliuk notes, pointing out that these professionals often haven't attended major industry events like RSAC or Black Hat in over a decade. Instead of debating agentic identities online, they are managing identity sprawl and third-party risk. This framing is powerful because it challenges the reader to question their own information diet; if your news feed is full of AI breakthroughs but your daily work involves patching legacy systems, you are living in two different realities.

Critics might argue that social media has always been a noisy place and that seasoned professionals should simply curate their feeds better rather than assuming the platform represents the whole industry. However, Haleliuk's point is deeper: the ecosystem itself is skewed because the "noise" dictates what gets funded and built.

The people we hear from the most are not always representative... If you spend enough time on LinkedIn, you can start believing that everyone is talking about the same topics - the newest AI startups, new categories, new conference controversies, or latest industry trends.

The Distortion of Product Development

The article's most compelling section addresses how this visibility bias directly influences what founders build. Haleliuk explains that because 98-99% of Chief Information Security Officers (CISOs) are hard to reach via traditional channels, entrepreneurs naturally gravitate toward the "1-2%" who are visible influencers and advisors. "When everyone is asking the same people the same questions, they get the same answers, and they all end up building the same products," he writes. This creates a dangerous feedback loop where innovation chases trends rather than solving actual pain points.

Consider the disparity in priorities: while the industry buzzes about complex new categories, many Fortune 1000 teams are still struggling with basic asset inventories or just trying to afford a single analyst. Haleliuk highlights this disconnect by noting that for some organizations, "they are most likely thinking about MFA more than they are thinking about the problem of agentic identities." This is not just an observation; it is a market failure. Startups building tools for the 1% often miss the massive, underserved needs of the 99%, leading to a proliferation of solutions that no one actually needs and a scarcity of tools for problems that keep CISOs up at night.

The author draws on his own experience to validate this, stating, "For what it's worth, some of the best product insights I've received have come from people who have never written a LinkedIn post about security and never will." This admission adds significant weight to his argument, as he is essentially critiquing the very community he operates within.

Embracing Multiple Realities

To break this cycle, Haleliuk urges the industry to accept that cybersecurity is not a monolith but "a collection of hundreds of different markets." He argues that the only way out of the echo chamber is to stop assuming one's own experience is universal. "I always smile when I hear my Bay Area friends say that every security team is deploying agents, when a week before that, I spent time talking to someone who just recently got the budget to buy a CSPM," he observes.

This call for humility is crucial. The industry often dismisses slower-moving organizations as outdated, but Haleliuk suggests these differences are valid adaptations to different environments. A law firm's security needs differ fundamentally from a tech giant's, and a bank's priorities diverge from a university's. By failing to recognize this variety, the industry risks building products that over-optimize for one specific use case while leaving others vulnerable.

There is so so so much variety that not acknowledging it and embracing it as a norm is just not smart.

The argument here resonates with historical lessons from major security conferences like Black Hat, where the gap between cutting-edge research and operational reality has often been stark. Just as researchers once focused on theoretical vulnerabilities that enterprises couldn't patch for years, today's focus on AI agents risks ignoring the foundational hygiene required to keep networks secure.

Bottom Line

Haleliuk delivers a necessary corrective to an industry intoxicated by its own hype, proving that the loudest voices are rarely the most representative of the field's actual challenges. The piece's greatest strength is its ability to connect personal observation with systemic market failure, though it leaves unanswered how founders can practically access these "invisible" leaders without relying on the very social networks he critiques. For any builder or investor in security, the takeaway is clear: if your product roadmap looks exactly like your Twitter feed, you are likely solving a problem that doesn't exist for most of your customers.

Deep Dives

Explore these related deep dives:

  • Black Hat (conference)

    While the article notes that top security leaders often skip this event, understanding its evolution from a niche hacker gathering to a massive corporate spectacle explains why elite practitioners might view it as part of the very 'echo chamber' they avoid.

  • RSAC Conference

    The author mentions that many effective leaders haven't attended this conference in decades; exploring its history reveals how it became the industry's primary echo chamber, creating a disconnect between the public-facing security community and the quiet operators managing critical infrastructure.

  • Tine (company)

    As the article's sponsor and a leader in workflow automation, this company exemplifies the shift from manual, reactive network operations to proactive strategies that the author argues are essential for reducing the high costs of downtime mentioned in the text.

Sources

Many of the best security leaders aren’t on LinkedIn

by Ross Haleliuk · Venture in Security · Read full article

I live in San Francisco, but as a founder serving large enterprises, I now travel quite a bit. When you get outside of the Bay Area, the first thing you notice is that there are no billboards screaming about AI, and no buses advertising agents for SDR, customer success, or finance. Three weeks ago, I was in DC, a week and a half ago I was in Boston, and this week I am in Houston, and neither of these cities is talking about AI, even though there are plenty of innovators living in each.

San Francisco is amazing because it brings together some of the most innovative minds, driven to use technology to do something that could never have been done before. The culture, the mindset, the people are incredible. But I will be the first to admit that it’s also an echo chamber. I say this with kindness because I love this place, but when you love something, you gotta still maintain some degree of objectivity.

Cybersecurity is just like that. I love our industry, I love people shaping the industry, but we gotta admit that security is, too, one big echo chamber.

This issue is brought to you by... Tines.

The $50K per hour network downtime dilemma.

Networking and network security stakes are high. Like really high. Infrastructure downtime costs teams at minimum $50,000 per hour.

On July 15th, join Netskope and Tines for a live session on how you can move from reactive networking and network security operations to proactive response.

Register to learn:

The hidden cost of manual network operations (and why faster tools haven’t eliminated slow response and coordination gaps)

What “great” actually looks like in secure network operations

A 5 step roadmap to build a more secure network operations strategy

Cybersecurity has our own echo chamber.

In security, we have developed an amazing ecosystem. We have our own conferences. Our own podcasts. Our own blogs. Our own social circles. With all these amazing shared experiences, we sometimes forget how small a slice of the industry those communities actually represent.

Many of the best security leaders I’ve met aren’t on LinkedIn. They may have a page, but they really don’t visit the platform, and not at all because of the sales outreach, they just don’t have the need for it. All the jobs they are getting are through friends, people who know their work, and ...