Former Akamai CSO Andy Ellis shares unexpected insights on building influential security programs, developing talent pipelines, and practicing everyday leadership through small acts of kindness.</p

Session Summary

In this thought-provoking conversation from the RSA Conference with Bishop Fox's Tom Eston and Allan Cecil, Andy Ellis draws from his extensive career as Akamai's first security professional to illuminate leadership principles that transcend traditional authority structures. Ellis begins by reflecting on his Air Force background with the 609th Information Warfare Squadron, where he learned the counterintuitive principle that true effectiveness comes from making yourself replaceable rather than irreplaceable—a mindset that shaped his approach to building Akamai's security program from scratch.

Ellis shares how he built Akamai's security team over two decades, scaling from managing 2,000 servers to over 350,000 while fostering an environment where talent development took precedence. He describes his philosophy of promoting people slightly before they're "ready," creating a cascading effect that opens opportunities throughout the organization. This approach not only developed internal talent but created a culture where people wanted to stay despite being highly employable elsewhere.

The conversation takes a particularly insightful turn when Ellis discusses reframing security leadership. He recounts being initially excited about gaining veto power over product launches at Akamai, only to discover this authority created an adversarial relationship with product teams. By shifting his role from approver to advisor—providing risk assessments rather than approvals—Ellis transformed the dynamic. In a pivotal moment, when a product team arrived unprepared, the head of products (not security) rejected their proposal, establishing a new standard for risk management across the organization.

Throughout the interview, Ellis emphasizes that leadership isn't about authority but about making work more efficient and effective—something anyone can practice regardless of title. He illustrates this principle through his approach to unsolicited sales emails, where he responds with kindness and helpful advice rather than irritation or silence. This practice not only improves the day of struggling sales development representatives but has created lasting positive impressions across the industry. Ellis concludes by recommending that aspiring leaders view every interaction as an opportunity to practice and improve, continuously evaluating what worked and what could be better.

Key Takeaways

1. Make yourself replaceable to become invaluable - True organizational value comes from sharing knowledge and developing others rather than becoming an irreplaceable expert in a specific domain.
2. Promote people before they're fully ready - Waiting until someone is completely prepared for a role means you've waited too long; people grow into challenging positions when given the opportunity.
3. Reframe security's role from approver to advisor - When security shifts from being a gatekeeper to a trusted advisor who assesses risk, product owners take more responsibility for security decisions.
4. Leadership exists independent of authority - Anyone at any level can practice leadership by making work more efficient and effective, regardless of their formal position.
5. Small acts of kindness create disproportionate impact - Treating people with unexpected courtesy, especially those in thankless roles like sales development, creates memorable positive impressions that benefit both parties.
6. Evaluate and learn from every interaction - Leadership develops through continuous self-assessment of interactions, identifying what worked well and what could be improved next time.
7. Borrow effective leadership techniques - Many leadership principles aren't new; observe what works for others and adapt those approaches to fit your personal style and situation.