Raising Your Public Profile as an Information Security Professional

As part of November's Career Paths in Cybersecurity Series, Helena asked me to talk about how a digital security professional can raise his or her public profile. For the purposes of this blog post, I will assume that you seek greater publicity so that you can better contribute to the national dialogue over digital security. I will discuss seven concrete steps one can take to accomplish this goal:

  1. The easiest way to begin elevating your public profile, and I stress "begin," is to leverage social media. Posting to Twitter is the simplest way to start. Devote a single Twitter account to professional security topics, and strive to remain "on message" when interacting with others. Do more than retweet other tweets. Don't just post links to news articles you like. Use your real name, or show your real name along with your handle. Provide original content; this recommendation applies to all of the steps in this article.
  2. Participation in public (and even private) mailing lists is another way to become more well-known within the industry. Choose a few security lists that host commentary you respect, and occasionally let your voice be heard. Be prepared to defend your ideas! Mailing lists seem less relevant compared to Twitter these days, but the fact that these conversations are archived mean your ideas can live longer than Twitter's search availability.
  3. Another way to elevate your public profile is to blog regularly. I didn't have to suggest "Tweeting regularly," because Twitter is fairly addictive. Blogging, though, can be much more difficult, especially in the age of Twitter. As with Twitter, stay on message and write original content.
  4. Next, consider conducting original research and writing white papers. Before Twitter and blogs, security professionals used to make their names by writing white papers in 80 character ASCII fonts for publication in "e-zines" or other text-file-centric forums. These days, white papers are rarer, except in the academic world. Submit your white papers as articles to online and print security magazines.
  5. At this point you should have a decent amount of original content, so you should try responding to call for papers offered by security conferences. Don't be discouraged if you're not immediately accepted to speak at name-brand events like Black Hat or CanSecWest. Be prepared to start with small regional events (like the various BSides conferences) and work your way to the larger national get-togethers.
  6. Another way to become a more public member of the security community is to write a good book. I emphasize "good" because writing a poor book will damage your career, as would producing lousy content in any of the previous endeavors. Writing a book can take a serious commitment of time and energy, and the return on your investment will likely be meager from a financial perspective. From a publicity perspective, writing a solid book is a way to spread your message to a dedicated audience.
  7. A final way to achieve some degree of publicity is to write open source software or lead a project used by many people in the security community. Everyone knows who originally wrote Snort, Metasploit, Nessus, and other high-profile open source tools. This can take a very large chunk of one's time and energy, especially if you want to maintain it over time.

Many of the other elements of being a more public member of the security community are derivatives of these seven steps. And good luck with your security career!