Building an Online ReputationIt Isn't Just Who You Know, But How You Network
The benefit of building his online reputation? "Being known and recognized for your work and accomplishments achieved," Power says, as well as "understanding how I can make a difference in the industry as a whole."
Power is but one example of many information security practitioners - beginners, journeymen and leaders alike - who now take time to carefully cultivate their online reputations. "Online personality and branding sets you apart," says Michele Porfilio, strategic sourcing director for Crowe Horwath LLP, a public accounting and consulting firm. The more active professionals are in their use of social media, the better they will promote themselves to prospective employers. "Online branding leaves the opportunities to open the door on both sides of the fence -- opportunities individuals may not know about, and the opportunity to be approachable as a thought leader engaged in enriching their professional growth and learning."
Online branding is directly related to career advancement of security professionals. "If you're not active, it's almost like being satisfied with the status quo without any desire to progress in the upper level," says Porfilio.
As a recruiter, Porfilio gives emphasis to candidates who are actively engaged online and have established themselves as thought leaders by posting articles, answering relevant questions on LinkedIn groups and interacting with other professionals and sharing ideas and best practices. "Professionals investing in online branding reflect commitment and how serious they are about their profession and growth within their space," she says. "It's not that the less active guys will not get hired, but competition will soon catch up, and sooner or later they will have to tap into avenues that will set them apart from the rest."
Following are online branding tips for security professionals at all stages of their careers.
Online Branding for the Beginner
Leslie Corbo is a entry-level cybersecurity analyst with a global defense contractor. She is involved with forensics investigations and network analysis, and she is also very active on security forums advocated by ISC2 and SANS, as well as on alumni email distribution lists. She is currently looking at social media channels to establish her presence online. In all, Corbo spends an average 5-6 hours per week tapping different avenues for actively building her online presence.
"I don't want to be left behind," Corbo says. "I want to be out there creating a niche position for myself within the industry, showcasing my skills and expertise to professionals and sharing my voice on relevant security issues."
As a professional starting out in information security, one's focus is on learning and skill building. Beginners need to realize that their personal brand is their online identity, and they need to be steady in their activities and communications, as well as carry a consistent message throughout their efforts in building an online personality, says Jim Molini, senior security program manager with Microsoft's Identity and Security division, and an ISC2 advisory board member. A lot of beginners get discouraged by so much noise and presence on the internet, wondering whether people are even listening. "They just need to focus and be determined to push through," Molini says.
Some tips for beginners:
- Establish a presence on social media including LinkedIn, Twitter and FaceBook. "Have a social media strategy," says Power. "To be able to build a compelling online profile, think it through -- what matters most to you? Understand the online medium and its potential for harm and good. What kind of information will strengthen your profile? Who should you connect with? Which online channels should you rely for incoming relevant content and news?"
- Join information security groups available online, including The Information Risk & Security Job Forum, The Global Information Security Professionals Group etc. Participate in relevant discussions and add your comments to perspectives and viewpoints.
- Join and actively participate in email distribution lists and forums initiated by professional organizations such as ISC2, ISACA and SANS.
Online Branding for Mid-Career
Phil Foley is a senior security analyst for governance, risk and compliance program with Verizon Cybertrust Security. As a mid level security practitioner, Foley is actively engaged in building his online identity by:
- Participating in LinkedIn groups and discussions;
- Maintaining close ties and volunteering with associations such as Norwich alumni group, ISC2, RSA and SANS;
- Speaking at events such as InfraGard and Norwich Symposium;
- Writing blogs and articles on his company's website.
"At my level, security folks cannot afford to be shy," he says. "We need to be in the mainstream, develop inner groups, expand network and gain visibility to move into the next phase."
The main benefit for him in building an online brand is getting recognized by the security industry and being able to participate in inner security groups and share with leaders what he sees working in the trenches. He spends a good three-to-four hours per week investing in his online brand.
At Foley's career stage, professionals play roles of increased responsibility, such as a lead security analyst or a senior security engineer, and are on their way to be promoted into senior management positions. "It is in this phase that online identity transcends into a personal brand," says Molini, and practitioners need to focus on establishing their credibility by showcasing themselves as subject matter experts.
- Start a blog on any of the social media sites or within your organization's website. "Blogging is a great way to share your expertise, build community, and position yourself as a niche expert," says Molini. It is probably the best way to build credibility and will exponentially increase an individual's search results and visibility.
- Participate in industry conferences, associations and events such as RSA and WhiteHat, in the capacity of a speaker. Get involved in the associations' networking opportunities. Contribute to online discussion forums, and present teleseminars and/or webinars.
- Reach out to professional organizations such as ISSA, ISC2, as well as local community colleges to volunteer and teach young professionals within your niche subject area.
- Write and publish relevant papers, books and articles on a regular basis, and set up an account and personal profile with top booksellers (Amazon, Barnes and Noble, etc.). Review books that are relevant to your field and areas of expertise. Your reviews and profile will rank high in your search results.
- Launch your own website and online career portfolio -- a single resource for all your career and achievement activity. Create a vivid comprehensive package illuminating your career history, strengths, passions, brand attributes and value proposition.
Online Branding for Leaders
Here are few steps Richard Power has taken toward building and managing his online identity:
- Social Networking -- He has built a very active presence on LinkedIn and spends 15-20 minutes every week visiting and participating on few relevant security groups such as the information security expert center, information security community, CSO forum and the national information security group. Here he interacts with industry peers on security topics, provides suggestions, opinions and responds to questions.
- Blogging -- He voices his opinion and thoughts on relevant security issues on Cyblog maintained by Carnegie Mellon University. He spends two-to-three hours per week creating insightful content and stays up to date on most news channels to have a good inflow of information.
- Writing -- He has authored five published books, including "Secretes Stolen, Fortunes Stolen: Preventing Economic Espionage & Intellectual Property Theft in the 21st Century" and "Tangled Web: Tales of Digital Crime from the Shadows of Cyberspace."
- Speaking -- He has been a featured speaker for various associations such as the Information Systems Security Association, High-Tech Crime Investigators Association, Purdue University and internationally at the Information Security World held in Sydney, Australia.
In this career stage, individuals are already recognized for their security leadership roles. "Online personality is more about online reputation," says Molini.
"It is all about how security leaders respond and put in efforts to maintain their online reputation," says Power. How do they handle people who disagree with them? How open are they with the community on relevant security issues? They need to share their success story with others and tell them "why they're on the top," adds Power.
Some tips for leaders:
- Reach out and mentor the security community by actively participating and carrying an authoritative voice on security in conferences, events and online forums.
- Become a board member in security associations such as ISC2, ISACA and SANS to provide direction and guidance to industry professionals.
- Reach out to educational institutions and be a regular guest speaker on security topics, as well as become their industry affiliate to guide their curriculum initiatives.
- Write blogs on leadership and security issues more from a "macro perspective," says Power. Consider publishing a book on security leadership or other relevant topics.
- Reach out to major publications within the industry and get featured as a columnist, blogger or contributor focusing on making a difference within the industry.
"Online identity is all about being in the security game or being left behind," Molini says. "The security profession is all about online reputation, and this is the time for practitioners to invest in developing a certain personal brand that can carry a consistent message throughout both online and real life."