Boosting Your Cyber Clout
I engaged on a r/cybersecurity thread recently where the question was posed, how someone in the (cybersecurity) industry can “boost” their professional credentials, or otherwise increase their credibility, visibility, professional stature and general “cyber clout” - outside the traditional methods of education and certification. I thought this was a pretty interesting ask and as someone who has gone down this path a bit (having a blog, infosec-specific Mastodon account, etc…), I figured I would weigh in with other ideas (in no particular order) I had related to increasing said cred.
- Publish research - Publishing research through a personal blog/website, academic institution, company blog, guest-submission on an external site, or through other research journals is a great way to get your ideas out in the wild.
- InfoSec Writeups on Medium Submission
- USENIX Paper Submission
- ResearchGate Publication Guidelines
- International Journal of Information Security Submission
- Journal of Information Security and Applications Submission
- Springer Open Publishing Guidelines
- Information Security Journal: A Global Perspective
- Bug Zero
- Hey, if you’re interested in writing for shellsharks, feel free to send me an email!
- Speaking engagements - Speaking at conferences, internally at your company, through meetup groups, in online communities or even YouTube can certainly get your name and ideas out to a wide audience. Keep a look out for CFPs (Call for Papers) and Call for Speakers from known security conferences.
- Teaching - Teaching is an excellent option for connecting with others in the industry and boosting credentials. This can come in many different forms - university professor, teaching for a training organization, developing a course for an online training platform, leading company-internal classes as an instructor or even developing your own training and offering it via the medium of your choice (e.g. your blog, YouTube, Twitch, whatever!)
- Blog / website - I’m a huge proponent of (professional) blogging and believe it comes with a multitude of benefits. You are able to publish research in your own way, expose custom tools, link out to all your other Internet points-of-presence and use it as a way to consistently engage with others in the community/cybersecurity field.
- Social media presence - The preiminent form of online engagement. There are a multitude of social media services in which you can have a presence, engage with others in the community and grow your “brand”.
- Mastodon: There is a pretty sizable infosec community on Mastodon these days. There are a lot of potential instances to join, infosec.exchange is a great one for security pros! (You can find me @shellsharks.com )
- LinkedIn: Linkedin is an obvious option for connecting with professionals, posting content and meeting others in the industry.
- Other: Instagram, YouTube, Twitch and more. People consume information and media in many ways and these popular services are a medium to reach the multitudes.
- Community engagement & networking - There are plenty of ways to connect with others in the industry. Many of which I’ve already covered! Linkedin (of course), conferences, meet-ups, etc… They say it’s not who you know, it’s who knows you, so get out there and introduce yourself to people!
Podcasting - Podcasting is a growing medium and one that is well suited for both a casual-listening audience and for those who want slightly more technical content. If talking is your medium rather than writing, podcasting could be a good choice for you!
Side business - Having a successful side business, or even starting up your own primary business is a good way to establish yourself as a doer in the field.
CVEs - For the vulnerability researchers of the world, having CVEs is an esteemed way to demonstrate your expertise. Request a CVE ID here.
- CTFs - There are countless CTFs these days. Participating, winning & doing write-ups (CTF Time Writeups, Medium CTF Writeups, InfoSec Writeups | CTF) are all ways to express your interest / involvement in the field as well as your technical prowess.
- Bug Bounty - Vulnerability disclosure programs (VDPs) and bug bounty platforms are in abundance these days. Earning bounties is not only a way to make some money but it can also help you stand out in the community.
- Look for companies with a security.txt file
- Alot of companies have their own bug bounty program: Microsoft, GitHub, Apple, etc…
- Hack the Pentagon
- Google Bug Hunters
- Zero Day Initiative
- Pentester Land Bug Bounty Writeups
- Synack Red Team
- Mentor - Helping others grow and succeed is always a noble pursuit and one that can not only yield great professional relationships, but also help set you apart as someone who gives back.
- Volunteer - There are many organizations for which you can volunteer within the cybersecurity industry.
- OSS contribution - A very tangible way of demonstrating programming skills and other domain knowledge is to contribute to open source software (OSS).
- Publish a tool - The infosec community loves their tools and those that write and maintain these tools are held in particularly high regard.
- High-profile / presitgious position - Holding a high-profile position in the government (e.g. CIA, NSA, FBI) or public company (e.g. FAANG) can give a moderate boost to your professional cred.
It’s worth pointing out that most of these methods are applicable to any profession, not just cybersecurity. Regardless of what you do, I urge you to approach all aspects of your professional climb with authenticity, novelty, approachability & humility.