CISO Trainings , Fraud Management & Cybercrime , Next-Generation Technologies & Secure Development

Building an Online Reputation

It Isn't Just Who You Know, But How You Network
Building an Online Reputation
Richard Power is the director of strategic communications for CyLab at Carnegie Mellon University. As an information security leader, he has been an active speaker, writer and advisory board member. He also has invested heavily in building his online reputation --mentoring, engaging and actively reaching out to the community through Internet resources.

The benefit of building his online reputation? "Being known and recognized for your work and accomplishments achieved," Power says, as well as "understanding how I can make a difference in the industry as a whole."

Power is but one example of many information security practitioners - beginners, journeymen and leaders alike - who now take time to carefully cultivate their online reputations. "Online personality and branding sets you apart," says Michele Porfilio, strategic sourcing director for Crowe Horwath LLP, a public accounting and consulting firm. The more active professionals are in their use of social media, the better they will promote themselves to prospective employers. "Online branding leaves the opportunities to open the door on both sides of the fence -- opportunities individuals may not know about, and the opportunity to be approachable as a thought leader engaged in enriching their professional growth and learning."

Online branding is directly related to career advancement of security professionals. "If you're not active, it's almost like being satisfied with the status quo without any desire to progress in the upper level," says Porfilio.

As a recruiter, Porfilio gives emphasis to candidates who are actively engaged online and have established themselves as thought leaders by posting articles, answering relevant questions on LinkedIn groups and interacting with other professionals and sharing ideas and best practices. "Professionals investing in online branding reflect commitment and how serious they are about their profession and growth within their space," she says. "It's not that the less active guys will not get hired, but competition will soon catch up, and sooner or later they will have to tap into avenues that will set them apart from the rest."

Following are online branding tips for security professionals at all stages of their careers.

Online Branding for the Beginner

Leslie Corbo is a entry-level cybersecurity analyst with a global defense contractor. She is involved with forensics investigations and network analysis, and she is also very active on security forums advocated by ISC2 and SANS, as well as on alumni email distribution lists. She is currently looking at social media channels to establish her presence online. In all, Corbo spends an average 5-6 hours per week tapping different avenues for actively building her online presence.

"I don't want to be left behind," Corbo says. "I want to be out there creating a niche position for myself within the industry, showcasing my skills and expertise to professionals and sharing my voice on relevant security issues."

As a professional starting out in information security, one's focus is on learning and skill building. Beginners need to realize that their personal brand is their online identity, and they need to be steady in their activities and communications, as well as carry a consistent message throughout their efforts in building an online personality, says Jim Molini, senior security program manager with Microsoft's Identity and Security division, and an ISC2 advisory board member. A lot of beginners get discouraged by so much noise and presence on the internet, wondering whether people are even listening. "They just need to focus and be determined to push through," Molini says.

Some tips for beginners:

  • Establish a presence on social media including LinkedIn, Twitter and FaceBook. "Have a social media strategy," says Power. "To be able to build a compelling online profile, think it through -- what matters most to you? Understand the online medium and its potential for harm and good. What kind of information will strengthen your profile? Who should you connect with? Which online channels should you rely for incoming relevant content and news?"

  • Join information security groups available online, including The Information Risk & Security Job Forum, The Global Information Security Professionals Group etc. Participate in relevant discussions and add your comments to perspectives and viewpoints.

  • Join and actively participate in email distribution lists and forums initiated by professional organizations such as ISC2, ISACA and SANS.

Online Branding for Mid-Career

Phil Foley is a senior security analyst for governance, risk and compliance program with Verizon Cybertrust Security. As a mid level security practitioner, Foley is actively engaged in building his online identity by:

  • Participating in LinkedIn groups and discussions;
  • Maintaining close ties and volunteering with associations such as Norwich alumni group, ISC2, RSA and SANS;
  • Speaking at events such as InfraGard and Norwich Symposium;
  • Writing blogs and articles on his company's website.

"At my level, security folks cannot afford to be shy," he says. "We need to be in the mainstream, develop inner groups, expand network and gain visibility to move into the next phase."

The main benefit for him in building an online brand is getting recognized by the security industry and being able to participate in inner security groups and share with leaders what he sees working in the trenches. He spends a good three-to-four hours per week investing in his online brand.

At Foley's career stage, professionals play roles of increased responsibility, such as a lead security analyst or a senior security engineer, and are on their way to be promoted into senior management positions. "It is in this phase that online identity transcends into a personal brand," says Molini, and practitioners need to focus on establishing their credibility by showcasing themselves as subject matter experts.

Some tips:

  • Start a blog on any of the social media sites or within your organization's website. "Blogging is a great way to share your expertise, build community, and position yourself as a niche expert," says Molini. It is probably the best way to build credibility and will exponentially increase an individual's search results and visibility.

  • Participate in industry conferences, associations and events such as RSA and WhiteHat, in the capacity of a speaker. Get involved in the associations' networking opportunities. Contribute to online discussion forums, and present teleseminars and/or webinars.

  • Reach out to professional organizations such as ISSA, ISC2, as well as local community colleges to volunteer and teach young professionals within your niche subject area.

  • Write and publish relevant papers, books and articles on a regular basis, and set up an account and personal profile with top booksellers (Amazon, Barnes and Noble, etc.). Review books that are relevant to your field and areas of expertise. Your reviews and profile will rank high in your search results.

  • Launch your own website and online career portfolio -- a single resource for all your career and achievement activity. Create a vivid comprehensive package illuminating your career history, strengths, passions, brand attributes and value proposition.

Online Branding for Leaders

Here are few steps Richard Power has taken toward building and managing his online identity:

  • Social Networking -- He has built a very active presence on LinkedIn and spends 15-20 minutes every week visiting and participating on few relevant security groups such as the information security expert center, information security community, CSO forum and the national information security group. Here he interacts with industry peers on security topics, provides suggestions, opinions and responds to questions.

  • Blogging -- He voices his opinion and thoughts on relevant security issues on Cyblog maintained by Carnegie Mellon University. He spends two-to-three hours per week creating insightful content and stays up to date on most news channels to have a good inflow of information.

  • Writing -- He has authored five published books, including "Secretes Stolen, Fortunes Stolen: Preventing Economic Espionage & Intellectual Property Theft in the 21st Century" and "Tangled Web: Tales of Digital Crime from the Shadows of Cyberspace."

  • Speaking -- He has been a featured speaker for various associations such as the Information Systems Security Association, High-Tech Crime Investigators Association, Purdue University and internationally at the Information Security World held in Sydney, Australia.

In this career stage, individuals are already recognized for their security leadership roles. "Online personality is more about online reputation," says Molini.

"It is all about how security leaders respond and put in efforts to maintain their online reputation," says Power. How do they handle people who disagree with them? How open are they with the community on relevant security issues? They need to share their success story with others and tell them "why they're on the top," adds Power.

Some tips for leaders:

  • Reach out and mentor the security community by actively participating and carrying an authoritative voice on security in conferences, events and online forums.
  • Become a board member in security associations such as ISC2, ISACA and SANS to provide direction and guidance to industry professionals.
  • Reach out to educational institutions and be a regular guest speaker on security topics, as well as become their industry affiliate to guide their curriculum initiatives.
  • Write blogs on leadership and security issues more from a "macro perspective," says Power. Consider publishing a book on security leadership or other relevant topics.
  • Reach out to major publications within the industry and get featured as a columnist, blogger or contributor focusing on making a difference within the industry.

"Online identity is all about being in the security game or being left behind," Molini says. "The security profession is all about online reputation, and this is the time for practitioners to invest in developing a certain personal brand that can carry a consistent message throughout both online and real life."


About the Author

Upasana Gupta

Upasana Gupta

Contributing Editor, CareersInfoSecurity

Upasana Gupta oversees CareersInfoSecurity and shepherds career and leadership coverage for all Information Security Media Group's media properties. She regularly writes on career topics and speaks to senior executives on a wide-range of subjects, including security leadership, privacy, risk management, application security and fraud. She also helps produce podcasts and is instrumental in the global expansion of ISMG websites by recruiting international information security and risk experts to contribute content, including blogs. Upasana previously served as a resource manager focusing on hiring, recruiting and human resources at Icons Inc., an IT security advisory firm affiliated with ISMG. She holds an MBA in human resources from Maharishi University of Management, Fairfield, Iowa.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.