Once upon a time, I worked at a computer magazine put out by a large publishing company in NYC. When I wrote articles, they went through an associate editor, a senior editor, a copy editor, a managing editor, and the editor in chief before they ever made it to press. By that time, little of my original work—or my joy in the creation—had survived.
That’s why when I discovered blogging, my world was forever changed. At long last, I could communicate with the world directly, with no intermediary and no one to water down my ingenious (in my own mind) prose. What's more, I was finally free to write about the topics that I felt were important, whether or not my editors agreed.
The same is true in cybersecurity. Blogging is the perfect opportunity to share research and opinions that can help the entire industry craft more effective strategies. As the saying goes, “a rising tide floats all boats.” By exchanging ideas and disseminating information, we can all build better boats and keep more pirates out.
At Splunk, I work on a security research team that observes and collects data from attackers in the wild and then develops content to help with the detection and investigation of threats. The content we produce is free and can make a significant impact on the effectiveness of a company’s defenses. But if no one knows about it, does it really make a difference? (Hypothetical tree, I'm looking at you.)
Sadly, the security industry is typically reluctant to share information. Part of the reason is that security, by definition, is about guarding information. It's a culture of secrets. The other reason is financial. Many companies protect their defense artifacts (such as antivirus or firewall signatures), since they can provide a lucrative source of revenue.
I wonder how much we could strengthen our collective defenses if we all worked together.
But Who Cares?
While it’s a noble goal to want to help make the world a safer place, blogging can also help you build your career and boost your visibility in the security community. Here's a little secret that I've learned in my years as a writer: when people see your name in print—and it's not a police report—they think you know stuff. So, if you want people to think you know stuff, you should start blogging!
An interesting example is Brian Krebs, whose blog (www.https://krebsonsecurity.com/) is practically ubiquitous. He's so well known that it would be easy to assume that he's an experienced analyst with degrees in IS. Nope. He's an investigative journalist who has developed great subject-matter expertise. Adam Levin, author of "Swiped," a book about the rise of identity theft, also has a very well-known security blog. Like Krebs, Levin did not study security. His rise was due to the fact that he had a lot to say and was able to say it in a credible, engaging fashion.
If Krebs and Levin can make a name for themselves in the field as "experts," you can, too.
So, how will people find out about your blog? If you're not writing it under the auspices of your company, you can look for sites that will accept guest contributions, such as https://www.cybersecurity-insiders.com and https://cybersecurityzen.com. You should also share your posts on social media, including LinkedIn, where potential employers can find them. You never know who might be reading.
The bottom line is that blogging can do double duty, helping to make the world a safer place while simultaneously boosting your career. So, get out there and write some wrongs!