Monday, June 23, 2014

OPINION: 10 Simple Rules Every Security Professional On Social Media Should Think About

Social  media can be a great thing at times. It can connect you with other professionals, allow you to sound off on things in our industry, advertise your services, and even give you new insight into security matters. However, it can also be a very dangerous tool. Countless times, I've seen security professionals realize this inherent truth much too late. In every social interaction, there is an implied trust with our fellow netizens they will abide by certain unspoken "rules". Often, they do but more than often, they do not. I'd like to share a few rules that can help mitigate the risks associated with combining your personal and professional social media personas.
  1. Be humble and listen to everyone's opinion. There seems to be a rash of security professionals who believe the best way to interact with those who disagree with them is to be brash and rude regardless of the interaction. Sometimes, it calls for being a bit brash and rude. However, I find it often does not. Don't make being adversarial a part of who you are on social media. You could potential "scare away" potential clients or employers. Don't be "that" guy. Seriously. If you don't want discourse, then social media is not the place for you. Chances are just because you're awesome in what you know doesn't mean you're awesome in all things you claim to know. Sometimes, other folks have legit ideas we can learn from. You don't always have to be right. A simple "I never thought of it that way" goes a long way.
  2. Keep your "circle" small. A while back, I went to "private" on all of my social media accounts. Why? Am I talking secret stuff I don't want others to know? No. I just realized how much better my social media experience is by keeping my audience relatively small. Think of it like how you rate schools based on student-to-teacher ratios. Do you really want to have to interact with 90,000 people you don't know? Also, by keeping your "circle" small, you pick the people you want to interact with. There's a danger here, though. By being selective, you run the risk of limiting the amount of data you receive and it can enable subjectivity to some extent. With that being said, I'll add my next rule.
  3. Interact with people who provide value and not an ego boost. When I went "private", I noticed I was far more selective and I tended to interact with people who "liked" my comments less and interacted more. There's a trap by having loads of people "like" everything you post. It can lull you into a false sense of security that you're a "big deal" and immune to legitimate criticism. Remember, this is the Internet. Just because you say awesome things does not mean people think you're awesome. You will make people upset sometimes. That's life. Some attacks will be personal. That is also life. Deal with it. My mother provided me with the best sage advice I've ever heard and will never forget - "Not everyone that smiles at you is your friend and not everyone who frowns at you is your enemy."
  4. Don't say or do anything on social media you can't tell your mother or boss about. Seriously, you can limit half the drama that comes your way by just abiding by this simple rule. More professionals get involved in more drama online than they should because they forgot this. What does this mean? Don't write checks with your status updates your career and personal life can't cash.
  5. Keep it real. I've written in the past about "experts" and how often it is easy to confuse real expertise with implied expertise. If you're really knowledgeable about something, feel free to talk about it like you do. If you're not, then take it easy and try to "stay in your lane". Many people find themselves in trouble when they forget to do this. Why? Everyone wants to be popular on social media and you don't get to be popular by staying in your lane all the time. Remember what I said about getting too many followers and "likes". Again, don't be "that" guy. When I'm talking to people on social media, I try my hardest to be upfront about what I know based on my experiences and from other sources. If you follow me on social media, you'll often read me telling people what's in my lane and what is not. I find when I do that, I receive much better interaction with professionals and I learn quite a bit more than I preach.
  6. Don't make your social media persona to be something you are not.  The downfall of many professionals on social media can be traced back to forgetting this rule. Quite a few security practitioners seem to believe in order to have value, they have to inflate who they are or what they've done in the past. More often than not, they're found out and revealed without prejudice. You don't have to fake a degree or have an awesome job title to provide value in your social media interactions. I'm more impressed by a person who is totally honest about being a janitor and knows a lot on a topic versus a janitor who pretends to be an "expert" security "guru. As I always say, "Game recognizes game."
  7. Use your manners. My advice to son is always, "I get more from pleases and thank-yous than I have ever gotten with a frown on my face." A simple "Thank you for the discourse" or an apologetic private message for an overly snippy comment has provided me with more value than my stubborness to concede a point ever has. With that in mind, as with everywhere you go in life, there will always be jerks. Try not to be one of them if you don't have to. Sometimes, a situation online may call for you to be one. I suggest resisting the temptation to do so and simply either ignore the other party or "block" them. This is the Internet and there are tools available wherein you can choose to be a jerk or not. At one point, my mother was a preacher's wife which is position replete with jealousy. She always told me, after an encounter with someone who she knew didn't like her, "Baby, sometimes, you gotta kill them with kindness."
  8. Some things are better said in-person. This is too easy to explain. Keep private things as private as you can because once it leaves your computer, you have lost complete control of it. If I'm in charge of human resources at a company you applied to or I'm a prospective client and I noticed your social media accounts are chock full of indiscretion, you're probably not a person I want to hire and for good reason. Whatever your intent was will not matter to someone who decides your fate with the click of button without having to ever talk to you.
  9. Never trust people to keep things private online. Salient advice I received from a friend once - "This is the Internet, nothing is as it appears." People are inherently untrustworthy. Why? Because they can always make disadvantageous decisions regarding you online without your knowledge and consent. There is very little you can do about this except following this rule. As the old adage from hip-hop goes, "Never trust a big butt and a smile."
  10. You don't have to be first to speak during a crisis to have value. The first time I became popular on social media was during Christopher Dorner's rampage through Los Angeles. I made a few points which were re-shared a lot. After that, it seemed like every other crisis, I was being called on to give my opinion. Not too long after that, I did some introspective thinking and realized I was being wasn't always being called on to give my opinion or insight - I was seeking it out. I had fallen into the trap. Why is this bad? The reason I took the time to think on this topic was I noticed I was sharing incorrect and highly subjective information. In other words, I was misinforming people. My "circle" was kind and quietly called me on some of it. Here's what I learned: Being first, often, means being first with the wrong information and relying on firsthand accounts. Anyone involved in the intelligence community will tell you how this leads to a degradation of analysis and eventual disregard of the analyst responsible. Take your time and give your insight when it's helpful.

About Us