We constantly hear about the security scourge that is social networking, whether it's Facebook being used for social
engineering, or worms and privacy breaches threatening Twitter. But some information security professionals have adopted social networking tools, often using the sites to advance their network, personal brand and career. There are still many security pros, however, who don't have a solid understanding of how social networking can be used to their benefit.
In this month's column, we'll discuss how information security pros can use three of today's top social networking sites -- Facebook, LinkedIn and Twitter -- to advance their information security careers.
LinkedIn: Career-specific social networking
The most commonly used and best understood career-specific social networking tool is LinkedIn. LinkedIn is designed for professional networking and job searching and has a wide adoption rate among information security professionals. The site allows a member to create a profile that serves as an online equivalent to his or her resume. LinkedIn users can then create connections throughout the network to other people, organizations and special interest groups.
So, how should you use LinkedIn? Simply put, it's a great tool for researching your network and finding job information. We often talk about the importance of knowledge in career planning -- if your goal is to become a CISO, you should know what kind of experiences, education and qualifications that most CISOs have. LinkedIn is a fantastic resource for gathering that kind of information as it is based on the idea of "three degrees of separation." You are able to see information not only on the people you know, but their connections and the people who are connected to them. As an example, Mike Murray, fellow security professional and co-author of this article, has 366 connections as of the date of this writing. That gives him access to almost 5.7 million people at the third degree of separation.
This makes LinkedIn an incredibly helpful research tool for job hunters. For example, suppose that you're about to go in for a job interview with Mike Murray to work for him as a consultant. By looking at his LinkedIn profile, you could discover where he went to school, some of his interests, and his blogs and online websites. This information could be incredibly useful to create a connection with him during the interview process.
Facebook: Building business, information security career contacts
While most think that Facebook is primarily aimed at students or is just another way to keep up with old high school or college classmates, Facebook is, in fact, quickly becoming a tool for maintaining business networks. (Mike, for example, has more business contacts than personal ones on his Facebook.)
Facebook's main business and career use is to maintain strong relationships with your network. Once you have made the connection during the interview process, for example, Facebook is a great way to keep the communication lines open. In the "old days," networking required that you send mail or pick up the phone each time you wanted to keep in contact. Facebook, which allows members to add "friends," send them messages and share information, can be used to maintain that contact quickly and easily.
While we spoke about the research benefits of LinkedIn, Facebook is more targeted at maintaining close relationships. Facebook is a place to share interests, pictures and short messages; it allows two people who are connected to follow each other's lives in a way that isn't possible (without a lot of effort) through email or the phone. This means that you can forge more genuine and deeper relationships with members of your networks. Through Facebook, acquaintances and co-workers can become close friends, and former bosses can become mentors This additional connection to the members of one's network can enhance your career. (Note: It can also be dangerous if you give out too much information, but that's a topic for another article.)
While it may seem somehow uncouth to some members of the older generation to network and keep in touch through a social networking site, it is becoming increasingly acceptable. As an example, Mike recently received a wedding invitation via Facebook -- his contact didn't send out paper cards, but invited all of his friends to the Facebook "event."
Twitter's popularity has exploded in 2009, but it is the most often misunderstood social networking tool. We often hear comments that suggest that Twitter, a microblogging service that allows its members to send short messages (also known as "tweets"), is a "waste of time" and "useless." However, for those who learn to use it, Twitter is an opportunity to use the collective knowledge of the security industry to one's advantage. In fact, in writing this article, Mike (who is @mmurray on Twitter) used Twitter to gather opinions on how social networking has helped security professionals advance their career. Here are some notable responses:
The common theme should be obvious: The two main benefits of Twitter are as a tool for information gathering and as a way of building and expanding your network. In fact, there is a list of all of the security professionals on Twitter known as Security Twits. Just looking at that list should give you an idea of the breadth of the security community on Twitter, and the people with whom you could connect.
Once you're on Twitter, your usage pattern is up to you. Some members of the security community seem to post updates at an almost frenetic pace, while some don't post for weeks at a time, preferring to lurk and listen. Some post only their own updates, while others jump in on the conversation, using Twitter almost as a pseudo-instant messaging client. The most important thing in using Twitter is that you're connecting with the parts of the information security community that you want to connect with and in a way that enhances your relationships, your knowledge and your career.
To put it simply: If you're not on each of the tools above, you're probably missing out on some potential opportunities to expand and enhance your career in the security industry. There are opportunities to research, learn and connect with others in the industry that you're probably not fully capitalizing on. Of course, this article wouldn't be complete without linking you to our profiles on the various social networking sites:
About the authors: The columnists, Lee Kushner and Mike Murray, bring with them different perspectives on career related topics. Together Lee and Mike have advised many information security professionals in various stages of their career development and are regular speakers at industry conferences on information security career-related topics. Their blog can be found at www.infosecleaders.com.
Lee Kushner is the President of LJ Kushner and Associates, an executive search firm that has been dedicated to the information security profession since 1999.
Mike Murray is an information security professional and career coach. Mike has held leadership positions in environments that include professional services, security product vendors, and corporate environments.