Problem solve Get help with specific problems with your technologies, process and projects.

Top social networking sites to boost your information security career

Information security professionals who are not using LinkedIn, Facebook and Twitter could be missing out on potentially valuable opportunities to advance their careers. In this month's Information Security Career Advisor column, experts Lee Kushner and Mike Murray explain how workers currently in the information security field should use today's most popular social networking tools to enhance and expand their job opportunities.

We constantly hear about the security scourge that is social networking, whether it's Facebook being used for social engineering, or worms and privacy breaches threatening Twitter. But some information security professionals have adopted social networking tools, often using the sites to advance their network, personal brand and career. There are still many security pros, however, who don't have a solid understanding of how social networking can be used to their benefit.

In this month's column, we'll discuss how information security pros can use three of today's top social networking sites -- Facebook, LinkedIn and Twitter -- to advance their information security careers.

LinkedIn: Career-specific social networking
The most commonly used and best understood career-specific social networking tool is LinkedIn. LinkedIn is designed for professional networking and job searching and has a wide adoption rate among information security professionals. The site allows a member to create a profile that serves as an online equivalent to his or her resume. LinkedIn users can then create connections throughout the network to other people, organizations and special interest groups.

So, how should you use LinkedIn? Simply put, it's a great tool for researching your network and finding job information. We often talk about the importance of knowledge in career planning -- if your goal is to become a CISO, you should know what kind of experiences, education and qualifications that most CISOs have. LinkedIn is a fantastic resource for gathering that kind of information as it is based on the idea of "three degrees of separation." You are able to see information not only on the people you know, but their connections and the people who are connected to them. As an example, Mike Murray, fellow security professional and co-author of this article, has 366 connections as of the date of this writing. That gives him access to almost 5.7 million people at the third degree of separation.

Have a career question?

Need to jumpstart your information security career?
Send Lee and Mike your questions.
This is incredibly useful for research as you get broad access to the industry, even if you only know a few people. Mike can search the term CISO and learn about over 2,200 people with that job title. He can read about their backgrounds and their histories and learn about the histories and experiences that qualify one to be a CISO. You can take the same approach and look through your network to discover what else is out there.

This makes LinkedIn an incredibly helpful research tool for job hunters. For example, suppose that you're about to go in for a job interview with Mike Murray to work for him as a consultant. By looking at his LinkedIn profile, you could discover where he went to school, some of his interests, and his blogs and online websites. This information could be incredibly useful to create a connection with him during the interview process.

Facebook: Building business, information security career contacts
While most think that Facebook is primarily aimed at students or is just another way to keep up with old high school or college classmates, Facebook is, in fact, quickly becoming a tool for maintaining business networks. (Mike, for example, has more business contacts than personal ones on his Facebook.)

Facebook's main business and career use is to maintain strong relationships with your network. Once you have made the connection during the interview process, for example, Facebook is a great way to keep the communication lines open. In the "old days," networking required that you send mail or pick up the phone each time you wanted to keep in contact. Facebook, which allows members to add "friends," send them messages and share information, can be used to maintain that contact quickly and easily.

While we spoke about the research benefits of LinkedIn, Facebook is more targeted at maintaining close relationships. Facebook is a place to share interests, pictures and short messages; it allows two people who are connected to follow each other's lives in a way that isn't possible (without a lot of effort) through email or the phone. This means that you can forge more genuine and deeper relationships with members of your networks. Through Facebook, acquaintances and co-workers can become close friends, and former bosses can become mentors This additional connection to the members of one's network can enhance your career. (Note: It can also be dangerous if you give out too much information, but that's a topic for another article.)

While it may seem somehow uncouth to some members of the older generation to network and keep in touch through a social networking site, it is becoming increasingly acceptable. As an example, Mike recently received a wedding invitation via Facebook -- his contact didn't send out paper cards, but invited all of his friends to the Facebook "event."

Are you prepared for a 'career incident?'

Lee Kushner and Mike Murray explain how workers currently in the information security field should prepare for tough times and possible job loss.
Twitter: Helping security professionals gather information, expand their network
Twitter's popularity has exploded in 2009, but it is the most often misunderstood social networking tool. We often hear comments that suggest that Twitter, a microblogging service that allows its members to send short messages (also known as "tweets"), is a "waste of time" and "useless." However, for those who learn to use it, Twitter is an opportunity to use the collective knowledge of the security industry to one's advantage. In fact, in writing this article, Mike (who is @mmurray on Twitter) used Twitter to gather opinions on how social networking has helped security professionals advance their career. Here are some notable responses:

  • Kevin Riggins (@kriggins) said that Twitter is useful for its "ability to get answers to hard questions, pull on [a] broader set of experiences. ... It also shows I am engaged in the industry."
  • Richard Baker (@richardebaker) said: "I 100% owe my current gig to connections made on and thru Twitter."
  • Martin Fisher (@armorguy) said that social networks "have introduced me to people I'd never meet otherwise and extended my knowledge [and] access to ideas."
  • Damon Cortesi (@dacort) said that Twitter and other social networks "allowed me to contact/interact with some awesome people and resources I would otherwise not have had access to."

    The common theme should be obvious: The two main benefits of Twitter are as a tool for information gathering and as a way of building and expanding your network. In fact, there is a list of all of the security professionals on Twitter known as Security Twits. Just looking at that list should give you an idea of the breadth of the security community on Twitter, and the people with whom you could connect.

    Once you're on Twitter, your usage pattern is up to you. Some members of the security community seem to post updates at an almost frenetic pace, while some don't post for weeks at a time, preferring to lurk and listen. Some post only their own updates, while others jump in on the conversation, using Twitter almost as a pseudo-instant messaging client. The most important thing in using Twitter is that you're connecting with the parts of the information security community that you want to connect with and in a way that enhances your relationships, your knowledge and your career.

    To put it simply: If you're not on each of the tools above, you're probably missing out on some potential opportunities to expand and enhance your career in the security industry. There are opportunities to research, learn and connect with others in the industry that you're probably not fully capitalizing on. Of course, this article wouldn't be complete without linking you to our profiles on the various social networking sites:


    (Note: Lee keeps Facebook private to friends only)

    About the authors: The columnists, Lee Kushner and Mike Murray, bring with them different perspectives on career related topics. Together Lee and Mike have advised many information security professionals in various stages of their career development and are regular speakers at industry conferences on information security career-related topics. Their blog can be found at

    Lee Kushner is the President of LJ Kushner and Associates, an executive search firm that has been dedicated to the information security profession since 1999.

    Mike Murray is an information security professional and career coach. Mike has held leadership positions in environments that include professional services, security product vendors, and corporate environments.

  • This was last published in August 2009

    Dig Deeper on Information security certifications, training and jobs

    Join the conversation

    1 comment

    Send me notifications when other members comment.

    Please create a username to comment.

    Twtter and, to a lesser degree and despite the stigma it has, LinkedIn are where much of the conversation is carried out on a day-to-day basis. If you’re not on either of those, then you’re missing a large part of the conversation.