How To Build Your Professional Brand!

• 26 June 2024
• work

If there's one thing we strive for here at the CrankySec HQ is helping people. You already know that you can hire me and/or my friends to literally fix everything that's wrong with your cybersecurity program for the low, low price of $5,000,000.00. Cash. What you may not know is that we're also great at soft skills and personal branding. Don't believe us? Check this shit out!

Zhuzhing Up Your LinkedIn Profile #

Your LinkedIn profile is absolutely critical for your career development. It's the place you go to get noticed, share profound thoughts, engage in meaningful debates, and keep abreast of the latest and greatest industry developments. Come for the great content, stay for the plethora of job openings that will pitch you against hundreds of other applicants while asking you to create yet another Workday account and re-enter every piece of information that's already in your CV. Are you a veteran by any chance? No? Well, we need to ask again just in case because there's no way for Workday to know that information that you just added to another application on Workday.

Without further ado, here's the secret sauce!

1. Don't write "Application Security Consultant at Company XYX" in your bio. That's boring. Instead, say "I help companies secure their applications to withstand the barrage of attacks from Nation States that are definitely out to get you even though you just sell bathroom fixtures | Board Member | Ex-FAANG | VC | AI Researcher | CPA | Baltimore Orioles Season Ticket Holder." You might run out of space, but don't let that stop you. You're an application security guy, figure it out. Not a member of any board? That's fine. No one's checking.

2. Every time you see a "Collaborative Article" that was "Powered by AI and the LinkedIn community", pitch in! Three of those and maybe you'll be considered worthy of a badge that says "Top Voice." There's no way for anyone to verify any of this, so write some vague platitudes, get your fake badge, and wait for the 6-figures job offers to start rolling in! Don't know what you're talking about? Who cares? This is going to train some AI anyway, so there's no way your dumb advice will make that much of a difference one way or another!

3. That one GIF that simplifies computing concepts that would normally need several books and years to fully understand? Like, comment, and share! Ain't nobody got time for "reading" and "understanding." Just comment "Well said." or "Brilliant!" or "Commenting for reach!" Never, ever say "This is wrong, stupid, dumb, inaccurate, and dangerous." That would make you difficult and abrasive™️

4. Post some motivational stuff that probably belongs in r/im14andthisisdeep. Do not forget to add "Agree?" at the end.

5. Those vendor 'briefings' and 'capabilities demos' and other nonsense 1-hour sales pitches pretending to be something useful? If you attend any of them, you are now a LinkedIn expert in that technology and its related competencies! Update your online resume and have your coworkers circle-j.. collaboratively endorse each other!

CFPs and your "research" #

1. First of all, make sure you have some buddies sitting at the committee selecting who gets to present. There are about 200,000 cybersecurity conferences happening at any given moment across the globe, so, statistically speaking, you're bound to know someone who's selecting papers. See "Networking. No, the other kind" below.

2. Find some impossible to replicate vulnerability in an impossible to find piece of software that no one uses. Actually, just point a fuzzer at anything you come across, really. Found some 0-day that's actually relevant? Save that shit for bug bounties and/or sell it to the NSA. It doesn't matter if your research has no practical applications IRL, what you want is to add "Award winning speaker" to your LinkedIn.

3. Submit the same paper to every single security conference on the planet. As they say: "Research once, present many." This way you'll work for, like, 2 weeks, and travel the other 50.

4. Your research makes no sense? Just make some shit up and, when it's time to demo, pretend your HDMI port doesn't work and blame it on the "demo gods."

5. Have no talent for public speaking? Your research should not be presented in this format? Your delivery is dull and boring? Who gives a shit? No one's paying attention. People are here to get out of the office, get wasted, and enjoy some nose beers. No one cares about your Python script.

6. If all else fails, host your own virtual conference with some friends and say its the new hotness of talks rejected by other conferences — make sure your Zoom link is incorrect so nobody can attend and realize you made up the whole conference for some fake online cred and so you could submit some bullshit CPEs nobody will care to review.

Networking. No, the other kind #

1. Take note of every CISO, Virtual CISO, Part-time CISO, and Fractional CISO you come across. Add them on LinkedIn. Focus on those who self-describe as "Award winning" or "Top-rated". Comment on everything they share with "Well said." or "Brilliant!" or "Commenting for reach!" Never, ever say "This is wrong, stupid, dumb, inaccurate, and dangerous." That would make you difficult and abrasive™️.

2. While you're at it, send them a DM just so you're top of mind.

3. Go to as many conferences, happy hours, ISACA chapter meetings, karaoke nights, and Hacker Jeopardy events as you can. Train your nose to overcome the side-effects of having a bunch of people who don't shower after 3 days in the Nevada summer gather in a confined space, and you'll be way ahead of the competition with more sensitive noses.

4. Minority? Train you brain to overcome the side-effects of a bunch of people "well, actually"-ing you, and explaining your personal experiences to you. Smile and nod!

Interviewing #

1. I know this is getting dangerously close to fiction because getting a job interview is something out of the realm of fantasy these days, but it doesn't hurt do be prepared: Ask the AI about the company you're interviewing with, and call it a day. Don't fact-check the bot or anything like that. If you follow this guide you'll have more inteviews that you can handle, so optimize for time.

2. Sensing that your interviewer isn't paying attention to a god damned thing you're saying because this position was already filled weeks ago by someone internal? Don't say "It looks like this is not a good fit. Let's respect everyone's time and end this charade here because I have things to do." That would make you difficult and abrasive™️ and jeopardize your chances of letting this company waste your time in the future. Be grateful for the opportunity of helping the recruiter check the "Interview 5 people no matter what" box.

3. Didn't get the gig? No worries! Harass the hiring manager on LinkedIn and demand satisfaction. Request a trial by combat if that's what it takes to adjudicate the matter. Do not take no for an answer because no one likes a quitter.

4. Assert dominance and turn the tables. Ask them what their future profitability looks like as a potential investor in their amazing employee stock peonage purchase program. Ask them how they can put the YOU in RSU!

Conclusion #

All this can be summed up by the following sentence: Do not be sincere. Do not stick to your principles. Do not fight against things that are wrong. Lower your head, lower your voice, and be compliant. Lest you become that person who's difficult and abrasive™️.

Be a good citizen and send me your first paycheck after you land that dream job by following these rules.

• Previous: This is a call