The cybersecurity community is relatively small and very connected, and it is essential to grow and nurture a network. Who you develop relationships with can impact your chances in landing an internship, finding your dream job, or learning about a cool volunteer opportunity. It doesn’t matter what phase of your career you are in — it is never too early or too late to start making contacts. Below are some suggestions on growing your network based on my personal experience.
Develop your personal “elevator pitch” or the 30-second summary of what you are all about. Do not be apologetic about anything. Avoid saying “I’m just getting started in cybersecurity” or “I don’t have any experience”. Be interesting. State one thing you are passionate about and one thing that you would like to know more about. Be prepared to answer follow-on questions. For example, I usually describe myself as a network forensics enthusiast who is learning code disassembly.
There is no reason not to have a business card. Go to Vistaprint (or other vendor) and order some inexpensive cards. If you are feeling shy about not having a job in cybersecurity or your employer doesn’t provide them then consider them “calling” or “visiting” cards. My first business cards simply had my name, phone, email, and certifications, which at the time consisted only of CompTIA Network+ and Security+. Avoid business cards that cannot be written on, such as laminated, transparent, miniature, and other gimmicks (people like to write notes on the backs).
Twitter is big in this industry — use it. My recommendation is to tweet relevantly and not excessively. Keep it professional and do not inform the community of the mundane day-to-day aspects of your life. Be sure to turn off geolocation, but don’t make your account “private”, as it is counterintuitive to the open-sharing nature of the platform. Don’t be an egg! Show some personality and interest in the field. And don’t be that person who has 3 followers and is following 800 people. You’ll look like a bot to the rest of us and it will be hard to get followers.
Pointers for LinkedIn are similar to those for Twitter. Do have a picture, preferably somewhat professional. Flesh out your summary and include relevant experience, volunteer projects, degrees, and certifications. Don’t put all your job details on LinkedIn; those can be provided in your resume. Also, you must check your security settings and make sure not all your information is viewable to the world unless you want to make things easy for social engineers! When it comes to sending LinkedIn requests, avoid sending “blind” requests to people. If you do not know someone well then explain why you want to connect with them. On the flip side, if you are getting too many random requests from people you do not know, you can limit requests to only those who have your email address.
Organizations & Associations
There are many membership-based organizations in the information security industry and it is definitely worthwhile to join one or more. I belong to a few, including Women’s Society of Cyberjutsu, WiCyS, and Cybersecurity Association of Maryland. Organizations typically offer networking and training events and can be a great way to grow your network. They also provide volunteer opportunities that you can use not only to develop connections but also to build your resume. I’ve done volunteer work ranging from manning registration tables to training kids to conducting technical workshops.
I love meetups — they are a great way to learn new things while meeting new people. Meetup.com is a website that many organizations use to promote their events. Simply visit their site and type in “cybersecurity” and see what pops up in your area. If you can’t find any meetups in your area, consider starting one. The expense is minimal and you can use public venues for your gatherings.
Go to them! Find a buddy if you can or just go on your own. Start with smaller, less expensive conferences such as BSides. BSides cons happen all over the world and you will likely find one near you. The first security conference I ever attended was BSidesDC and it is still one of my favorites. When you go, divide your time between attending talks and networking. There is a phenomenon called “lobbycon” where people just hang out in the lobby of the conference venue and talk to each other. The keyword *gasp* is talk! We tend to be an introverted bunch in this field so this is not always easy. It helps to remember that it is hard for others else as well. Also, visit the vendors — you can get a pulse on who is hiring and for what positions, play a game or enter a competition, and pick up some swag. Note to vendors: pens, hand sanitizer, post-it notes and ladies cut T-shirts are good choices.
Some other good resources on networking:
Originally posted on LinkedIn December 2016. Updated for Medium November 2018.