Upgrade to Pro — share decks privately, control downloads, hide ads and more …

A Blueprint for Branding: Authentic Ways to Est...

Avatar for Leif Leif
April 17, 2025

A Blueprint for Branding: Authentic Ways to Establish your Public Persona

Investing in building your brand and engaging with the Security community can be incredibly rewarding.

Sharing your work with the Security community helps advance and evolve the industry. Teams are often facing similar challenges and can learn a lot from each other’s experiences. And it is also personally rewarding.

It can help you secure your next role, attract talented people to your team, and open unique opportunities like becoming an advisor or a guest appearance on a podcast. Sharing your work with others builds and establishes your expertise in a given area. As you develop your brand, you will learn more about yourself—what inspires and motivates you, your strengths, and what feels most authentic to you.

Don’t worry if this seems daunting! Your brand can be built over time, and not everyone needs to be a security celebrity. Even one blog can positively impact the security community.

During this session, we will share effective strategies for building your personal Security brand, provide tips to positively transform your public persona and reputation, and encourage a culture where others in your company feel motivated to engage more with the community.

Avatar for Leif

Leif

April 17, 2025
Tweet

More Decks by Leif

Other Decks in Education

Transcript

  1. About Us • 20+ years of combined InfoSec experience •

    Working together at Semgrep • Start-up investors/advisors Misha • Previously: Sentry, Cloudflare, and ServiceNow Leif • CFP Reviewer for OWASP • Previously: Segment and Bugcrowd Misha Kuenstner (neé Yalavarthy) Leif Dreizler /leifdreizler /mishakuenstner
  2. What’s Semgrep? Semgrep Code Scan code you write Semgrep Supply

    Chain Scan dependencies Semgrep Secrets Scan for exposed credentials 3
  3. Agenda • Benefits of having an engaged team 🤝 •

    Tips for finding your voice 🗣 • Blogging, podcasting, and conference speaking 🎙 • Fostering a culture of rewards 🏆 • Promoting your work 📣 <link to slides>
  4. How to authentically share • Identify your strengths, positive traits,

    skills • What inspires you? What motivates you? • Why do you want to share? What may be holding you back? • Figure out what feels authentic to you to share
  5. Define Success • 1 blog/quarter • 2 CFP submissions/year •

    Creating conversation • Certain number of subscribers for your newsletter
  6. Getting started • Present internally or with trusted teammates/managers Completed

    Projects Sources of inspiration Incidents Retros Team Roadmaps
  7. Remember… Your experience is unique. You never know when someone

    is going to read your story and learn something new. You might inspire someone else to approach a familiar problem in a new way.
  8. Some blog tips • Story vs. tutorial • Introduce yourself,

    the problem, and your world • Make the reader feel your pain
  9. Title • Straight forward and descriptive ◦ e.g. How to

    Build a Security Team and Program • Fun and descriptive ◦ e.g. A Hipster History of CORS • The two-parter ◦ e.g. A Blueprint for Branding: Authentic Ways to Establish your Public Persona
  10. AI • Write the outline without AI • Use AI

    to help you iterate on the Title, Abstract, etc. • Include a description of the conference, the audience you’re targeting • Copy in relevant guidance, e.g. Preparing for CFPs from my blog • Please 󰚦 make sure everything the AI contributes represents you well
  11. Create the culture: Leaders need to do some work first

    • Lead the speaking and writing effort; then lead the 📣 📣 📣 • Update job ladders and career dev plans; come for the “hiders” Infosec Leaders Infosec Team
  12. Create the culture: Leaders need to do some work first

    • Lead the speaking and writing effort; then lead the 📣 of others • Update your job ladders and career dev plans; come for the “hiders”
  13. Create time and space • For managers and leaders: Normalize

    making progress on this type of work during work hours • Set aside time during work hours to work on blogs, presentations, etc
  14. • First ask your team to post • Send the

    links to your friends in the industry • Post in industry Slack/Discord/etc. groups • Sites like Hacker News The power of social
  15. Closing • It does not matter if other people have

    written or spoken about the same topic • Everything starts with an outline • Use AI appropriately • Create a culture that rewards community involvement • Use your network to extend your reach • Use your content to grow your community
  16. 11 am today - Vasilii Ermilov Most common vulnerabilities in

    Github Actions: Takeaways from mass scanning open-source Github repos 10 am tomo - Vasilii + Milan Williams Finding bugs and scaling your security program with Semgrep