A Blueprint for Branding: Authentic Ways to Establish your Public Persona

Transcript

1. A Blueprint for Branding: Authentic Ways to Establish your Public

   Persona Leif Dreizler Misha Yalavarthy

2. About Us • 20+ years of combined InfoSec experience •

   Working together at Semgrep • Start-up investors/advisors Misha • Previously: Sentry, Cloudflare, and ServiceNow Leif • CFP Reviewer for OWASP • Previously: Segment and Bugcrowd Misha Kuenstner (neé Yalavarthy) Leif Dreizler /leifdreizler /mishakuenstner

3. What’s Semgrep? Semgrep Code Scan code you write Semgrep Supply

   Chain Scan dependencies Semgrep Secrets Scan for exposed credentials 3

4. Agenda • Benefits of having an engaged team 🤝 •

   Tips for finding your voice 🗣 • Blogging, podcasting, and conference speaking 🎙 • Fostering a culture of rewards 🏆 • Promoting your work 📣 <link to slides>

5. Helps you build your Security Dream Team

6. Finding Your Voice 🗣

7. None

8. How to authentically share • Identify your strengths, positive traits,

   skills • What inspires you? What motivates you? • Why do you want to share? What may be holding you back? • Figure out what feels authentic to you to share

9. Define Success • 1 blog/quarter • 2 CFP submissions/year •

   Creating conversation • Certain number of subscribers for your newsletter

10. Getting started • Present internally or with trusted teammates/managers Completed

    Projects Sources of inspiration Incidents Retros Team Roadmaps

11. Remember… Your experience is unique. You never know when someone

    is going to read your story and learn something new. You might inspire someone else to approach a familiar problem in a new way.

12. How to Write Blogs and Speak at Events 󰞦 󰟜

13. Outline Blog Conference CFP

14. Some blog tips • Story vs. tutorial • Introduce yourself,

    the problem, and your world • Make the reader feel your pain

15. Blogs ➡ Public Speaking

16. Outline Blog Conference CFP Podcast Conference Presentation

17. Anatomy of a Call for Presentations/Papers (CFP) • Title •

    About You • Abstract • Outline

18. Title • Straight forward and descriptive ◦ e.g. How to

    Build a Security Team and Program • Fun and descriptive ◦ e.g. A Hipster History of CORS • The two-parter ◦ e.g. A Blueprint for Branding: Authentic Ways to Establish your Public Persona

19. Abstract • Sell the CFP reviewers • Succinct, yet thorough

    • Drive people to attend your talk

20. Outline • Write the outline first • Outlines are typically

    not shared with attendees
21. None
22. None

23. AI • Write the outline without AI • Use AI

    to help you iterate on the Title, Abstract, etc. • Include a description of the conference, the audience you’re targeting • Copy in relevant guidance, e.g. Preparing for CFPs from my blog • Please 󰚦 make sure everything the AI contributes represents you well

24. Creating a Culture of Rewards ✨🏆 ✨

25. Benefits for career growth

26. Create the culture: Leaders need to do some work first

    • Lead the speaking and writing effort; then lead the 📣 📣 📣 • Update job ladders and career dev plans; come for the “hiders” Infosec Leaders Infosec Team

27. Create the culture: Leaders need to do some work first

    • Lead the speaking and writing effort; then lead the 📣 of others • Update your job ladders and career dev plans; come for the “hiders”

28. Create time and space • For managers and leaders: Normalize

    making progress on this type of work during work hours • Set aside time during work hours to work on blogs, presentations, etc

29. Extending Your Reach ✨󰢍 ✨

30. • First ask your team to post • Send the

    links to your friends in the industry • Post in industry Slack/Discord/etc. groups • Sites like Hacker News The power of social

31. Blog analytics

32. Personal promotion

33. Establishing yourself in the community • Text •

34. https://www.vulnu.com/

35. Closing • It does not matter if other people have

    written or spoken about the same topic • Everything starts with an outline • Use AI appropriately • Create a culture that rewards community involvement • Use your network to extend your reach • Use your content to grow your community

36. 11 am today - Vasilii Ermilov Most common vulnerabilities in

    Github Actions: Takeaways from mass scanning open-source Github repos 10 am tomo - Vasilii + Milan Williams Finding bugs and scaling your security program with Semgrep

37. Questions? /leifdreizler /mishakuenstner <link to slides> https://semgrep.dev/about/careers/ https://leif.substack.com https://mishayalavarthy.com