Your Ad Here: Helping your organization build their security brand

Transcript

1. Your Ad Here Helping your organization build their security brand

2. About Me 🍃 Leif Dreizler Present • Senior Eng Manager

   @ Semgrep • Co-host of “404: Security not found” • Conference organizer for LocoMocoSec • Start-up investor & advisor Past • Senior EM, Security Features @ Twilio Segment • Chapter Leader for OWASP Bay Area • Conference organizer for AppSec California @leifdreizler @404pod

3. About Me 󰣺 Present • Start-up advisory (& chump-change investor)

   • Keynote and conference speaker, podcaster Past • Practitioner for 19 years • CISO at Segment and Twilio • Keynotes: Global Appsec DC, LocoMocoSec @coleencoolidge (dm me for startup advisory help) Coleen Coolidge

4. What we’ll talk about • The benefits of having a

   team that’s engaged with the community • Creating and reinforcing a culture where you are rewarded for this • How to promote your team’s work and extend its reach • How-to: Tips for writing blogs and speaking at event <link to slides>

5. Disclaimer! • This is by no means required to have

   a successful career • Some people in InfoSec have great careers and never do any of this • There are plenty of good reasons not to share your work publicly • However, if you’re able to do this, you’ll reap tons of rewards…

6. Security Community Involvement Creates the Teams You Want to Be

   on 󰢢󰚐 󰭊󰭃 󰭈

7. Helps you build your Security Dream Team

8. semgrep.dev/about/careers Security Engineering Manager, Vulnerability Research

9. Benefits for recruiting

10. Benefits for career growth

11. Creating a Culture of Rewards ✨🏆 ✨

12. Create the culture: Leaders need to do some work first

    • Lead the speaking and writing effort; then lead the 📣 📣 📣 • Update job ladders and career dev plans; come for the “hiders” Infosec Leaders Infosec Team

13. Create the culture: Leaders need to do some work first

    • Lead the speaking and writing effort; then lead the 📣 of others • Update your job ladders and career dev plans; come for the “hiders”

14. Create the culture: Rewards • Reward communications & leadership results

    with promos, raises, stock, etc. • Proudly shout-out the work that helps us jump ahead in our roadmap ⭐

15. Are you an IC who is struggling to get traction?

    • Engineering not excited to work on your tickets, or talk to you? 😬 • Are you struggling to move up the ladder at work? 💥🪜 • The common denominator could be you… so 🤒 • Lean into Communication & Leadership to help you bulldoze ftw! 🚜🏆

16. Are you an IC who is struggling to get traction?

    • Engineering not excited to work on your tickets, or talk to you? 😬 • Are you struggling to move up the ladder at work? 💥🪜 • The common denominator could be you… so 🤒 • Lean into Communication & Leadership to help you bulldoze ftw! 🚜🏆

17. Benefits ICs can expect • You tricked engineering into doing

    some of your work 😜 • Your promo packet just got easier to write 💰 • The common denominator is you crushing it with Comms & Leadership 📣󰘽

18. Tracking • Originally, we were self-motivated, posting updates in a

    confluence doc • Semi-automated v2 super edition, powered by Discernible • https://discernibleinc.com/contact

19. Extending Your Reach ✨󰢍 ✨

20. • First ask your team to post • Send the

    links to your friends in the industry • Post in industry Slack/Discord/etc. groups • Sites like Hacker News The power of social

21. Blog analytics

22. None

23. Personal promotion

24. How to Write Blogs and Speak at Events 󰞦 󰟜

25. Outline -> ??? -> Profit (Leif) • Outline -> Blog

    • Outline -> Conference CFP submission • Blog -> Podcast • Blog -> Meetup or conference presentation

26. Tips for outlining • Write everything down • Don’t get

    bogged down by structure or organization • It’s okay if outlining takes weeks or months

27. Foundational work • Documentation-first culture • Team demos • Company

    all-hands/internal conferences

28. Idk what to write about • Keep a personal hype

    list • Reflect on what you’ve worked on over the last year • It does not matter if other people have written about the same topic
29. None

30. Some blog tips • Story vs. tutorial • Introduce yourself,

    the problem, and your world • Make the reader feel your pain

31. Blogs ➡ Public Speaking

32. Why podcasts? • Easy-mode presentation with less prep • Podcasters

    desperately need content • Low risk of messing up!

33. Tips for podcasts

34. Anatomy of a Call for Presentations/Papers (CFP) • Title •

    About You • Abstract • Outline
35. None

36. Title • Straightforward and descriptive ◦ “How to build a

    security team and program” • Fun and descriptive ◦ “A hipster history of CORS” • The two-parter ◦ “Your Ad Here: Helping your organization build their security brand”

37. Title formats to avoid • Anything that is super played

    out • Any sort of sexual pun or innuendo in your title 🏻

38. About you • Professional history • Some interesting things you’ve

    worked on • Events you’ve spoken at? • A fun fact about yourself? • Links to past podcasts/conference talks?

39. Abstract • Short enough that people read it • Not

    so short they have no idea what you’re going to talk about • Succinct, yet thorough

40. Example Abstract from Global AppSec SF 2022

41. Outline • Write your outline first • Outlines are not

    typically shared with attendees • Outlines show reviewers you’ve thought about the topic • Appropriate length is important

42. Peer review

43. CONGRATS! You’ve been accepted! 🥳 → 😰

44. Tips for meetups, conferences, and keynotes Best SBUX graphic ever

    from Readers’ Digest

45. Meetup talks tips - the Tall • Easy to get

    accepted • Wide variety of accessible topics; length is between 5-45 minutes • Tone is informal, audience is 😌, emphasis is “just share stuff”

46. Possible meetup/conference ideas • Security tool or new process •

    Educational • Predictive or inspirational

47. Conference talks tips - the Grande • A bit harder

    to get accepted (use the tips!) • Wide variety of accessible topics; length is between 25-45 mins • Tone is informal; audience came to learn from you (and/or stan you) Who doesn’t love a good Parks and Rec reference?

48. Keynotes tips: the Venti • Harder to get accepted •

    Wide variety of accessible topics; length is generally between 25-45 mins • Tone is semi-formal; audience is all types • You’re going to worry and dither more - CHILL OUT From iStock

49. Peer review & prep From Pexels

50. A note about nerves https://youtu.be/JRCzNmmPJNA

51. Closing • Help your recruiters! • Grow your team’s careers

    and track your work • All things start with an outline • Abstract and title - attention grabbing, informative and not creepy • Use your network to promote your team’s work • All talks are basically the same; so relax - you got this!

52. @leifdreizler @404pod @coleencoolidge https://semgrep.dev/about/careers Startup advisory help: DM me <link

    to slides> https://leif.substack.com