Building Personal Brand: From One InfoSec Student to Another

December 20, 2017 | CryptoCypher
X

Get the latest security news in your inbox.

Subscribe via Email

No thanks. Close this now.

Finding employment opportunities as a student is challenging, this is no new fact. Students are consistently facing troubles with seeking internships and co-op opportunities. I myself am a student, and I have found a solution that has been seemingly effective for career development thus far: personal branding. Personal branding helps students compensate for the work experience that we just haven’t had the opportunity of pursuing yet.

Personal branding includes building a personal “brand” that people associate you with. You probably have already started developing your own personal brand with personalized resumes and cover letters. These are essentials that our teachers always told us that we need growing up, and this is true; however, it is 2017, and with more students than ever before, the job market has become very competitive. The opportunities to find internships while an undergrad are still very much existent. We are going to take a look at what you can do to break away from the job searching norms by building your personal brand.

Personal brand plays a key role in developing your identity of an aspiring security professional. This article will help guide you to become the nontraditional student that you need to be to land interesting interviews.

The pitch.

“Could you tell me a bit about yourself?”

Be prepared to respond to this question comfortably at a moment’s notice. Know what your personal selling features are, and strut your achievements proudly and passionately, but not arrogantly. Knowing what to say in “elevator talk” situations allows us to network on-the-fly at any given moment.

The resume.

It is an obvious expectation of any serious employer that your resume looks good. Your resume will act as a professional summary of your identity, and employers will profile you accordingly. Dedicate some of your efforts to ensuring that your resume effectively and professionally reflects your skillset, goals, past experiences, and projects. Keep your resume up-to-date, and actively rework it when you can.

The business card.

Some people may consider a contact card as overkill, especially for students, but I disagree. The need for us to differentiate ourselves as students are becoming increasingly necessary, proportionate to the number of students being pumped out by academia and other routes for job-seekers to educate themselves.

I printed some contact cards using VistaPrint for my first few conferences (DEF CON, Black Hat USA, and HackFest), and I have received only positive feedback; in fact, the CEO of the cybersecurity firm that I will be interning at in May was impressed, responding “Wow, this kid has a business card? He’s serious.”

The act of handing someone a contact card alone will leave a professional imprint in their memory - this matters more than your actual point-of-contact information.

The blog.

Blogging is a good way to showcase your knowledge, labs, and experiences. Not only will having your own blog help spread information, but it will provide potential employers with a platform to view your past works. You can write blogs about technical challenges, Capture the Flag events (CTF), coursework, conference experiences, original ideas, educated opinions, and so forth. A blog will provide a prospective employer with an opportunity to acquire a more in-depth understanding of who you are and what you stand for.

You can also explore writing guest blogs for established names in the security industry! In some instances, companies may even provide you with a financial incentive for writing a guest blog.

A lot of people do not blog at all so just by having one you are already ahead of most students in that regard.

Conferences.

Most people spend their time at conferences taking notes while trying to follow along with the speaker, but this isn’t the case for me. Attending talks that you are interested in is a great idea, but do not fret missing one if you are having a good conversation or are meeting up with a contact. Conferences are a fantastic way to meet potential employers, especially since you are skipping HR and speaking directly with the people in charge of network infrastructure.

As Javvad Malik said in another AlienVault blog, “conferences are an absolute goldmine for knowledge. Education can be in the more formal environment of attending talks or workshops. But it can also come from informal avenues such as "hallway con" whereby there is no shortage of people discussing and sharing ideas. Often times these can be even more informative than formal presentations as more intimate details can be shared privately.” (Planning for an InfoSec Conference, Javvad Malik)

While I was at Black Hat USA and DEF CON, I spent the majority of my time networking with people; I honestly think that I attended a total of 6 talks between both conferences throughout the entire week. As a result, I ended up partying with staff of all levels at a ton of different companies, and a contact at Snap Inc. even reached out to me to discuss potential internship and mentoring opportunities.

While I was at HackFest in Quebec City, I met the cybersecurity firm that I will be doing an internship with in May just by chatting up one of the vendors, exchanging contact information, and meeting up for a coffee the following day. A coffee meeting then lead to a phone meeting from home which ended up leading to student summer employment in my desired field in a new province.

Conferences will sometimes provide discounted or free tickets to students, so if you are interested in a conference, definitely get in touch with the organizers. For example, Black Hat USA has their “Black Hat Student Scholarship Program” where they offer 100 complimentary Academic Passes to students who demonstrate their interest in Information Security. I personally took advantage of Black Hat’s most recent scholarship program, and I would recommend it to anyone with an interest in attending.

Additionally, you can use conferences as a resume booster by volunteering at them! Conference organizers are always looking for an extra pair of hands, so reach out to the community’s organizers, and someone will totally be willing to collaborate with you. Volunteering at conferences is also a great way to go about professional networking, considering that your peers will likely include established professionals. Sometimes they even cover hotel accommodations for their loyal volunteers.

If you have researched something that you are passionate about, then consider submitting for a CFP to be a speaker! Speakers typically receive the benefit of a free pass, sometimes hotel accommodations, and sometimes even travel accommodations. It is never too early to start speaking as long as you are prepared to carry your weight and do the prep work. Practice your talk as many times as possible before the event.

Hackathons.

A friend of mine was able to find an InfoSec internship at Telus because they did well at a hackathon. Many companies who participate with hackathons are also scouting for the sake of recruitment. So, show up, strut your stuff, talk to the right people, and you may end up leaving with an employment opportunity on your hands. Participating in hackathons is a good way to build relationships with your peers.

Hackalist.org provides “a list of upcoming hackathons from around the world”, and allows a user to filter hackathons by travel reimbursement offerings, prizes, cost, and whether or not they accept high school students. Hackathons are typically targeted at college students and InfoSec professionals.

A hackathon can also be a cheap way to travel! For example, I live in Ontario and PennApps offered to provide me with a floor to sleep on and a bus all the way to Pennsylvania State University.

Similar to conferences, hackathons can always use an extra set of volunteers. If there are no hackathons at your school, then consider starting one of your own. This looks very good on a student’s resume.

Simply by participating in events such as conferences and hackathons, people will associate your attendance with your personal brand.

Certifications.

Certifications are a hot topic in the tech industry, and they are HR’s best friend for screening applicants. While seeking an internship, prospective employers will likely care more about general competency and communication skills than they care about an intern’s certifications. During post-academia, certifications will become more valuable for proving your self-worth as a professional.

Entry-level Information Security certifications worth pursuing include CompTIA Security+, CCNA Cyber Ops, CCNA Security, among others. Do not just limit yourself to the scope of security certifications, though; consider certifications in the technologies that you are actually securing. For example, if you are interested network security, then it may be beneficial to pursue the CCNA Routing & Switching certification to prove your competency in traditional networking. If you are interested in cloud security, then it may be worth exploring AWS certifications. Any reasonable employer will value your diverse technical expertise beyond a tunnel-vision focus on security.

Consider applying to Cisco’s Global Cybersecurity Scholarship Program. Starting in 2016, Cisco is accepting applications for people to participate in a globally accessible cybersecurity scholarship program. This is a three-step registration process, and you will be required to pass a pre-qualification exam with a mark above 75%. Upon successfully applying, you will be asked to select a study cohort period, and will be provided with the necessary study resources along with complimentary vouchers to complete the SECFND and SECOPS exams to obtain the CCNA Cyber Ops certification.

While it is not necessary that you hold certifications, HR and other professionals may judge your worth based on certifications. By holding certifications, you will boost your personal brand. You might want to check out this blog on whether certifications are worth your time.

College.

In college, there are many extra-curricular activities and opportunities available for students. For starters, consider getting involved with a club or society within the technical discipline by attending their meetups, events, and workshops. Clubs and societies also provide you with the opportunity to gain experience as a student executive. As a student executive, you can build your reputation within your respective academic institution, and become more influential as a student leader. If there are no clubs and societies related to your technical discipline, then consider starting one.

By participating with your school’s clubs and societies, you are also provided with the opportunity to work with a budget provided by the faculty to host guest speaker events, CTFs with prizes, and in some cases, faculties will even fund students to attend conferences. For example, my university fully funded 8 students to travel to Quebec to attend the HackFest security conference. Additionally, my university’s Networking & I.T. Security Students’ Society regularly hosts events in the interest of the student body, providing students with a great student life experience.

By actively participating in student life on your campus, you will become more respected by academic officials at the respective institution. Subsequently, you will have more power and influence on your campus. You will also be provided the opportunity to form strong relationships with faculty associates (Dean, Associate Dean, Professor, etc.) who can help you reach your goals personally, academically, and as a representative of the student body.

It is important to actively build and maintain relationships while in college. Your peers will be your future co-workers, and by helping each other out, you can work together in unity to help each other succeed. The faculty will support you and your peers generously, allowing you to take full advantage of the student fees that you pay. Professors may work wonders on your career by providing you with valuable industry connections and directly involving you in their research. If you need references, your favourite professors may be candidates, but only with their prior approval.

Best of all, GPA is barely even considered in any of the mentioned pursuits. Yep, that’s right; you don’t even need a 3.0 GPA to succeed in your college career. Your GPA is a small consideration in the grand scheme of things, so get involved while you can.

Mentoring.

In InfoSec, people love to help one another. The InfoSec community is very caring, generous, and they certainly take care of their own. There are many fit professionals who would love to mentor a passion-driven student. It may take a while to find the right mentor for you, but it is well worth it once you find your person.

A mentor is someone who will help guide, teach and uplift you as a mentee. Your mentor will be there to help you make sense of the bigger picture. It is important that you find a good mentor that matches your character.

By this point, you may be wondering how to find a mentor. Honestly, it can be challenging to find a good match. However, some Twitter users have compiled different lists and resources that I will share with you to get started:

Additionally, check out the InfoSec Mentors project at https://infosecmentors.net. Among the co-founders is Keith Hoodlet who has personally approached me at a conference, handed me a card, and told me that he would always be willing to help answer any of my questions. These people are very helpful and resourceful, and they will definitely take the time to listen to you.

My mentor, Haydn Johnson (@haydnjohnson), is always willing to help me out. Whether it is professional networking, security questions, life advice, or whatever it may be, I have the comfort of knowing that Haydn is there to support me in my InfoSec ventures. He regularly checks up on me while pursuing his own interests, and I feel that we have a fair bit in common.

Social media.

A caveat here, social media can work against you if you come across as negative or threatening. HR will have a look at you on social media, so make sure your posts are something you would like them to see.

Using social media will allow you to cultivate a professional Web presence so you can show the world what you have to offer.

Facebook tech groups have a tendency of being very certification focused. I cannot say that I have made many solid contacts through Facebook, with the exception of a very select few, who have actually assisted me in my young career’s progression. There are some quality Facebook groups for studying for certifications, but that’s about it. Use Facebook for certification study groups, but don’t bother social networking here.

LinkedIn deserves a special mention since they are seen as “king” when it comes to professional networking on social media. LinkedIn is generally used as a public resume, and it will be good to have a LinkedIn for when you are connecting with industry professionals. Use LinkedIn for connecting with people at events, and use it as an additional resume for HR.

Twitter has an excellent sub-community dubbed “InfoSec Twitter”, this is where the Information Security industry’s social networking really happens. InfoSec Twitter is a term used to refer to a subset of security people who follow other security people, it can be thought of as a 24/7 Internet conference, more or less. It will also informally operate as a 24/7 threat intelligence and cyber politics feed.

You can refer to this article for a list of InfoSec Twitter accounts worth following, from a threat hunter’s perspective.

Another list generated by @KeepBackups, sorted by security categories.

The Twitter community has been a key component in my ability to network professionally within the tech industry, and it even helped me find a co-op opportunity in an I.T. environment at a large financial company for the summer after my first year of my undergraduate degree. I highly recommend that you spend some time social networking on Twitter because that is where the security industry communicates the fastest.

The wrap-up.

I am not a career counselor, I am a student. I have struggled through the process of finding internships, and what I shared with you is what has worked for me personally through trial-and-error. As a result, I have realized that personal brand is a very key factor in the job search process. I have found more opportunity through industry connections than I have anywhere else. People will interact with you based on how you present and carry yourself, in person and online, hence the importance of personal brand.

It is very beneficial for any student to actively develop their personal brand. They can achieve a positive personal brand by actively being self-aware of their words and actions, participating in community events, gaining influence within their college as a student executive, and maintaining relationships within their desired industry. With more students than ever, we must thrive as individuals to stand out from our peers during the recruitment process.

This is my advice to you, from one InfoSec student to another.

CryptoCypher

About the Author: CryptoCypher
CryptoCypher is an aspiring I.T. Security professional. As of now, he is an undergraduate, intern, privacy advocate, and a passionate security enthusiast. As a side project, he is currently writing a book about applying operational security to online identities. Follow him on Twitter https://twitter.com/CryptoCypher
Read more posts from CryptoCypher ›

‹ BACK TO ALL BLOGS

Watch a Demo ›
GET PRICE FREE TRIAL