Some time ago, I stumbled upon The Visibility Playbook For Cyber Starters, written by Segun Olaniyan. As someone who is just starting his journey in cybersecurity, I was naturally intrigued by this publication. A fun fact is that I had not discovered this book until I got my first offer to join the field. I have just applied a lot of the author’s recommendations without even realizing it, which is why I can confirm that his tips are really valuable. In this article, I would like to review the book as well as relate it to my journey so far.
The book is divided into five chapters (the author refers to them as “nuggets”), with each nugget providing a different tip you can use to become more successful in opening yourself up to opportunities to enter the field.
Author
Segun is an award-winning Cybersecurity Professional with excellent third-party management skills to identify control implementation gaps. He is the author of the popular book “The Visibility Playbook for Cyber Staters”, which he wrote with the burden of helping cybersecurity beginners position themselves for career opportunities. He founded Digital Security Village to help address the cybersecurity skill gap in Africa and beyond by providing emerging cyber talents with the necessary digital security skills for personal, corporate, and societal safety. He is the Lead Speaker at Cyber Safety Webinar, a security awareness project that teaches internet users about cyber safety tips, cybersecurity best practices, and the most up-to-date cyber defense measures.
Segun’s LinkedIn: https://www.linkedin.com/in/cyberapostle/
Nugget #1 – Value driven visibility
“Visibility is impossible without
the capacity to continually
give value to people and the
cybersecurity community at large.”
This one is pretty straightforward. If you want to be successful, you have to show the potential employer that you can bring them profit and value, as well as have an impact on the cybersecurity ecosystem as a whole. In order to become more valuable, you have to improve your skills. Cybersecurity has a much steeper learning curve than other similar fields, meaning that if you really want to succeed, you have to put in the time and effort. As a software engineer, I would say that I had it a little bit easier to start, but I still had to spend a lot of time studying and honing my skills. And I still do (and will) spend the majority of my time learning new stuff.
When you become valuable, you will naturally become more visible. If you are good but nobody knows that, then no one will pay you those sweet green bucks. If, on the other hand, you are visible but have nothing to show for it, people (and that includes you as well) might think that you are a fraudster. What I have done in order to combat both the imposter syndrome and become more visible is to envision where I want to be in a couple of years, define the checkpoints I would like to reach along the way, and then start sharing my journey and progress with everyone. You can do the same!
One of the lines from the book really stuck in my mind: “As a cybersecurity beginner, when it comes to progress, admit that you are a beginner, but produce results like a professional. You can start being a thought leader, without waiting until you reach C-level positions.”
If you are new, put your ego aside and admit who you are and what skill level you have. I have made this mistake multiple times in the past and always paid dearly. Admitting that you are a beginner is a first step to working on yourself.
Follow-up: How to start improving yourself?
This one is quite tough, as there is no 100% foolproof guide that you should follow in order to improve yourself. I have put (shamelessly copied) together a list of recommendations you can follow in order to succeed.
- Assess your situation: Identify who you are and what your strengths and weaknesses are. Think about your motivation and try to figure out what natural abilities you have that will help you stand out in cybersecurity. Cyber is quite a large and diverse field, so you should learn about each and every specialization and consider whether you would like to pursue this career. Spoiler alert: Choosing which specialization you would pursue is not definitive. I began with offensive cybersecurity and later moved on to its inverse – defensive cybersecurity. Just pick one that you think will suit you the best to start with, as you can later evolve into something that will really suit you.
- Learn the fundamentals: This one is quite important. Without any doubt, you should know the basics—not only the basics of your chosen specialization but the basics across the board. You may be wondering why, but what I’ve noticed with cybersecurity champions is that they all have T-shaped skills, which means they have a solid understanding of all areas but specialize in one. I myself am trying to get into application security, but I can also leverage my knowledge of penetration testing. Simply put, knowing what the other guy thinks and how he works can make my job much easier.
- Join the community: Surrounding yourself with like-minded people can help you a lot. It can help you improve your communication and networking abilities. It can also serve as a source of inspiration when you are at a loss for what to do next. It can help you stay focused and provide you with up-to-date information.
- Volunteer: There are some misconceptions about volunteering. A lot of people are shunting over it because they think that there is no reason to do “unpaid work”. Well, my opinion on that is a little bit different. I spent a lot of time living on a minimum wage and volunteering a lot during that time. And I have met some of the most interesting people in my life through volunteering. Volunteering can tremendously improve both your soft and hard skills. It can highlight you as one of the leaders and let you step out of the crowd. It can connect you with people who are at the top of their fields and help you leave an indelible legacy behind.
These are the basic four recommendations that should get you started. I will later add more of those as we go through the rest of the nuggets.
Nugget #2 – Creating Contents for Visibility
Thinking critically makes you a tank of concepts and gives you options for solving pressing issues.
In the previous nugget, we talked about being or becoming valuable. Now we will learn more about how to become visible, and there is no better way to become visible than through content creation. Okay, I get it. You might think: “Darn it, so I will just become another casual blogger like Hung and start pumping out boring articles no one ever reads?”. That’s one way to do it. However, it does not have to be articles. If you are good with video, then creating a brief video demonstrating the technical skills you have learned is a good idea. The author suggests turning it into a series called “A Day in the Life of a Cyber-Learner,” which I think is a fantastic idea that could get some attention. You can also create a cheat sheet or write some tips and tricks about the tools you have worked with.
My only advice here is that you should try to create content that will help others. Rather than writing something like, “Hey, I just learned about XYZ and it made me 10% cooler.” (because nobody gives a duck) You should write articles with the idea of “I have learned about XYZ which can be used for whatever.” These are the tips and insights I have gathered throughout my learning journey”. This way, your audience can benefit from your content.
Nugget #3 – Leveraging The Visibility of Industry Leaders
People will gravitate towards you if you point them in the direction of those who will benefit them.
Let’s face it. You are not the first one in the field, and there are many professionals who entered before you. Sorry to be melodramatic, but it’s true. However, this is also beneficial to you because you can find leaders with whom you can connect and follow. Picking up a couple of leaders and analyzing how they do their stuff can help you tremendously. You should always look up to leaders that you can relate to and that are the closest to the leader you want to become one day. It’s quite important to stay authentic, though, as it’s quite easy to get affected by simply mimicking the leader of your choice. If you stay yourself, but take inspiration from these individuals, you might even be lucky enough to turn the previously unknown ones to your friends, and that’s a treat that is hard to beat. I will now introduce you to three leaders who are inspiring me the most.
Randall Degges
Randall is a good friend of mine whom I have met in the DevSecOps community. We bumped into each other by coincidence and have been talking ever since. Besides being an ultimate chad and programmer, he runs the DevRel at Snyk and has a long history working in the field of software development and developer advocacy. What relates me to Randall is that we have a somewhat similar background and history, which we have laughed about on multiple occasions.
Randall was the first one to introduce me to blogging. I have studied his articles and talks and realized that I would love to do the same. I have been writing content and teaching on and off throughout my career, but Randall showed me how one can put these activities together. He was also the one who shared one of my first articles, helping to spread the word about my existence. Although it may appear insignificant, it greatly aided and boosted me.
Liran Tal
Liran is a total beast when it comes to JavaScript and Open Source. I got introduced to him through Randall (thanks, bro!) when I realized that I have been coding in JavaScript for more than 2 years, but never got to learn the language properly. Liran was the one who provided me with the exceptional materials, and I have been following his activity ever since. Some time after, I filled the gaps in my education and got my hands on Liran’s book Essential Node.js Security, which I reviewed.
But the most valuable thing I have learned from Liran wasn’t JavaScript or web security. It was his humbleness. He has been awarded the GitHub Star title multiple times; he has also been very active within the open source security area and has been recognized many, many times. Despite all of that, he stayed true to himself, not letting all this fame go to his head. I hope, one day, I’ll be the same.
Marek Šottl
Marek, also known as Hackitect, is a software security architect proficient mainly in cloud technologies. Besides that, he is also my fellow Snyk Ambassador. A fun fact is that I have encountered his YouTube channel much earlier than I met him. Tanya Janca was the one who motivated me to learn more about Application Security. Marek was the one who inspired me to learn more about DevSecOps through his videos. I admire his skills, dedication, and ability to influence others. We have even once crossed paths, and he gave me one of the most beneficial things in the world: a harsh reality check. He taught me that talent without hard work is nothing and that following a mission and staying true to yourself is much more important than having a position (and achieving ikigai). I was able to pick myself up, dust myself off, raise my chin, and resume the grind after that.
Nugget #4 – Proficiency: A Visibility Booster
Proficiency enables you to track your progress as you gain true expertise and skill improvement.
So you are already visible and valuable, and you have been successfully networking with the industry leaders. What you need to do now in order to succeed is to become proficient in whatever you are trying to achieve. As the author states, the key to achieving proficiency is consistency. I’ll be honest with you. I consider myself to be an inconsistent person who prefers to work in bursts of energy rather than with consistent efforts. This may appear to be a disadvantage at first glance, but I have managed to turn this weakness into one of my strengths. Despite the fact that I work in bursts, I tend to turn these bursts into boosts that help me cross the finish line. However, in some situations, this quirk of mine can be a valuable asset. But I am probably not the one who should speak about consistency.
Nevertheless, companies are interested in people who are passionate, as only the people who are passionate are able to keep up their passion and persistence at times when the work will get tough. And I believe that if a person is passionate about something, he or she will naturally improve their skills on the way.
Nugget #5 – How To Get Referrals & Recommendations
Your network will influence how many opportunities you have access to.
The last nugget combines the knowledge from the previous four. Getting a referral from a person who is highly respected in a field can put you on the ladder to success. But how should you get one? You cannot just walk straight to the person and tell them that they should recommend you. You have to prove that you are worthy to get the recommendation. How can you do that? You can always offer your skills for free by assisting them with their projects, assisting in the organization of events, or collaborating on a shared piece of content. Joining the community to get in touch with these professionals is always a viable option. I myself have joined the DevSecCon Global community and started helping out with hosting a book club. Each and every community has an activity you can be involved in and prove your worth. If you ultimately succeed and get the recommendation, don’t forget that the referral itself won’t get you the job. It will get you an interview because the hiring company will see you as someone worth talking to, but you will still have to prove your skills and determine whether you are a good cultural fit. So don’t forget to continue improving your skills as well.
Final words
Although this book is pretty short (about 26 pages), it offers a lot of insights and tips that you can leverage. I agree that the recommendations contained within the nuggets are valuable and genuine, as I have used the majority of them to achieve success. This book is recommended if you are new to the field and want to get a general overview of what you can do to get started.
If you have read so far, you might want to follow me here on Hashnode. Feel free to connect with me over at LinkedIn or Mastodon.
