I’ve personally mentored dozens of people new to cybersecurity, and the biggest tip I give when people ask about “getting that first cybersecurity position” is to go to meetups, conferences, and networking events. Face-to-Beautiful-Face Networking*. It’s also the tip that is most commonly ignored. The people that have done it have been successful. Some wildly successful.
What follows are some of my personal Do’s and Don’ts for folks new to CyberSecurity to help reduce the barriers to networking and help them succeed. While these tips are good for everyone, they especially help introverts succeed in an extrovert’s game. I know because I’m the introvert that created this list originally to help myself. While the list may focus on introverts, extroverts will find many of these tips useful as well.
Some tips go against other common recommendations, but I explain my thinking as much as possible. Take what you like, leave what you don’t. I fail at many of these on a regular basis, so don’t aim for perfection here. Try implementing the ones that seem like they’d help you the most and then do your best. The most important step is going to events and do the networking!
Focus on Meeting People and Building Relationships
If I were to summarize this entire post to as simple a statement as possible, it would be this: Build relationships first and opportunities will follow. The rest of this post focuses on what can aid and hinder the development of those relationships.
How to Meet New People
If you’re an extrovert, this section probably doesn’t sound all that helpful; however, I’d recommend you skim through it anyway. If you’re an introvert, this is section is one to take notes in.
Show up early and offer to help with setup and teardown
I’m a very quiet person, and I’m not good at starting conversations…unless it’s work related. Volunteering or finding simple ways to “work” with people has made it easier for me to make connections and build relationships.
The event organizers are likely “connectors”, and they will be able to introduce you to many, many people. More on connectors in a minute.
Use the 3 foot rule:
For every person you come within 3 feet of that you don’t know, reach out, shake their hands, introduce yourself, and ask their name if they don’t give it. (There are MANY introverts in InfoSec, and you shouldn’t expect an introvert to start a conversation with a stranger (that’s you) unless they have a REALLY good reason to do so.)
Find the “Connector” and introduce yourself
If the 3 Foot Rule freaks you out and you don’t think you can do that with everyone, do it ONCE, but do it strategically. Watch the crowd for a bit, and take note of who is doing the most introductions. That person is a “connector”, and they likely know everyone in the room. Connectors love to meet new people and to facilitate introductions. That means you won’t be inconveniencing them. You’ll actually be giving them the chance to do what they love and do best. Who are you to deprive them of that opportunity?
Introduce yourself to each speaker and ask another question
Many people will want to talk to the speaker afterwards. Going up and asking a question will start conversations and put you in the middle of a large group of people to meet. Remember that 3 foot rule?
How to Interact and Form A Bond
Ask people questions. Lots and lots of questions.
One caution here is to keep your questions friendly and inquisitive to avoid turning the conversation into an interrogation. These are “ideas” for questions, not a checklist.
- Ask what they are working on…and actually listen. Follow up with questions and keep them talking.
- Ask how they got started.
- Ask what their worst position in InfoSec has been.
- Ask what their best position has been.
- Ask about their hobbies.
- Ask about upcoming trips or conferences.
- Ask their opinions of current security news (This requires you to keep up with the news)
- Ask who they follow on Twitter
- Ask if they have a favorite blog
- Ask, ask, ask….
When speaking with new people, look for and highlight things you have in common
People like people that are similar to themselves. So, point out the similarities, and skip over your major differences.
After you’ve bonded a little, ask them for their advice on getting started
It doesn’t take much of a bond, but it’s important that there be a little. You wouldn’t ask career advice of the person behind you in the grocery store line, and you shouldn’t do that in the snack line at an event or meetup, either.
People love giving advice…even when they have no business giving it. So, even if you disagree, just say, “Wow, thank you! I’ll keep that in mind.” You don’t have to follow it, but responding, “That’s stupid!” is a sure-fire way to kill the potential for that relationship.
Note that I said “ask for advice on getting started” and not “ask if they have any open positions”. You just met. If you build the relationship, they will think of you when positions open up.
Express your interest, display your passion, and be humble.
Most people would prefer to work with a smart person that is coachable and has a self-driven desire to learn over someone who thinks they already know it all. (If you act like you already know it all, they can’t give you advice…which they like to do.) Keep the words of Ralph Waldo Emerson in mind.
“In my walks, every man I meet is my superior in some way, and in that I learn from him.”~Ralph Waldo Emerson
Have business cards or resumes in case someone asks.
There is a corresponding “don’t” for this suggestion. The key here is to provide the card or resume if asked. (There is a “DON’T” about is in just a moment.)
How to Extend the Interaction Past the Event
This is important if your goal is relationships, which it is, right? RIGHT?!? Ok, good. People have short memories, so you need do what you can to ensure you’re remembered.
Ask people if they are on Twitter so you can follow them.
This is a low risk way to connect. If they’re not on Twitter, they’ll likely direct you to LinkedIn. Send them a customized Tweet, DM, or LinkedIn invite as a follow up.
LinkedIn Invite Example:
“Hi Bob, it was great to meet you at Hackers Teaching Hackers! I’d love to stay in touch and hear more about <project they mentioned>.
Public Tweet Example:
It was so great to meet great new people like <list of Twitter handles> at <con or meetup twitter handle> today! I’m looking forward to next <week/month/year>!
After Following or Connecting, be sure to interact regularly.
Like and share their posts. Leave comments with your thoughts, or just thank them for sharing. The comments are also a great place to ask questions!
While the “DON’T” list is extremely helpful, you’ll notice most of the supporting comments have a positive “DO” flavor to them. That’s because “DON’T” tips are can actually can actually be bad. As a simple example, if you’ve ever been up high and someone said, “Don’t look down!”, I know exactly what you did next. You looked down. Even if you resisted initially, at some point, you looked down. This is due to Ironic Process Theory, which is “the psychological process whereby deliberate attempts to suppress certain thoughts make them more likely to surface”.
Since our thoughts become our actions, “DON’T” statements often don’t work and can actually sabotage us. (The exception here are statements like, “Don’t touch the hot stove” where the inverse action and negative result is immediately obvious.)
For the “DON’T” suggestions to be effective, we need a “DO” statement as an alternative action, but we still need the “DON’T” to catch the undesired behavior before it starts. The fact is many of these already have a positive inverse listed in the “DO” section. So, some of these just serve to help us understand why the “DO” exists, and what it helps us avoid.
Don’t be transactional or appear self serving.
If people feel like you’re only speaking with them to get a job, the interaction feels cheap, and won’t lead to a relationship. Remember, build relationships first and opportunities will follow.
DO: Review the DO sections about asking questions, finding common interests, etc.
Don’t force your business card or resume on anyone.
This specifically can make an interaction feel transactional. The more casual the meetup, the more this will make you seem like a desperate job hunter or a slimy sales person.
DO: If you’d really like to give someone your business card and doing so would violate this suggestion, ask for their business card. By asking, you show interest in them, and they will feel compelled to reciprocally ask you for yours. Even if they do not ask for your card, they will deem it appropriate if you hand them your card as they hand you theirs. Just don’t abuse that trick or the entire thing will become transactional.
Don’t send generic LinkedIn invites afterwards.
I usually don’t accept invites from anyone I don’t know…because I’m slightly paranoid. Many in security are the same way. In private conversations with other professionals, several indicated they have hundreds of LinkedIn requests they have just ignored because they don’t know or don’t remember the the person and the request wasn’t personalized. I ran a super scientific poll on Twitter before posting this, and around 26.4% of those that responded to the poll won’t accept a LinkedIn request from someone they just met and hardly know. The other 73.6% will connect with anyone.
DO: To increase your chances of connecting with that last 26%, include a personalized note including how and where you met, and what you enjoyed about your conversation. It’s a great way to prove you were listening to people, which they like. Example: “Jon, It was great meeting you at the meetup on Tuesday! I enjoyed our conversation about the benefits of purple teaming. Hope to see you there again, soon!”
DO: If you don’t get a response to your LinkedIn request, “Follow” the person on LinkedIn, and look for chances to stay in contact. Don’t turn into a stalker, but watch for opportunities to like posts they share or comments they leave on posts. Again, don’t over do it. That would be creepy…which brings us to the next tip.
Don’t be creepy.
Don’t lurk on the outskirts of a conversation, and listen in. People can tell you’re doing it, and it’s creepy.
DO: It’s better to outright join the conversation than it is to lurk. It’s better to be thought rude than creepy.
Don’t join a group of people you don’t know who are having a conversation without introducing yourself. That’s creepy and rude.
DO: To avoid being perceived as rude or creepy, try this to keep the conversation flowing when you join it:
“Hi, I’m Jon. Sorry to interrupt. Did you say, “<repeat the last thing someone said even if you heard it clearly>?”
This helps you sneak in the introduction, and you’ve also moved the conversation right back to where you interrupted. It also follows the “Ask Questions” suggestion.
Don’t force yourself into a conversation.
DO: If you try to join and they ignore you, take the hint and move on. They may be discussing something slightly more personal or private than what they’d like to share with someone they don’t know. If you ignore those non-verbal messages and stick around, it’s creepy.
Don’t talk about politics and other polarizing issues.
This can be tricky in our industry and in the current status of our society. Politics is a common trap for quiet people that aren’t good at networking because they often have strong feelings on the issues, and they have the words and talking points prepped and ready! The urge to contribute to the conversation can easily outmuscle their self-control. Whether you are “quiet” or not, the problem is you can quickly alienate 70% of the room by expressing your opinions too firmly. Yes, 70%.
- 30% will have the polar opposite opinion, and will be excited to “educate” you.
- Most of the middle 40% will want to avoid the topic completely because they don’t want to be in the middle of an argument between polar opposites where no minds will be changed, anyway.
DO: If it comes up, stick to the black and white facts, and not beliefs. Even that can be dangerous, though.
DO: If one of these topics comes up and tension starts to build, it can be relieved easily by making an overt, purposely awkward, random topic change and end it with a cheesy smile. It will break the tension, and most people will seize the opportunity to get out of the conversation. Examples:
“So…uh… I hear Bora Bora is nice this time of year.” 😀
“Wow. This is an amazing glass of water. Definitely time for a refill.” 😀
“So, how about them <insert sports team>.” 😀
If you don’t follow sports, you can use that to assist the “overt” aspect of the statement by saying everything wrong:
“So, how about that sportsball game the other night! I heard the jockey kicked a home run in the 5th quarter!” 😀
There are many other tips that go well beyond what I’ve covered here, but these are the tips and techniques I try to use regularly. I’d love to know if you found this useful and also hear your tips and tricks. Either hit me up on Twitter or drop me a note via the Contact page.
If any of these don’t make sense or seem contrary to what you’ve heard, check above for more detail.
- The most important step is going to events and doing the networking!
- Your goal is to meet people and build relationships first, and opportunities will follow.
- To Meet New People:
- Show up early and offer to help with setup and teardown.
- Use the 3 Foot Rule: Introduce yourself to everyone that comes within 3 feet of you.
- Find the “Connector” and introduce yourself.
- Introduce yourself to each speaker and ask another question.
- How to Interact and Bond with the People You Meet
- Ask people questions and show interest in their answers
- When speaking with new people, look for and highlight things you have in common and ignore your differences for now.
- Wait until you’ve bonded a little before asking for advice “getting started” or “finding a job”.
- Express your interests, display your passion, and be humble
- Have business cards or resumes in case someone asks
- Extend the Interactions Past the Event
- Ask people if they are on Twitter so you can follow them.
- Send a customized LinkedIn request or a public tweet as a follow up.
- After following or connecting, interact regularly by liking, sharing, or commenting on their posts
- Things to Avoid
- Don’t be transaction or appear self-serving.
- Don’t force your business card or resume on anyone.
- Don’t send generic LinkedIn invites afterwards
- Don’t be creepy.
- Don’t lurk on the outskirts of a conversation, join it.
- Don’t join a conversation with a group of people you don’t know without introducing yourself.
- Don’t force yourself into a conversation.
- Don’t talk about politics or other polarizing issues and have prepared methods to change the subject or escape the conversation if they come up.