Cybersecurity Thought Leadership. PHOTO: Cybercrime Magazine.

What I’ve Learned about Becoming a Cybersecurity Thought Leader

Where should you begin to become one too

Jonathan Zhang, CEO at Whois XML API

Walnut, Calif. – Jul. 26, 2019

Leaders reach a point in their careers where they feel the urge to share the insights that they’ve accumulated over the years. Many of us dedicate our lives to an industry and, as part of this commitment, we build expertise that can largely contribute to the community. The desire to disseminate such valuable knowledge is what I refer to as thought leadership.

Now, looking at the field of cybersecurity, it’s not a secret that individuals and companies are constantly under attack in what is getting known as cyberwarfare. And since we, cybersecurity specialists, spend our lives fighting against the villains of the web, we do feel the need to make our voices heard — not just for the fame, but because every bit of input can help keep people and corporate assets safe.

That’s the reason why I’ve put so much effort into sharing my thoughts and experience on various cybersecurity topics over the past months in over 20 publications (see the end of this post for a shortlist of my best articles).

This has been an intellectual journey and, quite frankly, a lot of hard work. The time has come to reveal some of the secrets I’ve gathered along the way. But first thing first, let’s consider why you might want to join the exclusive club of cybersecurity thought leaders.

Why Do You Want to Become a Cyber Security Thought Leader?

Ask yourself: Why invest your time in the process? Many people embark upon this journey solely to get visibility and promote their businesses. Frankly, that is part of it, especially if you offer a product or service that’s best in class in your industry.

However, there should be more than self-promotion driving people toward the path of thought leadership. More importantly, there must be a sincere desire to help both the public and the industry. How so?

You might, for example, want to elevate the conversation and speak about emerging threats, or remind audiences about basics that are frequently overlooked or trivialized like human error, the same ever-repeating social engineering tactics, or the common security misconfigurations that occur when setting up a new website or acquiring online assets.

What Important Qualities Do You Need?

The idea of becoming a thought leader is compelling, isn’t it? So, what are you going to require to make it happen?

Here again, you’ll need both the passion and motivation that go beyond the sole intention to make quick money with new tools and services. Why is that? Well, coming in with a lukewarm attitude will never stand up to the pressure and the responsibility.

Pressure, because you’ll always have to work hard to keep up with the cybersecurity space and maintain your image as a thought leader. Responsibility, because it’s an extension to the lifelong commitment to the industry you’ve dedicated yourself to preserve … and you do not want to screw up and mislead anyone who decides to follow your advice!

On top of that, you’ll require a flair for new ideas to stand out from the mass. And that matters very much because if you don’t catch attention, then nobody will ever read the content you produce, which in turn means that you won’t stimulate a new level of discourse — probably one of the very reasons why you’ve decided to become a thought leader in the first place.

Very importantly, thought leaders also require patience and perseverance. It’s important to take it one step at a time and remember that nobody has become a respected expert overnight. Building a decently-sized audience and refining your content ideas will likely take weeks or even months. And even when that’s achieved, you’ll need to keep up the momentum and do everything you can to avoid losing relevance.

I also discovered that being a thought leader calls for constant curiosity. When one of the first known computer viruses appeared in 1971, it taunted us by displaying, “I’m the Creeper, catch me if you can!” Had we stopped with merely being amused and didn’t get curious about what other, nastier things the intruder could do, cybersecurity as we know it today wouldn’t exist.

Last but not least, cybersecurity influencers should be humble enough to accept that they cannot be 100 percent right or leading the talk all the time. And neither should they! Thought leadership is as much about coming up with new ideas as it is about building on the work of others.

Where Should You Begin?

When I finally decided to throw my hat into the thought leadership ring, I began by honestly assessing where I stood on the relevant cybersecurity issues. How proficient was I in talking about them? What were my specific areas of subject-matter expertise? Where could I provide the most value?

Cybersecurity is such a dynamic field, with both new malicious and defensive techniques, developments, and technologies being hatched as we speak. It’s not realistic to stay on top of everything, so pick your battles wisely as you proceed with content creation.

So, instead of talking about everything and anything in my posts, I focused on what I knew best, including threat intelligenceWHOIS, and domain data in general.

I can speak with confidence and authority about them because I’ve spent a good amount of my career building related applications and tools and continue to undertake multiple projects in these areas.

On Which Third-Party Publications Can You Get Featured?

With the goal of getting featured on third-party websites, there are two types of publications that you can aim for: sponsored and non-sponsored, with the latter being much harder to achieve since it’s 100 percent based on merit.

Either way, even if you decide to pay a fee, it doesn’t mean that you can or should get bad content published. In fact, you’ll still need to demonstrate and build credibility to be taken seriously. My advice is to start small and tap into less-popular or sponsored opportunities before making your way up to the big leagues — aka top magazines and websites where proof of expertise and a solid publication track record are indispensable.

As an entry point, I’d also recommend making a list of the sites and magazines which you enjoy reading. Since you are already familiar with those, chances are that it will be easier for you to craft articles appealing to a readership you belong to, and, therefore, convince editors that you’re a “right fit” as a contributor.

What Are the Secrets for Creating Relevant Content?

This shouldn’t be a big surprise, but it’s worth making that point loud and clear: Readers come first. Think about what they’d like to read and what will be useful to them. For a given publication, you can do so by reviewing the past articles published there, especially the ones that became popular with a lot of positive reactions.

Equally important, familiarize yourself with each website’s editorial guidelines to make sure that you hit the bull’s eye when it comes to voice, style, length, etc. If in doubt, don’t hesitate to speak directly to editors. They’re usually very nice fellows who, in my experience, are highly responsive to queries.

But that’s not all. You must also continuously make an effort to create fresh and engaging material in line with your areas of expertise. Editors usually love it when contributors take an angle that highlights what only they know and offers something unexpected.

I do this notably by injecting a bit of humor and controversy in my pieces where possible. I recently did that for an article published on Dark Reading, where I explore the reasons why threat intelligence does not work and, of course, the way to get things back on track ;-).

Lastly, one secret I discovered about creating relevant content is feedback. I always solicit the opinion of my peers and readers. What can I improve? Which of my pieces have caught the public’s eye and resulted in significant engagement? Doing so gives me a clear indication of how I’m coming across and what I should be doing better next time.

Are There Alternative and Complementary Roads to Publication?

If you’re not ready to start off with third-party publications or want to proceed with more publishing activities in parallel, you can also contribute on social media groups and community websites. For example, I frequently answer questions related to my niches on Quora because it’s a popular platform with high readership which often figures at the top of search engine results — thereby increasing the prospect of my material being accessed by many readers.

Depending on the level of popularity of your organization and readership, you could also stage content on your own website. Doing so gives you the freedom to tailor your writing voice according to the topics that you’re interested in. It also gives you the flexibility to publish content whenever you like and as developments arise.

How Do You Establish and Maintain Credibility?

It’s tough becoming a thought leader, so don’t lose that status thoughtlessly. In particular, here are a few pitfalls to avoid:

First, never pretend to know about subjects you actually have no clue about just because these are hot topics. Stick to your strengths and areas of competence — or build new ones if you need to. If you get too opportunistic, it’s likely that you’ll lose credibility in the eyes of your existing audience and appear as an amateur in front of any new reader you may have managed to lure into checking your posts.

Second, avoid getting too promotional. As mentioned earlier, you’re probably looking to get some exposure for your services and products as part of becoming a thought leader, and that’s OK. What’s not, however, is to compromise the quality of your content with overly salesy or unverified claims.

Bottom line: Becoming a cybersecurity thought leader requires extraordinary passion and experience. This is vital, especially when you’re dealing with a subject like cybersecurity which can have a huge impact on individuals and companies. Hopefully, you can contribute in helping people understand the discipline better and take away the fear of not knowing.

What’s your take on becoming a thought leader in the cybersecurity space? Are there best practices and misconceptions which you would like to highlight? 

Some of my best articles in no particular order:

https://www.darkreading.com/vulnerabilities—threats/5-reasons-why-threat-intelligence-doesnt-work/a/d-id/1333188

https://hackernoon.com/the-hot-and-the-odd-a-critical-view-on-innovative-cybersecurity-practices-for-2019-850e2c2fbc8d

https://staysafeonline.org/blog/5-threat-intelligence-relevant-smbs/

https://www.business2community.com/cybersecurity/how-threat-intelligence-help-small-businesses-deal-with-cybercrime-02111585

https://hakin9.org/threat-intelligence-a-different-approach-to-meet-cyber-security-needs/

https://www.thesecurityawarenesscompany.com/2018/07/24/threat-intelligence-approaching-security-awareness-smart-way/

http://thefutureofthings.com/12213-5-questions-csos-should-ask-about-threat-intelligence-services/

https://falconhive.com/top-5-ways-domain-name-searches-help-small-businesses/

http://articles.exactseek.com/2019/01/29/3-secrets-to-help-businesses-keep-ahead-of-their-competition/

http://www.exeideas.com/2019/02/domain-name-statistics.htm

Jonathan Zhang, is the CEO at Whois XML API


Sponsored by Whois XML API

Precise and exhaustive data is vital for cyber-security professionals to analyze and prevent cyber crime. Whois XML API offers a comprehensive collection of domain, WHOIS, DNS and threat intelligence data feeds that are essential to their work. It’s an exhaustive Cyber-security package that offers a maximum coverage of both real-time and historic data, complete with instruments for threat hunting, threat defense, cyber forensic analysis, fraud detection, brand protection, data intelligence enrichment across variety of SIEM, Orchestration, Automation and Threat Intelligence Platforms.



Send this to a friend