Using LinkedIn to Raise Security Awareness #2: Thought Leadership


Session 2 of our 3-part series dives a little more into Thought Leadership, why it's important for our aim to broaden our reach as security awareness professionals, and how to establish yourself as one.

This community training for our Security Awareness Community teaches how to use LinkedIn like a pro as a security awareness professional. Learn how to effectively reach your colleagues, executive team, and broader network with security mindset insights while building your professional brand at the same time.

Looking for the other two sessions? Jump to Resources.

Thought Leadership

To put it plainly, thought leadership is all about establishing yourself as an expert in your field. In today's digital world, this means using marketing approaches and social media to increase your visibility and make your voice heard.

It may be uncomfortable to talk about ourselves, but marketing yourself is a key part of becoming a thought leader. True, this means anyone can become a thought leader for better or for worse, but for the sake of influencing those in our network towards a stronger security mindset and habits, it's a worthy effort.

Thought Leadership Quote

While you may not become a famous figure like Brian Krebs, you can still have a significant influence on those around you. Even individuals with 3K to 10K followers on LinkedIn can create valuable conversations with solid reach and engagement. Our main focus is to use LinkedIn more effectively as an additional channel to drip our messaging to our colleagues and executive board. By doing so, we can grow our visibility and professional branding while also focusing on our company's goals.

So how do we go about establishing ourselves as a voice people in our digital circle turn to for all things online safety? Read on.

Show Up, Speak Up, Rinse, Repeat

Good marketing is essentially effective communication but it cannot happen as a one-off conversation. When it comes to educating and influencing others first we have to show up.

Show up - Digitally speaking that means creating content and engaging in conversations. Simply sending out content once and leaving it at that is not enough. With the digital world moving at a rapid pace, it's important to show up multiple times through different channels to make an impact and ensure people hear your voice.

As a security awareness professional, you're likely already getting the messaging out through several channels - email, Yammer, Teams, phishing simulations, etc. We mentioned in Session 1, LinkedIn is simply another channel for that messaging - the difference is that LinkedIn provides a more neutral playing field that is less threatening and more personable when done well.

How to Start

Speak up - If you've already been involved in creating messaging for security awareness campaigns, then you have a great foundation for content to help you get started. Even if there is internal messaging that cannot be shared as it is company specific, the core of the message gives you something to easily build on.

Building yourself as a thought leader requires consistently sharing your expertise, lessons learned, insights, observations on current news and breaking it down to how it is relevant for a particular group of people. (For more information on breaking down your different audiences, see Session 1).

But Beginnings Are Hard

If you identify currently more as a "Lurker" than a "Creator" it can seem intimidating - but it's important to remember that gone are the days of the perfectly polished post. Today people appreciate authenticity more than a perfectly edited post. Not to say it shouldn't be clear and written well, especially if aimed at peers, just beware of the "perfection beast" and don't let that stop you from posting.

Getting started with creating content can be daunting, but setting a 30-day challenge of daily posting can help jump start the process. It's important not to overthink the content and to repurpose existing content as needed. After the initial 30 days, finding a consistent rhythm that works for you is important, whether that's once a week, 2-3 times a week, or daily posting.

What's the Best Type of Content?

Different types of content exist, including text, text with images, carousel posts (slideshows uploaded as PDFs), and bite-sized content such as short paragraphs, thoughts, and bullet points.

Text and text with images are effective so there's no need to feel pressured to create elaborate content like carousels or videos. Starting with straightforward content creation is a good place to begin.

Type of Content To Share

There's no one guaranteed type of content that will perform well every time. Many factors go into what makes a post successful including the initial hook of the post, text layout, images, carousel design, time of day, day of week, not to mention the algorithm basing visibility and reach on initial engagement and how you engage on the platform as well.

Currently, it seems the algorithm is favoring polls, video, carousel posts, and multi-picture posts a bit more at the moment but more than trying to guess what works at any given time being consistent and providing meaningful content that relates and helps the people you're targeting (employees, exec team, board members) will help you ride the ups and downs of the algorithm changes.

A Note on Video Content

Short-form video is a great way to familiarize people with who you are so if you're willing to give it a try keep a few tips in mind:

  • You don't need a script but a general outline will help with the flow of thoughts to keep you on track
  • Keep messaging short and concise and don't forget to provide a call to action - i.e. - encouraging them to turn on MFA or clean out unused apps on their phone, etc
  • Viewers are typically willing to deal with poor lighting or simple editing as long as the actual content is quality. What kills a video, however, is poor audio quality.
  • Include subtitles - Many users watch videos with sound off plus it's more user-friendly for hearing-impaired persons. LinkedIn now has auto-generated subtitles you can approve before confirming an upload and many audio editors have good subtitle generators as well

Also, if you have Creator Mode turned on (See Session 1) that gives you access to LinkedIn Live - video doesn't always have to be short clips. Consider doing regular interviews with either other security awareness professionals to provide tips to your employees or do a more industry focused session.

Prefer writing? While the LinkedIn Articles don't get the same reach as their previous glory days they shouldn't be counted out - it's still a great way to expand your visibility and showcase your insights, if writing is a strength.

Get (A Little) Personal

As the saying goes "People buy from People" and what we're asking our particular audience here is to 'buy' into shifting their mindset and habits. Including personal posts from time to time helps create that human connection and makes you more approachable. Good messaging is relatable so make sure your posts aren't just information downloads.

Being personable can include sharing a personal story and relating it back to work/online safety/professional life or posting a selfie at a professional event are ways to break up posts with a human touch. While it's certainly not encouraged to overshare for reasons we're all aware of, to the extent you are comfortable showing you're more than a digital profile goes a long way in humanizing your engagements on LinkedIn.

The main reason goes back to the whole purpose for ramping up our LinkedIn presence: we want to build ourselves us as the "address" for our connections to come to for security awareness concerns and questions.

There are a range of styles and many professionals who do this well. Follow them to draw inspiration from and find your own style and level of comfort - check out the end slides from this presentation for a list of cyber professionals to follow and see the many different ways to personalize your LinkedIn persona.

What Not To Do

A few points to keep in mind on posting tactics to use sparingly:

  • Only resharing other people's content - Keep this to a minimum for two reasons: 1) historically posts that were a ReShare of another's content got very little visibility (note - this does seem to be changing some but nothing definite). 2) The point is to build up your own voice as an authority so it's important to share your thoughts/opinions/insights more regularly.

  • Write long blocks of text like you're writing an article. It varies by industry but typically at least half of users will engage on mobile and walls of text become overwhelming

  • Only sharing company branded info or self-promotional posts. As our goal is promoting security awareness in different perspectives and how it relates to the regular employee and how it relates to executive team from a business risk perspective, this shouldn't be so much of an issue. If you're an independent security awareness practitioner this advice would vary a little more as that is slightly different scenario where a weekly or bi-weekly self promotion is encouraged.

  • Only sharing curated content with a link in the post that directs off-platform. Again, with the recent changes in the algorithm there is a debate if this has as significant an impact as previously. Test it out for yourself to see what seems to be more successful.
    Use a wall of hashtags or zero hashtags -

What To Do Instead?

  • Summarize in your own words another person's point (instead of using the Reshare) and tag them to add your own perspective to the conversation
  • Use white space more often between sentences and use bullet points for lots of information when relevant

  • Summarize an article instead of curating a piece. Tag the author or publication and add your own insights on the matter - if it's not urgent to have the details (as would be the case in a trending vulnerability or attack) put the link in the comments rather than the post itself

  • Include a good hook to make the user click "read more" as this will signal more interest in your content.

  • Include a Call To Action - Ask a question, give a challenge, encourage them to follow or connect

Speak To Your Audience

For the purposes of utilizing LinkedIn to really focus on security awareness it could be tempting to try and hit two birds with one stone. But going back to effective communication and good marketing, it's important to segment your audience and keep the messaging focused only on a particular group. One audience per post is a good rule. The beauty of online safety tips is that sometimes your board members or executive team fall into the 'regular user' as well but focus on speaking to the regular user. If it's a tip specific to executives/board such as spear phishing for example, then just be clear in those instances when you're speaking to those people.

Let's say you want to make Tuesdays when you give a Cyber Tip Tuesday for the regular employee whether for work or home, Wednesdays are Cyber Tips for Executives, and Thursdays are Professional Insights for your cyber peers. You don't have to title your posts each time but knowing which audience you're creating for will help the messaging be more concise and focused.

In conclusion

To wrap it up, becoming a thought leader is simply being focused and consistent to increase the impact of those around you in the virtual realm - we're simply focusing our efforts and messaging to have the greatest impact on those we work with while having the added bonus of influencing others in our LinkedIn network and hopefully driving the important message of good security habits to a wider audience inside and outside of our organizations.

For the other sessions and to download the slide deck from this presentation, check out the resource section below.



SlideDeck for Session 2 PDF

Session 1: Intro to LinkedIn Networking and Professional Branding

Session 3: Content Creation

Community Live Stream: Security Awareness as Thought Leadership