I don’t normally make New Year’s resolutions. But when I do, I start them in March. As you may have noticed, I decided to start blogging again. I published a book last year on cybersecurity for the layperson (managers, salespeople, executives) and I knew I wanted to begin writing a sequel. I didn’t have a theme or concept like I had for the first book, but I had some really cool ideas that I wanted to think more about. (Read the rest of my blogs here.)
My resolution was simple: I would write one article per week for a year. 52 articles.
I’m 6 months in, so it makes sense to mark the occasion by blogging about it. The verdict?
This experiment has lead to an avalanche of discovery. Every idea leads to a blog, which leads to new ideas, which lead to more blogs or articles or guest posts. So far I’ve written over 30 articles, far more than my goal.
I’ve written a blog on cybersecurity in the past, but I wasn’t consistent. I wasn’t consistent because I didn’t really enjoy blogging the first time around. It felt too much like work even though I love writing. This never sat well with me and I started to think about why.
One of the lessons I learned from writing my blog several years ago was that there is this temptation to write based on what people might click on. I found myself starting to gravitate towards commenting on current events. Articles about hot topics get more clicks. Every major security incident has a gaggle of experts hoping to be the one to explain it to the masses. But there was always this temptation to take a position or perspective which I didn’t really believe in to get more attention. I hated that part of blogging, which might have been one of the reasons I stopped. (There were other reasons like having a kid and writing a cybersecurity book.)
To avoid this temptation, I came up with some rules that would keep me honest and help avoid falling for those temptations. The rules I came up with were:
- Importance – I want to write about things that will help improve the cybersecurity of our world. To me, this means exploring new ideas and bringing knowledge from other disciplines to bear on cybersecurity problems.
- No vendor endorsements – I don’t discuss vendors and I don’t let vendors comment on my articles to attract attention to themselves (this has happened and I delete those comments).
- No current events – I don’t comment on breaches or other things in the news that I don’t have direct knowledge of. If I had direct knowledge, I’d be under an obligation not to discuss.
- Likes – I will only obsess about likes or views a little. This means that I’m not necessarily going to write about popular topics. But I’ve been really surprised and inspired by the response I’ve gotten to some of my ideas.
I didn’t start out to treat this project like a scientific experiment. I didn’t have a theory that I was trying to test out about blogging or anything. I just wanted to write in an honest way and hopefully come up with a few things that would help people. But as obsessive as I am about details, I couldn’t help but make observations as though I were doing a science fair project. So here are some of my most surprising findings:
- Sales – This shouldn’t necessarily have been surprising, but lots of salespeople hit me up after seeing my articles. This isn’t necessarily a bad thing. Some came off like creepy stalkers, but others actually reached out honestly and I really appreciated the support.
- Deepening relationships – Putting myself out there gave other people the chance to connect with me in a more meaningful way. It also gave me a way of introducing myself to people I might not have talked to otherwise. I feel like I’m a part of the security community in a different way than I was before.
- Open doors – There have been a number of opportunities that popped up after people saw my articles. I’ve been invited to speak at a ton of conferences this year and this only reinforces the previous point.
- Book sales – I decided to advertise the book I published last year at the bottom of all my articles. This did not lead to fame and fortune.
- Engagement – I’m really more engaged in my job and my career than I ever have been, and some of the things I’ve written have motivated me to put my money where my mouth is, so to speak, with doing things differently at work.
I’ve heard that if you read one hour per day in your chosen field, maybe one or two books per month, you’ll be an international expert in your chosen field within 7 years. I feel like this is one of those internet urban legends: maybe you can read lots of books, but will you really understand them? Have you put any of those things into practice during those 7 years? (Most of us learn by doing.)
Maybe I’m being a little unfair. In practice, to really understand something, you can’t just read something. You need to also teach it to someone else. You need to force yourself to understand that subject so completely that you can be prepared to answer other people’s questions on the topic. You need to have had deep conversations with other experts in the field to debate difficult issues. And you need to put yourself out there to take a position on those issues.
So my prescription for myself – write a blog a week for a year and see what happens. Six months down. Six months to go.