Examples of KPIs in my industry are people like Brian Krebs, Bruce Schneier and Mikko Hyppönen. In addition to how, I have also been thinking about who that future me would be.
Who?
I mean why is future me a key person of influence? In what niche portion of infosec have I distinguished myself? What or how have I contributed that others have not before me?
Until you are key person of influence in your industry, your full-time job is just to become a key person of influence in your industry
- Daniel Priestley
Listening to Daniel Priestley's webinar on London Real Academy, one of the call-to-action questions was "What do you want to be known for?" and I was flabbergasted. I have no idea.
A little bit of background, if you don't mind ...
Recently I started a new daily habit: writing in a 5-minute journal. One of the things it taught me how to do is to come up with a positive affirmation for myself. I had heard of these affirmations before, and to be honest I had thought them to be tree-hugging crystal-healing hippy BS, but hey — if you are not hurting anyone, I ain't got a problem with how you talk to yourself.
But then I heard from other sources that quite a few very successful people, including the 50 billion dollar man Dan Peña himself, were actually users of this technique. I had to reconsider my former attitude as being born of ignorance and prejudice. Now I know that I was wrong.
What are affirmations then?
They are a way of describing yourself, usually aloud, to yourself, but in a positive manner. That adjective there is key. We all have quite a few labels we put on ourselves, always seeing what/who we should be or what part of ourselves is faulty or the weakest link etc. Some people can get motivation from that sort of kicking yourself on the butt, but for most people it just causes paralysis. A feeling that you are getting exactly what you deserve from life and that there is no point in trying for more because of your ... whatever. Or that you need to "fix yourself" before you can even try.
With positive affirmations you need to think about your current or future self in a good light.
For example one morning I wrote — and spoke — this as my daily affirmation:
"I am a passionate security professional who makes the world a safer place."
Nice thought if a bit on the vague side. But at least it is positive.
It need not reflect what the objective truth is nor how you see yourself to be. By doing these affirmations - and some people say them throughout the day - you project that vision of yourself. You will manifest it. Of course there's a huge difference between saying, "I am a successful person worth 1 million dollars" or adding "... by next week" to it.
... and back to today.
"What do you want to be known for?"
Blank stare. Mouth agape. Thoughts racing. Eyes still glazed over.
The follow-up to that was "if you had the financing right now, what product/service would you launch in 3 months?"
Me: - Aha! Product development! Ooh ooh! I know this, I know this! I will start coding, erm, a product, of, errrrm, ... software ... in nature?
Brain: - But you don't want to be a developer, remember?
Me: - Oh right! Damn! Trick question?
No. Not a trick question. Plenty of good answers were given, but, alas, I was not yet ready for this.
What I learned from Daniel is that interesting things happen at intersections of skills. That there is only so far you can go with getting better and better in one market and that the most interesting and powerful ideas are formed when you cross two different focus groups, skill sets, domains.
I sought some advice from new friends at the academy and was able to brainstorm some of my potential niches that I could cross-pollinate for an even more niche market that I could then conquer.
My niches:
- working in information security
- background of software development
- passion for data visualization
- passion for photography
- I like creating tools to help people automate their routines
- I have a pretty good knack of explaining difficult technical details in layman's terms
- I love teaching people
- I love writing blog posts, especially stuff that combines the two above: explaining (teaching) technical things through metaphors etc.
For my passion in information security, I consume a lot — A LOT — of content: conference talks on youtube, podcasts and tech articles (mainly from twitter folks). One of the most exciting conference talks I found in the past 6 months was about how to use data visualization as an aid in malware (binary) analysis. This is definitely something that I could see myself contributing in the future — some new tool that could help detect certain types of malicious applications which could potentially be used to protect end-users.
Who knows?