This isn’t your typical review of a book. I read this book because I felt that too many security professionals were “showing their work” but not doing it in a way that provided any real value. The way some people share online, I feel like they might have read this book but missed some key points. Instead of taking it in as a whole, they picked and chose things they wanted to do and thought they were doing great. Maybe in their mind, they’re following a game plan, and they believe success is right around the corner, but it’s the opposite for them. So, I won’t be touching on all the chapters, only the ones in which I see the biggest issue relating to what I see from cybersecurity professionals and how they’re sharing their work. I will also talk about stuff outside the scope of this book.
I’ve been seeing this trend lately of people sharing. Sharing accomplishments, sharing posts on LinkedIn, and sharing blog posts daily. Now, there’s nothing wrong with this, and one of the major chapters in this book, Chapter 3, “Share Something Small Every Day,” talks about just this. The chapter talks about making your brand. As more people work from home and have Zoom meetings, social media can become the first impression for employers they may never meet in person. One of the first quotes that stuck out to me in this chapter was “90% of everything is crap,” by Theodore Sturgeon. If you share something every day for a month (30 days), 27 days just won’t hit their mark, and for me, it starts to feel like spam (discussed in Chapter 7, “Don’t Turn Into Human Spam”). Do you want your brand to be 90% crap? Probably not. It doesn’t mean you don’t write that post, but you put it through the “So what?” test before you hit that share button. The book discusses the “So what?” test, but it’s pretty straightforward. After you write your post, you ask yourself, “Is it useful or interesting?” If yes, share it. If not, toss it in the trash; if you don’t know, save it. It’s that simple.
Chapter 5, “Tell a Good Story,” is also essential and often overlooked when sharing accomplishments online. In the book, there’s a story about how a couple of people went to a thrift shop and bought about $130 worth of stuff, but they took that stuff and sold it on eBay for a big profit of over $3,500. The one thing they did was add a story behind each object. Just telling that story got people engaged with the auction and intrigued people who might have passed over otherwise. Training platforms make it very easy to share your accomplishment of passing a certification or completing a box. The one thing that it doesn’t provide is a story; without that story, it can sometimes feel like spam. If you complete a HacktheBox box, instead of just sharing the badge, maybe discuss the issues or problems you faced during this accomplishment. What did you learn? Take us on that journey with you to understand what it took to complete this accomplishment. What happens if your “accomplishment” took almost no effort? Maybe you can do the “So what?” test and see if it’s worth sharing.
Lastly, it is not a topic mentioned in the book, but I believe it would have been discussed if it was written today. I’m starting to see the use of AI, not just in snippets, but AI making whole blog posts or social media posts. I believe there’s such an urge to get material out there and create a name for themselves that they’re trying to take shortcuts. I know coming up with a blog post or other material is hard. I sometimes use chatgpt to generate ideas for a headline or rephrase a sentence I’m struggling to write. If I use any of its suggestions, I always try to rewrite them in my own words. I want people to know who I am and what I’m about. The book is titled “Show YOUR Work” not “Show AI’s Work”.
Regarding my conclusion on the book, it’s a quick and easy read. The author (Austin Kleon) outlines some good guidelines for sharing what, how, and when, especially if you’re trying to start your career. As mentioned in this blog, there are a few things that people share daily that this book could help them with. The one big takeaway that most people could easily do before posting is doing the “So what?” test. That alone could help ensure you don’t become a human spam bot, which I’m starting to see more and more in our industry.