“Influence” and Your Career
"Talent is cheaper than table salt. What separates the talented individual from the successful one is a lot of hard work."— Stephen King, author
"Success is no accident. It is hard work, perseverance, learning, studying, sacrifice and most of all, love of what you are doing or learning to do." — Pelé, Brazilian soccer player
"I’m a great believer in luck, and I find the harder I work the more I have of it." — Thomas Jefferson, American Founding Father
Have you ever heard the above and similar statements? During my entire childhood, I was trained to believe that hard work, coupled with continuous learning and perseverance, were the keys to success. Of course, being “smart” and staying in school were also concepts drilled into my brain.
I have always been proud of how hard I work — not just at my day job, but for the relationships that matter to me, the hobbies I choose to pursue, and for my own personal growth and betterment. To me, it feels good to work hard and accomplish things. I’ve also embraced the “work smarter, not harder” approach, but the two are, at least in my mind, linked. And I think a lot of people agree with me. If, at the end of the day, a person can feel like they made a contribution to…something…if the feeling of success comes from the blood, sweat, and tears they put into a job/task/activity, that’s positive. That’s “right.”
Over the years, I’ve been very fortunate to have met and gotten to work with a number of like-minded, hard-working cybersecurity professionals — people who put in long days and go the extra mile all the time. A number of them have seen great success in their careers, earning recognition and accolades for their dedication.
Coexisting alongside them are the seeming “rock stars” of cyber. These industry icons attract groupies who follow every social media account and like or comment on every post. They pack rooms at conferences regardless of the topic they present. Their blogs and podcasts are heralded in “best of” lists and they’re named “someone to watch.” Maybe these people work hard. Maybe they don’t. Sometimes these individuals have made great contributions to science and technology, but oftentimes they have not. They say things others have said before them, but for some reason, when they say it, it turns into the “gospel.” They borrow themes and concepts that catch on, even if the theme or concept has been batted around for years. They make bold claims without any data to back them up. They are, for lack of a better term, cybersecurity influencers.
“Rock star” versus “rock solid”
For years, I have wondered what makes certain people influencers while others with similar skills and talents, yet with more dedication and stronger work ethics, never seem to achieve industry acclaim. Of course there are people who don’t want that kind of recognition — plenty of folks want to simply sit behind a computer, contribute to the field, but mostly want to be left alone to execute their job well.
On the flip side, influencers thrive on attention (and sometimes the pay bump that results from being heard). The quality of their work is of lesser importance (though they’d argue the contrary to their death). At times, influencers will say or do things just to see if it ignites a fire — whether they believe in the claim or not. I experienced this all the time when I was in charge of conference programming. And I felt compelled to add some of these people to agendas because they increased attendance, even if their talks were bound to be fluff or if they were saying the same thing they’d been saying for years, no new concepts or research.
On a conference level, this balance is OK. But when it comes to career success — promotions, equal pay, invitations for speaking engagements or media contributions, and the like — the idea that influencers are offered more opportunities and get greater credit for their work irks me to no end. Especially when we’re talking about the “influencers” who aren’t as hard working or dedicated to their craft as others who choose to keep their heads down.
This is why I derailed a conversation on Enterprise Security Weekly with my co-hosts, Adrian Sanabria and Tyler Shields. In case you aren’t familiar, both Adrian and Tyler are hard-working, smart, and thoughtful people. They are two of the people in the industry I look up to and turn to for advice, a second opinion, a sanity check, or a proofread. And both have achieved actual career success as well as a certain amount of “influencer” status. So I wanted to get their takes on why this happens.
What makes an influencer an influencer
Tyler, being a little more cynical like me, pointed to entertainment value — when a person possesses the ability to entertain, whether it’s mindless entertainment or thought-provoking entertainment, that’s when audiences gather. The entertainment value can be absurd and empty, like watching the Kardashians or slowing down to peek at a car crash on the side of the highway (wait, are those things synonymous?).
It could be about high energy — watching a speaker on stage who knows how to use their body language and tone of voice to amp up the room — kind of like Pitbull. For the record, I like Pitbull’s music, but it’s mostly ripoffs of other tunes with a great beat layered on top. His concerts feature flashing lights and scantily-clad dancers. Whipped cream — not much substance, but it makes you feel good.
And then there are the people who just speak the loudest — people who like to stir up trouble, maybe through disinformation or conspiracy theories, just to watch the impact. They know that “fake news” spreads farther and faster than facts. For them, they are both the entertainment and a recipient of entertainment, at others’ expense.
There are plenty of types of entertainment, and that’s how a number of “cybersecurity rock stars” become “rock stars.” Tyler’s explanation resonates, even if some of these people are solely entertainment.
Adrian, on the other hand, said that people follow cyber “influencers” who they feel are genuine and dedicated, people who are constantly learning, growing, and helping the industry in some demonstrable way. Sorry, Adrian, that’s you.
But, I agree with Adrian that influencers can be all those things. They should be if their aim is for positive professional and personal progress. The genuine, hard-working people who get recognition because of the work they do for the industry, in my opinion, deserve recognition and opportunities.
However, the people described in the last two paragraphs aren’t the ones who confound me, the people who, when their posts show up on social media, I scroll by because I feel the majority of their aim is self aggrandizement. Those people, the ones who revel in their own “influence,” overshadow quieter, less outwardly effusive people. And, despite the quality of their work output, the attention seekers are the individuals who are offered center stage a lot more frequently.
Unfortunately, this hurts the industry more than it helps. It brings us no closer to closing cybersecurity gaps and stopping bad guys. It rewards the wrong things.
Influence and achievement
When it comes to career success — getting a new job, promotion, or salary increase — the influencers seem to have the upper hand. When it comes to getting help, again, people will rush to influencers’ sides, whereas more reserved people have to ask more people, more times, and may or may not benefit from community in the same way.
To illustrate, two acquaintances recently lost their jobs due to restructuring. One is someone who has been featured in the media as being “the best in the industry.” Don’t get me wrong, this person is a perfectly fine human and decent worker. I’ve just never seen them work particularly hard or do or say anything particularly innovative. On the other hand, they are über friendly and say nice things to people. Relying on their reputation and industry connections, they landed a new job in two weeks.
The other acquaintance is someone who constantly pushes themselves to be better, smarter, and more effective. Despite this, this person has, several times in the past, gotten dinged by bosses and coworkers as being “disruptive” and “too direct” because they want to improve processes and outcomes. This person truly cares about doing a good job and helping others. But they are a somewhat-outcast because of their commitment to continuous improvement. They aren’t as conventionally friendly as the other person, but this person’s work is reliably strong. It took this person more than five months to find a job, because they didn’t have the status and connections to make the process easier.
Does it pay to be popular?
There is unequivocal evidence that people who are able to influence — via whatever means — are more likely to achieve greater career success. Hard work aside, savvy seems to be a key contributor to individual accomplishment. Can a person get away with a weaker work ethic or mediocre deliverables if they are entertaining, louder, friendlier?
Most people would publicly say “no.” No one wants to be caught praising a Kardashian over someone with a killer work ethic. But in reality, do we promote people who manage to sound convincing (and sometimes don’t stop making sounds) and then reward them unfairly? Do we tend to overlook people who can’t play the popularity game well? When this happens, how much does it hinder cybersecurity progress?
It’s an interesting topic that I’ve read about often. But today I am most interested in the industry’s opinion: When you identify industry influencers, are they substantive or just outspoken? What have you learned from them? Have you felt limited in your career because you prefer to avoid the limelight or simply don’t possess the power or desire to stand out? Have you seen people get passed over because they can’t compete with rock stars?
And, what personal characteristics does it take to be a cyber “rock star”? Can these traits/characteristics be learned? Is it something you would do to get ahead? And, last but not least, is this something we should be aspiring to in security?