Mentor Question Personal Branding

A few thoughts on personal branding, starting with mine/ours here:

My Branding

the montage

  • living online …
  • dfirnotes, the paper:
  • teaching a bit, email signature block updates: “infosec educator”
  • dfirnotes on GitHub and the blog: “notes on dfir practice, and practice”
  • dfirnotes, the Twitter, pinned post with README
  • latest rev: “Information Security Leader & Educator”
    • “design, build, teach threat-informed information security programs and techniques”
    • “Also: retweets of interesting classes, tools, research. They/them”

I’ve been on computer networks socially and for work/school for essentially my whole life. Much data about who I was and am is on the Internet and I haven’t done much to try and change that (philosophically & professionally against it).

Several years ago now, as part of my studies around infosec and to get a particularly tough and prestigious certification (GSE ) I had to write a couple papers. Being the open source advocate that I am I put them on GitHub (MIT License) after publication. For the latter paper on using scientific notebook software in DFIR practice and education DFIR notes (which I though might have some reach) I even spent a few minutes (okay hours) with free clipart and Inkscape to make a logo.

When I started teaching besides the day job I started to take my online professional profile a bit more seriously. I had to write up a “bio blurb” for the first time and that was tough. As I taught a little more and changed dayjobs I put more effort into branding and I think that’s about when I read Ted D.’s book InfoSec Rockstar / saw him speak and reviewed some other advice about branding. I set up the professional blog and aligned all of my professional profiles and accounts around this brand (logo was really handy). Somewhere in there I started using an email signature block consistently and continue revising it as needed for changing qualifications and new headlines. There was even a headshot photo (not just a repurposed badge photo!).

So, separately from any personal accounts I may or may not still maintain (smirk) here we are: @dfirnotes the blog, twitter, and GitHub organisation (et alia). Technically there are more contributors than just me (especially to the GithUb rules), so for that and other reasons we’re they/them.

Method and Tips


  • “What would you say you actually do here?” -The Bobs, Office Space

My investigation playbooks are all question based and here as well some questions can help guide anyone in generating ideas for professional branding, resume headlines, blurbs, and consulting marketing:

  • What are you individually good, great at?
    • Do you have a speciality?
  • What distinguishes you from others with similar skills, education, certifications or the same job title?
  • What do you want to be doing / what role are you reaching for?
    • What do you want to be when you grow up?

Answer these as best you can by yourself and then also ask peers, supervisors, mentors, friends, and family too. From there you should get some starter ideas and possibly some new role/career options to think about. You could certainly get ideas from career themed books such as the Parachute one.


  • “Good artists borrow; great artists steal.” -Pablo Picasso, famously borrowed by Steve Jobs
  • “We call it OSINT if we’re billing hours, otherwise it’s just ‘using the Internet’.” -overheard

As with resumes and job postings reading others’ profiles can be very informative. If there are individuals in your field or in fields you admire check out their profiles and branding approach. What platforms are they active on and are they getting responses or engagement ? This is one of very places that paying brief attention to “Internet points” might be useful. For some folks you might even need think about search engines and advertisements … screams and runs. A review of the profiles and activity of people and communities you respect and want to be like is the best answer you can get to questions about which platforms/apps you need to be on.

On the flip side, be aware of how much information you are sharing about you, your clients, and your technology and keep in mind that others also conduct OSINT and ‘use the Internet’. It might be a be a good time to review some online privacy guidance and adjust your personal threat models as you deliberately put part of yourself “out there” more. Violet Blue’s Smart Girl’s Guide to Privacy No Starch Press is great book, and infosec professionals specifically may need to know and do more as we are actively targeted. Sites like CitizenLab and Privacy Rights Clearinghouse have some good general guidance.


Once you have some ideas you’ll need to test them. While not everyone will put their professional blog / social media account through structured A/B testing or multiple intensive focus groups … you should find a way to gather some feedback. This will almost certainly include using your new persona on applications for jobs and programs.

Once you have some of your ideas worked out you could look into vanity domains, social media handles, and check the branding options for the services you use. Many SaaS services will stamp your brand on your documents, conferences, pictures, etc. if you pay for a higher tier or add-on the service. Decide if this makes sense for you and where you are going.

Now, newly branded you should contribute to communities, which will also help build your reputation. “Hack something, learn something, write it up” is the general advice there … Start a blog, mentor or be mentored (or both!), volunteer for a panel, put in to present at a virtual conference!

Tips: refresh the whole process and your branding regularly at a cadence that makes sense to you: whether that’s quarterly, annually or before applying for a new role or a promotion. Keep all of this material someplace you can easily get to, like GitHub or a text buffer (a document) you can always get to for the endless copying and pasting of your signature line, bio blurb, website address, logo graphics, usw. into forms and applications to save time and typing and try to keep everything synchronised and consistent.


We Hope This Helps (hth) folks at all stages of a career journey. Please ask questions of us or (even better) your support community. If you don’t have a support community yet (!!) you should make finding the right one for you the 0th item on your professional development to-do list. Tweet, email, direct message or otherwise unicast us if we can help with that :)

Nota bene: This is not a guide on starting a business, though similiar steps may help if you are, and will especially apply if you are setting up a consulting business. I am not a lawyer.

Written on November 17, 2021