Security Experts:

How to Make Friends and Influence People (in InfoSec)

After a particularly strange exchange with a new connection on LinkedIn I felt the need to write a post on my profile calling out bad behavior. I clearly struck a nerve, as I received several notes asking me how someone should make a connection request, and subsequent invitations to connect. After responding to a few of these inquiries, I realized others may be interested in this information.

Let me start by saying that I’ve been making connections and building relationships for 20 years. That does not make me any sort of networking expert, but I’ve learned some things along the way that I thought other people might find useful. Before I jump into my suggestions, I ask that you remember one important thing: relationships, like people, are never cookie-cutter and won’t behave according to any defined pattern you might expect. As such, I advise you to keep your expectations in check to reduce the chances of being disappointed. Following are some thoughts in no particular order.

  • Offer something of value. First, and perhaps most important, always have something to offer someone to whom you want talk and build a relationship. In real life, the only time it may be even remotely appropriate to walk up to someone and say, “Hey, I have something to sell you I think you’ll want,” is if you’re on a used car lot. Even then, maybe not. So, if you’re going to connect with someone on a platform like LinkedIn, have something to offer them. Typically, this should have two qualifying attributes. It has to be something they actually want, and it shouldn’t require an up-front investment on their part. If you’re extending your hand to someone, either physically or virtually, it should be with up-front value. In real life, sometimes it’s as simple as an umbrella, your muscle to change a tire or a helpful anecdote to someone who writes a post about something with which they’re struggling. A great opening line to a connection request I recently received said, “Hey Rafal, I saw you recently commented on the importance of frameworks – I’m curious about one of your points and would love to connect and talk it over.” That got my attention, and I accepted the request. It didn’t hurt that the person actually had some unique insight I had not previously thought about. One closing thought on this: if you’re going to offer value, it forces you to know with whom you’re connecting. If you’re going to extend to me a unique conversation, you probably have read some of my posts or ramblings and done some homework. If not, I can tell pretty quickly, and you end up on a naughty list. Research the person you’re trying to reach and understand their agenda, their motivations and how to get the best reaction from them. It’s not hard. It just requires a little up-front work for that connection. In the end, it should be worth your time.
  • Cultivate your connections. This is the part where I personally need the most work. Cultivating relationships is difficult. There is a limit (I think it’s about 150 or so) to how many personal connections a human being can keep. LinkedIn says I have well over 3,000 connections, but about 2,900 of those are secondary. Secondary means we say hello and are cordial, but neither of us knows enough about the other to suggest a pizza topping. That’s my judgement of how well I know someone, if I can order a pizza with them without having to ask. Think about that, how many people do you know that well? That being said, cultivating a connection is difficult and involves your time and energy. Don’t take that lightly, but don’t waste that on people who won’t reciprocate. It’s important to remember that relationships are a two-way street. Identity your primary relationships and your secondary relationships. Treat them accordingly.
  • Some people feel unapproachable. My advice to anyone who makes a real attempt at connecting while providing value and still gets shot down, don’t sweat it. Some people are more difficult to approach than others. I’ve been that way, you’ve been that way, but we get over it. You can either choose to keep refining your approach, or you can move on. The trick is to detect this situation as quickly as possible and either refine your approach or move on. They are rare, the ones that are truly unapproachable, but they exist. Don’t lose sleep and don’t personally invest or take it personally. That’s the best advice I can give you on this.
  • We’re all selling something. I’m always amused by people who “refuse to talk to sales people” because they don’t even realize they’re selling something, too. Even if you’re the gal holding up the “Caution” sign as I pass by on the road that’s congested due to construction, you’re selling something. You’re selling your attitude, and at some point in the future you may be helping your kid sell Girl Scout Cookies when I pass by. If you were grumpy then, I will reciprocate. If you’re delivering a service by sitting in a SOC and calling clients for alerts, you’re selling the services of your company with every call. Trust me, you are. Everyone is selling their own personal brand every single day. In security, we have to convince people that what we do is valuable even if you’re the CISO of a Fortune 100. Every. Single. Day. Don’t sit so high up in an ivory tower that you forget that we’re all just doing a job. If the approach is genuine, be genuine back.

I’ll close with this: follow the golden rule. Treat others like you’d want to be treated. If you’ve skimmed the above section and stop here, read and take it to heart. Live by it. Because life is funny. As a good friend of mine still says, “Be careful on whose toes you step because they may be connected to a hand you have to shake.”

Be kind, be genuine and offer value to your personal connections. That’s my advice. The rest is easy.

view counter
Rafal Los is Managing Director, Solutions R&D within the Office of the CISO for Optiv, which was created in 2015 from the merger of Accuvant and FishNet Security. Los leads a team developing research-backed guidance addressing key program challenges for enterprise security leaders. Prior to joining Optiv, Los served as principal, strategic security services at HP Enterprise Security Services. Previously at HP, Los served several diverse roles including security strategist of enterprise security products where he advised customers on implementing practical solutions. Los also held various positions at GE entities and various other start-ups. Follow Rafal on Twitter: @Wh1t3rabbit.