Security sites to bookmark: and

Information security journalism: Creating a Personal Brand

Human Resources 2.0 is revolutionizing the workplace. The relationship between employers and professionals is changing. The traditional long-term contract is giving way to other means of collaboration. These are much more varied and adapted to specific needs from both sides. In this context, the creation and maintenance of a personal and professional public brand becomes a clear value.

The world of information security also lives this change. These two sites are two examples of this new trend: by Brian Krebs, a former Washington Post reporter and by Graham Cluley, an antivirus developer in the nineties.

Brian Krebs worked as a reporter on security issues at the Washington Post for 14 years, until 2009. His interest on digital security grew since 2001, when his home network was compromised.

Unlike Brian Krebs, Graham Cluley is a security professional with a technical background. He wrote the first version of the Windows-based Dr. Solomon antivirus and, outside the security field, two MS-DOS based games, still available on their website. He was one of the security specialists blogging for "naked security", the Sophos antivirus vendor's site. In June 2013 he left Sophos, a company where he worked since 1999 and released his own information portal for Internet security,, to market his personal brand as independent security analyst. This site deals with IT security topics and it is not so cybercrime-focused as

As they both confirm, they are now their own bosses. They regularly publish security news that could well appear in general-purpose newspapers and news portals, related to espionage, newly discovered vulnerabilities or the latest security breaches.

The simple architecture of these sites makes them easy to read and follow. and are platforms that both authors use to publish news while growing their personal professional brand and marketing their expert security analysis services in the form e.g. of articles in the case of Brian and public appearances in the case of Graham.

Finally, two questions I would like to pose to the reader:
- One for security entrepreneurs: have you already created your own personal brand?
- One for security practitioners in order to facilitate public awareness of the need for 'effective' security in the organization: do you regularly provide security news to your top executives?

A version of this post in Spanish is available here.

Looking through the glass

Happy reading!