There are two types of thought leaders in the infosec industry. On the one hand are deep subject matter experts (SMEs). They traverse the conference circuit, bloggersphere, and podcast scene. If you want to learn about the latest research and developments in the threat landscape, then these are your people. Ultimately SMEs are defined by their ability to bring genuine value to the community through unique insight. This blog is NOT about these figures.

Instead, we explore a different species of infosec celebrity: the vanilla thought leader. Where vanilla thought leaders lack unique perspectives or tangible insight, they make up for with hubris and snake oil. Vanilla thought leaders rarely speak in public, and instead stick to their natural breeding territory of LinkedIn, where they enjoy safety in numbers. One might ask, how can someone say nothing new or interesting, yet still possess the confidence and pizzazz of an expert? Fortunately for you, this guide tells you exactly how.  

  1. Self-appoint. Whilst SMEs gain their coveted status through hard work and industry-wide recognition, vanilla thought leaders short-circuit the process instead. The secret they have discovered is that simply acting like a thought leader often seems to do the trick. This fiendish judo move allows the vanillas to mosey around social media with a certain swagger, despite doing almost none of the work. Common tricks include talking about mentees that don’t exist, or inviting non-existent fans to hit you up if they want to meet you at a conference (as if you are too important to arrange anything yourself).
  2. Don't be afraid to be immodest. A personal achievement isn’t credible until your network is notified, multiple times. Talk frequently about your accolades. LinkedIn names should include as many four letter acronyms as possible. Include the most credible ones early on as no one will read more than two. However, a long list will still look imposing and allow you to flex your infosec alphaness. For context, your name should look something like this: “Tom Collins, mentor, keynote speaker and industry expert [that last one doesn’t actually need to be true]. CISSP, CISM, CRTIA, Sec+, Network+. PADI-certified, passed cycling proficiency test”.
  3. Quantity over quality. Developing and articulating thoughtful opinions takes time. This is inefficient. Vanilla thought leaders should instead focus on volume. The key is to write lots of words, without saying much at all.
  4. Be weary of meaningful connections. Vanilla thought leaders are like sharks: they die if they stop moving. The 10 minutes you just spent getting to know someone is 10 minutes that could have spent speed networking with 20 other people. Rather than foster genuine relationships, a vanilla thought leader should instead focus on ramming their business cards into as many hands as possible.
  5. Talk, don't listen. Listening is for those that want to learn. Vanilla thought leaders cannot risk displaying such outrageous levels of humility. Vanilla thought leaders should therefore practice assuming that people are interested in them. After getting back from a conference, an aspiring vanilla thought leader should take all email addresses from new business cards and add them to their mailing list. Don’t ask for permission beforehand and don’t provide an unsubscribe option. Remember your three main objectives: broadcast, broadcast, and broadcast.
  6. Make up questions. Not sure how to start a new post or social media hot take? Introductions are always the hardest part of writing, yet one easy work around is to pretend you have been hounded with questions about something. This allows you to talk about whatever you want under the veil of an expert with an in-demand opinion. The key is to stress that you have been asked about the topic multiple times. Good examples include "a lot of my followers have been asking me about..." or 'one of my mentees asked me about X and I figured it would be helpful for me to share my thoughts across my broader network".
  7. Be a follower, not a leader. How can a thought leader be a follower you ask? Whilst the idea might seem counter intuitive at first, copying other people’s ideas provides a quick way for vanillas to ramp up their own output. One easy trick is to regurgitate hackneyed cliches. Perhaps talk about how corona virus could herald in a new era of remote work and that companies insisting on five days in the office are now living in the past. If you are looking for infosec-themed topics, repeating that it is a human, rather than technological, problem always seems to go down well.
  8. Make hollow gestures. Is someone in your network looking for a mentor? Well go ahead and like their LinkedIn post. Is a non-profit infosec event raising money for charity? No need to donate or take part on the day when you could simply retweet instead. Critically, these hollow gestures require less resources and can be easily scaled.
  9. Play the game. Are you lacking the followers required to be a credible vanilla? Then don’t be afraid to fight dirty. Follow people and then unfollow once they have followed you back. Paid Twitter bot followers are your friend here.
  10. Don’t practice what you preach. Have a good idea about how to keep your staff motivated during lockdown? Great, then tweet it. Integrating it, however, is a complete waste of time. Even if an initiative will keep your staff happy, putting it into practice takes time, thought, and effort. This will distract you from your primary function of posting on social media (see point 3). Remember, your friends and colleagues are the last people you should be trying to impress (see point 4).
The awesome image used in this article is called Trollhunters and it was created by Ale De La Torre.