Friday, August 29, 2008

How To Become A Security Blogger?

I know, I know. Some might say that it is a silly question since you rarely seek to become a blogger - you just become one.

However, I got a few emails from my readers asking me something along these line, thus this post. For example, I got asked "Should I focus more on targeting security professionals or general IT users?", "Any pitfalls I should be aware of?" as well as general questions about how to start, what content is best, etc all the way to "How did I profit from my blog?"

Q: Who should I blog to?

A: Blog to colleagues first i.e. infosecurity pros. Blogging to IT or general public is - in some sense - harder or - gasp! - will turn you into a journalist (someone who knows nothing about everything BUT writes about it as an "expert" :-)) Maybe you can broaden it later. Even better, write for YOU (!)

Q: What area of security I should focus my blogging on?

A: Focus on the area of security that you like the most or know them most: IDS? Patching? PIX administration? Linux? AD esoterica? Logs, maybe? :-) Then broaden if you feel like it or as you learn new areas

Q: Any advice on site design, themes, etc?

A: Site design, themes, etc will all come later; just pick something basic and FOCUS on content, not on SEO, design, etc. MUST have RSS feed; make it highly visible (HTML is out, RSS is IN :-))

Q: Any security blogging pitfalls that I should avoid? Any other tips?


  • Don't stick to only long, deep posts? Unbelievably, people often prefer shorter posts or a mix of short/shallow and longer/deep posts (that came as a shock to me early on!)
  • Tips on how to do whatever useful work well; comments on hot issues (that you understand) works too for a shorter post.
  • Definitely comment on other bloggers posts (more often early on, later - as you wish...)
  • Avoid long breaks in blogging (>7 days); it will lead to reader loss (you should only care about it later - focus on fun content first!)
  • Join Security Bloggers Network (drop an email to Alan Shimel for it)

Q: Has blogging in this niche generated any income for you? If so, how much?

A: Exactly $0. The reason is that I never wanted to "monetize" my blog; I don't have banners, etc. This is by design.

Q: How did it help your professional career in a significant way?

Yes, I think it helped my career and connected me to a lot of fun people! I sure hope I am not "known only as as blogger", but blog can definitely make one much more known professionally, especially if you create fun and/or useful content.

Overall, blog is a time commitment, but it is also a passion. It does help your career, but "forcing " yourself to do it just for "career benefits" is, IMHO, a wrong approach.

Yo, my fellow bloggers; help the newbies out, will ya?! Let's start a series of posts on "how to be a good security blogger!"

UPDATE: really good post "Why Blog?" from Richard.


Anonymous said...

Dr Anton, I think many of us have received this or similar emails recently. I have responded privately to those who asked me. I think your advice is right on though. Ultimately blog for yourself, not for others is my motto.

Anonymous said...

will turn you into a journalist (someone who knows nothing about everything BUT writes about it as an "expert" :-)).... khe khe khe me ROFL .. i say the same thing every morning i read newspaper :)

Anton Chuvakin said...

Very true - the most annoying part is that many will take you for an expert if you are a lot of drivel.... Sad indeed.

Anonymous said...

First I would like to say great blog. I have been following for a few years. I recently started up a blog targeted for students in my Network Security courses. I focus on the fundamentals but I also try to include important issues related to changes in the InfoSec field. I think your spot on with your tips. Content is king everything else is second. Keep up the great work.

Anton Chuvakin said...

Thanks for the comments and for the praise!

Unknown said...

Great post. I would also add that for every blog I write, I spend at least twice that long commenting on other blogs, reading other posts and keeping up with the latest trends and news. But that will come in time. I agree that starting with what you know best, and enjoy, is the first step.

-Kristen Romonovich
Security Provoked

Anonymous said...

I have been blogging about computer security for a few months, and following your advice I joined the Security Bloggers Network. Thanks for the wise suggestion!

D0R -

Anton Chuvakin said...

Welcome to security blogging!!!

Also, thanks for finding my post useful.

Dr Anton Chuvakin