If you’ve never seen one of Javvad Malik’s videos, do yourself a favor and check out his website. Sure, not all of them are entirely related to security awareness, but you’re unlikely to find a more entertaining perspective on the issues facing security professionals.
I sat down with Malik, a CISSP, during the recent (ISC)² Congress in Chicago, where he spoke during several sessions, including one focused on using social media to promote information security.
During our conversation, we discussed his method and the power of social media that can be harnessed by today’s information security professionals. “It’s about promoting themselves and security awareness”, he tells me, when I ask about why those in the industry might consider engaging a wider audience through mediums like YouTube, Twitter, or personal blogs. He admits that, in his case, these videos are about promoting information security, “but the byproduct is that you promote yourself as well.”
Malik says he starts with a small idea and then builds out from there. The videos, most of which are only a few minutes each, require about 60–90 minutes of prep time for every one minute in the final product.
His audience, the analyst tells me, is the wider IT sector, and not just information security professionals. Malik admits that, until recently, he was less than confident in is face-to-face verbal abilities, but that social media and the use of a video camera allowed him to get his message of awareness to a broader public. His apparent lack of confidence, apparently a bygone characteristic, comes as a bit of a shock to me, given that he is quickly becoming a security industry rock star – an in-demand speaker, undoubtedly attributed to the enormous success of his social media prowess.
Rock star assertions aside, Malik maintains a quiet, humble persona, and reveals that – contrary to what the final product may indicate, sitting alone in front of a camera is not necessarily easier than speaking in front of live audience.
The videos are not only useful for general IT professionals, end-users and other security professionals. As Cisco’s Tony Vargas pointed out during a separate session during the (ISC)² Congress, the medium allows security professionals a more effective venue to communicate security risks to an organization’s executives. “Security professionals typically communicate through Twitter”, Vargas observed. “But executives like to watch videos. We need to learn how to communicate through their mediums, and Javvad’s videos are an excellent example of how to communicate the risks we face more effectively.”
Malik is not only a YouTube sensation for the infosec industry, but maintains an active Twitter account – engaging fellow industry professionals on a daily basis. He also uses the service as a primary news source, in addition to sharing ideas. “You can use it [Twitter] to engage with people outside the security sphere”, he tells me, but it also serves as a valuable information resource that security professionals can use to keep up to date.
In a parting message, Malik tells me that security – historically – has grown as a silo. “This is no longer the case”, he observes. “Our issues now make the broader news.”
And what about the value of social media for industry practitioners? “We need to develop as professionals to move the industry forward”, he explains. “Professionalize your knowledge, and make yourself available.”