It’s 20 years since management guru Tom Peters coined the phrase ‘personal brand’ – the on-going process of managing our image to influence the way others think of us.
Even if we don’t actively do this, we all have a personal brand by default. Like it or not, this is the accumulation of what we do and say, how we look and what people think of us. It is said, for instance, that in just three seconds someone decides if they like you.
Unfortunately, as an industry, the information security sector perhaps doesn’t fully appreciate the power that personal branding has to influence others.
Does this matter? If you want to change the prevailing information security culture, it almost certainly does.
A security awareness issue
Tom Peters saw personal branding as an opportunity to control image in a way that improves the results we achieve. Put like this, developing a personal brand is not so much a narcissistic exercise, but a useful way to influence others’ behaviours.
So, if you aren’t in control of your own brand, you are almost certainly sending out inadvertent signals about yourself that may not be the ones you want. In fact, you may be self-sabotaging your own efforts without even realising it.
For instance, we can decide upon someone’s trustworthiness in as little as one-tenth of a second; correctly predict if they are an extrovert in just 50 milliseconds, and perhaps most tellingly, categorize someone as a competent leader from just a photograph.
One of the primary determinants of leadership is personal authority, something that renowned psychologist Robert Cialdini defines as one of the Six Principles of Persuasion.
[NOTE: Cialdini’s 6 Principles are part of Marmalade Box’s SABC framework for changing security cultures within organisations.]
If you have it, you will be able to make things happen, even when that involves the unpalatable. In the absence of authority, people become unsure about what to do. Watch those with natural authority, and you notice something about them that’s different, but which you can’t quite put your finger on.
Developing personal authority is, therefore, a critical component in personal branding. Unfortunately, many in positions of influence lack the authority to actually influence because they haven’t understood the importance of having a personal brand to help them do that. Or, if they have, they haven’t taken practical steps to create and develop their brand.
Building your personal brand
Nearly 30 years ago, Michael Gerber wrote The E-Myth. The aim of this short book was to help start-up entrepreneurs scale their business quickly. He describes how many fail because they never get out of the comfort zone of being a ‘technician’, so they never take on new roles where they can acquire and demonstrate influencing traits that would add to their personal brand, which in turn makes them less equipped to influence.
Without taking the time to build a personal brand, it’s easy to become anonymous. Then, by default, there is nothing to counterbalance the predominant information security brand, not ideal if that is already tarnished.
Speaking at Blackhat USA 2017, Facebook’s Chief Security Officer Alex Stamos acknowledged that the infosec industry has a problem with empathy and humility and is, therefore, less effective in building the relationships necessary to effect real change.
It seems evident that many in the industry need to think more about building their personal brand if they want to influence others when it comes to security awareness. Not only will this make them more effective in their work, but will also accelerate their career progression.
Investing in your personal brand
We trust people more than we trust brands and engage with them accordingly. Therefore your personal brand represents your capacity and power to influence the behaviour and actions of others. This makes it a powerful tool for change.
Successful companies increasingly look to employ staff who are also their ‘brand ambassadors’, meaning they need both a strong personal brand and one that’s aligned with the company’s corporate brand values. That’s why some organisations are now actively encouraging personal branding in their employees as a start point for generating greater motivation and engagement.
Unfortunately, a failure to invest in their personal brand leaves many information security professionals less able to change the prevailing security culture within an organisation. When the overarching information security brand is not held in high regard, this is a missed opportunity to redress the balance.
So, if you want to change the security culture in an organisation we can help, either through our personal branding services or by rebranding your infosec offering as a whole. Get in touch and find out about the range of unique, innovative and research-based influencing tools we have developed for your business.