Ep24: Can Cybersecurity Experts Safely Use TikTok?
As a security engineer. I'm curious about your thoughts on the intersection of professional cybersecurity roles. And personal social media use. And specifically. Using platforms like TikTok, does that compromise the trustworthiness of security professionals?
---
I do hope you enjoyed this episode of the podcast. Here's some helpful resources including any sites that were mentioned in this episode.
--
--
Find subscriber links on my site, add to your podcast player, or listen on the web players on my site:
--
Support this Podcast with a Tip:
--
If you have questions for the show, feedback or topics you want covered. Please send a short email to marc@bytesizedsecurity.show with the Subject line of "Byte-Sized Security" so I know it's about the podcast.
Connect with me on TikTok: https://www.tiktok.com/@bytesizedsecurity
Transcript
As a security engineer.
2
:I'm curious about your
thoughts on the intersection.
3
:Of, professional cybersecurity roles.
4
:And personal social media use.
5
:And specifically.
6
:Using platforms like Tik
TOK, does that compromise?
7
:The trustworthiness of
security professionals.
8
:I did a LinkedIn poll on this
and it was rather interesting.
9
:Because.
10
:It was more of a mixed bag,
but it really came back as.
11
:At least in the United
States, the answer was no.
12
:That they wouldn't trust
a security professional.
13
:That uses a platform like Tik TOK.
14
:Now they don't really give
any information as to why.
15
:That was just a short poll
and that was the vote.
16
:Personally, I find it a
rather simplistic view.
17
:And I'm going to go over a few of
the reasons why I feel that way.
18
:And you can totally disagree
with me on this one.
19
:And if you do disagree,
look in the show notes.
20
:There's a contact area.
21
:Please contact me.
22
:I'd love to know what some
opposing viewpoints are on this.
23
:So the first thing is
professional versus personal use.
24
:And I think a security insured can
be proficient in their job while
25
:using social media platforms.
26
:For personal entertainment or networking.
27
:And furthermore.
28
:I think from what I have seen.
29
:That if you take a piece of
information that you want to
30
:give out, You're going to reach a
completely different audience there.
31
:That may be very receptive to your
message and might need to hear it.
32
:But it's not getting an education
and not getting any understanding
33
:of that need because there's an
entire generation of people that
34
:have decided it's not trustworthy
and they're not going to go there.
35
:But they don't understand,
or maybe they don't care.
36
:That the platforms they're
used to promoting on are
37
:not used in other countries.
38
:Or it's only in English and
they're not using subtitles.
39
:Or you're not reaching a generation of
people who are younger, who just are
40
:not going to be on LinkedIn, looking
at your stuff, or maybe that maybe that
41
:platform is blocked in that country.
42
:YouTube doesn't seem to get
the respect that it wants.
43
:Did I use it?
44
:And I still like YouTube myself.
45
:But it's very different.
46
:Now you're getting a lot of
different people that are not
47
:going to find your message on.
48
:A long video, right.
49
:If I do a.
50
:If I do a long video on multi-factor
authentication on YouTube.
51
:I gotta be honest with you, unless you're
a power player for your small creator.
52
:That's not going to go anywhere.
53
:And if you do a short, I hope you
have, you know, a very entertaining
54
:way to do that because that's also
really not going to go anywhere.
55
:It's just not how that platform promotes,
but maybe you'll have different luck.
56
:But if you were to do the same
video and you were to do that on
57
:Tik TOK, You had hit an entirely.
58
:Different audience.
59
:Of younger people that have different
opinions or maybe actually find that
60
:information valuable, especially when
they're looking for cybersecurity
61
:information or career advice.
62
:Which is going to be a completely
different audience and you're
63
:going to find on LinkedIn.
64
:Which would again be a completely
different audience than anybody
65
:listening to this podcast.
66
:And this is a completely different
audience from newsletters.
67
:So it's rather interesting.
68
:To simply dismiss something and that's
professional versus personal use.
69
:Number two could be awareness
and risk management.
70
:So, you know, security professionals
are typically well informed about the
71
:risks associated with social media.
72
:And then more likely to take
precautions to mitigate these risks
73
:such as strong, unique passwords.
74
:Enabling two factor authentication.
75
:What you can do on these platforms.
76
:And being cautious about the
personal information they share.
77
:So if you have a security
engineer that has a channel.
78
:On YouTube and a channel on tech talk.
79
:And they're just sharing information
about cyber security and how to secure
80
:yourself and be better in the digital
world and, you know, take care of your
81
:own personal information as well as, you
know, people, family, friends loved ones.
82
:How is that a bad message to spread?
83
:To the world.
84
:I don't think it is.
85
:I think it's our obligation.
86
:To take the knowledge and the
understanding that we have
87
:as technology professionals,
people that do understand this.
88
:And spread that information and to,
to a different audience, a different
89
:generation that needs to hear it,
that wants to hear it, but needs
90
:to not hear in technical terms.
91
:So for example, If I was going to
explain cyber security to my mom.
92
:I would tell her about, you know,
securing your information and bad
93
:guys are out there to get it and they
want to steal it and they want to.
94
:You know, social engineer or,
you know, user information to get
95
:loans or, or medicine, whatever,
or make fake IDs who knows.
96
:But I'm not going to be able
to describe that to her.
97
:Talking about E.
98
:S encryption and all these other kind
of terms, it's going to go over her
99
:head and she's going to tune me out.
100
:So it's a message that needs to
be put out to different audiences.
101
:And I think that that message can be
spread on a multitude of platforms with
102
:not compromising your own information.
103
:Number three would be
understanding of platform security.
104
:So just being familiar with
the wide range of platforms.
105
:Uh, including Tik TOK can give skirt
security professionals a broader
106
:understanding of different security
models, potential vulnerabilities, and
107
:the way in which user data is handled.
108
:So understanding those different
platforms, if you're going to be an
109
:expert on something, usually you need
to use it yourself and understand
110
:it and understand the audience.
111
:In order to disseminate that information.
112
:For example, my podcast now
is at least six minutes.
113
:Some people will listen to that.
114
:I do not think this would be a very
successful podcast on YouTube or.
115
:Most of the platforms
people have tuned out.
116
:They're not going to listen.
117
:So it's a different audience, the
audience that I'm potentially reaching.
118
:Now it's interested in listening to
something for more than 30 seconds or.
119
:A couple of minutes.
120
:And that's not normal for these
other platforms, but the information.
121
:Can still be pertinent.
122
:So I think as a professional,
just negating and ignoring
123
:things that are out there matter.
124
:There's a whole general, if you ignore
that, there's an entire generation of
125
:people that are learning from people
who are much younger, who do not have
126
:the industry experience and they might
be learning a lot of the wrong stuff.
127
:But they're not going to know it because
the generation that's supposed to be
128
:teaching them has decided that not they're
not going to participate in that at all.
129
:And so you have younger people
teaching younger people.
130
:And who knows.
131
:And a lot of it's marketing.
132
:I've seen some rather interesting
things on the platform where you
133
:have very prolific influencers with.
134
:You know, 20 plus 40, 60,000
followers, which is quite huge.
135
:And they've only been in
cybersecurity for a year.
136
:I mean.
137
:Okay.
138
:It seems like this interest.
139
:I mean, I've only been
in it for five years.
140
:And had it as a.
141
:Uh, personal hobby,
something that I've done for.
142
:Quite some time, including an it career.
143
:And I'm still learning a lot
and understanding this thing.
144
:So I don't understand.
145
:Anybody, anybody who has
one year under their belt?
146
:Is suddenly an expert about the field.
147
:So.
148
:There should be more people in that space.
149
:Educating and giving different
opinions on that rather than just
150
:a certain, you know, generation.
151
:Giving that, uh, that information.
152
:Which leads me to number four, which
is educational and outreach purposes.
153
:I mean, Some security professionals
use platforms like Tik TOK
154
:to educate the public about
cybersecurity, digital hygiene and
155
:the importance of data privacy.
156
:Absolutely.
157
:It's a platform that's going
to hit a different audience.
158
:You should take advantage of that.
159
:And I, I think that is huge.
160
:You have an educational and outreach
opportunity that you normally
161
:wouldn't have with other platforms.
162
:So there is something to be said for that.
163
:Five is keeping up with trends.
164
:So social media platforms are
often the front lines of new
165
:types of security threats.
166
:So being familiar with these platforms
can help professionals understand emerging
167
:threats and evolving digital landscape.
168
:A lot of the things.
169
:Breaking news or breaking
threats are going to happen.
170
:In the social media space long
before they ever hit the news.
171
:And so if you want to keep up with those
trends in order to educate and understand.
172
:Then you're going to need to
be on the forefront of that.
173
:And that's usually in very
popular worldwide platforms.
174
:Six would be personal choice and privacy.
175
:So using a social media
platform does not automatically
176
:apply irresponsible behavior.
177
:I mean privacy settings and usage
patterns vary, greatly amending it.
178
:Individuals.
179
:So how you're using it.
180
:In a professional capacity does
not make you less trustworthy.
181
:You could reverse the script.
182
:If you were in a different country,
you could say I don't trust a security
183
:professional that would use YouTube.
184
:It's the same thing to me.
185
:You're negating a platform based upon.
186
:How, you know, something that you're
thinking about or how you're using it.
187
:And I think the important part to
think about is how are you using it?
188
:Are you being secure?
189
:Are you being safe or using it
as a platform to educate people?
190
:Okay.
191
:Then that message should be
spread in a very, you know, a
192
:variety of different things.
193
:What I say in this podcast,
Could be really toned down to be
194
:something that could be on YouTube.
195
:It could be something that
could be in Tech-Talk.
196
:It could be something that's on.
197
:Uh, newsletter.
198
:There's a lot of different ways
to take this information and
199
:change it so that I can get this.
200
:Message out to the right people.
201
:You also have a number seven, we
demonstration of security principles.
202
:So.
203
:You know, a security engineer might
use social media to demonstrate good
204
:security practices like avoiding
oversharing, personal information,
205
:or recognizing phishing attempts
or identifying misinformation.
206
:As they're all good uses of
that platform to help educate.
207
:And number eight, a diverse exposure.
208
:So exposure to variety of
technologies, including social media.
209
:Can enhance your ability to
adapt to new security challenges.
210
:So.
211
:I don't think that the use of a
social media platform like Tik TOK
212
:automatically negates a security engineer
skills or commitment to cybersecurity.
213
:I think it's more important to
evaluate their professional expertise.
214
:The understanding of security risks and
how they manage their digital footprint.
215
:That to me, Make some more
of a trustworthy individual.
216
:Than simply using or not using a platform.
217
:In my capacity.
218
:I want to teach and talk about cyber
security, just like I did with fitness
219
:that I've, I've done for years.
220
:And how I reach that audience.
221
:Then I just have to change and adapt.
222
:If I decide.
223
:That all I'm going to do is
do a newsletter and a blog.
224
:Okay, that's fine.
225
:And that could work really well.
226
:But I could do a lot better if I
engage my audience in the way that
227
:they want to consume information.
228
:So for example,
229
:I think reading is important.
230
:I know how to read.
231
:But I don't sit down
and read a lot of books.
232
:But I do listen to a lot of podcasts
and I do listen to a lot of audio
233
:books that I get through the library.
234
:So if you've got a really, really
good book, I should, I should read.
235
:You're not going to catch me necessarily.
236
:Cause that, that isn't
how I consume information.
237
:But if you have that book in an
audible format, I will listen to it.
238
:So you can take the same
information in different formats.
239
:And reach a much large, larger audience.
240
:So you take that blog.
241
:You take that newsletter.
242
:And you read it.
243
:Right.
244
:Let's say you just read it, whatever.
245
:Now it's a podcast and you've just
reached an entirely different audience.
246
:It's not, it's just an email
more email and they're not
247
:really going to read your blog.
248
:They don't have time for that, but they
are going to listen to what you're saying.
249
:On a commute or in the car, just like
you might be listening to this podcast.
250
:Then you take that information and
you decide I'm going to take what I'm
251
:saying and try to make it under three
minutes because people who are in hurry.
252
:It's better practice, public speaking.
253
:It's better practice for now rambling.
254
:It helps you communicate your message.
255
:Clearly concisely quickly.
256
:So.
257
:Using different platforms
for me has been very.
258
:It's been very helpful.
259
:Let me put it that way.
260
:The information that
I'm able to disseminate.
261
:If I take two things of, of equal value.
262
:I won't be able to disseminate
that information on YouTube.
263
:That I can.
264
:On Tik TOK, I could have the exact
same message and the exact same video.
265
:Of me doing that.
266
:And.
267
:It's not going to be a short shown
on YouTube for whatever reason
268
:their algorithm or who knows.
269
:But I can reach out to
people who are curious.
270
:Ask questions.
271
:We'll share that.
272
:And I can educate people
on a different platform.
273
:So if I have a message and I
think it's important, let's
274
:take two factor authentication.
275
:I think that's really important
to enable on every account
276
:that you can enable it and on.
277
:Sure.
278
:It's a little bit.
279
:Challenging to get a code,
but it's actually not that
280
:hard once you get used to it.
281
:It's like a no-brainer, but it
is really important to do it.
282
:So I can write that in a blog.
283
:I can write that in the newsletter.
284
:I could do it in the podcast.
285
:I can do it on YouTube.
286
:I can do it on Tik TOK.
287
:I am going to get that message out
that is very important to do this.
288
:On a multitude of platforms.
289
:So people are consuming that,
that message in a variety of ways.
290
:And if I could just help one person.
291
:I put two a Fe on an account
that matters to them.
292
:Whereas they don't.
293
:Get compromised or the
identity doesn't get stolen.
294
:They don't lose their email account
or they don't lose one of the social
295
:media accounts or they're on Tik TOK.
296
:And they go, I, oh, I didn't
realize it had to affect, I
297
:guess I should turn that on.
298
:I'm all for that because
the message I'm putting out.
299
:Is important.
300
:And I'm more interested in how the
message gets out and is received than
301
:am in the platform that I'm doing it on.
302
:So, however, Whoever and however
they need to consume that information
303
:is how I'm going to do it.
304
:And I think there's a
benefit to me too, because.
305
:It helps me.
306
:Get better at things I'm not good at,
which is getting to the point quickly.
307
:Right.
308
:A podcast for me is okay.
309
:Cause it's 20 minutes or
15 minutes or whatever.
310
:And I don't mind listening
to something longer cause I'm
311
:usually doing something longer.
312
:But when I'm watching a short video,
I'm looking for a tidbit of information,
313
:a piece of information, and I kind
of want to consume it quickly.
314
:And I really don't have time
for one minute of your antics
315
:or whatever it is you're doing.
316
:And for me as a producer of
that content, it's difficult.
317
:I getting to the hook quickly and
capturing people within three seconds.
318
:That's just new to me
and that's not my forte.
319
:I'm used to this kind of a medium
where people are listening and I'm
320
:not having to rush explanations.
321
:So I'm pretty excited about the
different platforms that are out
322
:there and how to communicate.
323
:A single message and then disseminate it.
324
:In a variety of ways.
325
:And I'll go back to that, you
know, that just that book.
326
:Example that I gave you might have
a great book, but I don't really put
327
:aside the time necessarily to read it.
328
:Like some people really do put a time,
put aside time to read something.
329
:I prefer to listen to it.
330
:So you're going to reach a
much larger audience by having
331
:your book in an audible format.
332
:Now you've got the people that read and
the people that listen, and I kind of feel
333
:the same way with social media platforms.
334
:Sure.
335
:I can do a blog post.
336
:I can stick to this podcast
where I feel comfortable, but
337
:if I put myself out there.
338
:In a, kind of a public facing
area where I'm talking on video,
339
:which is new to me and looking
at a camera, which is new to me.
340
:It puts me in a different,
I guess, exposure area.
341
:And I can reach an entirely different
audience with the same message that I
342
:think is important to get out there.
343
:So back to the original question.
344
:Would you trust a security engineer?
345
:That's on Tik TOK.
346
:Or do you agree that it doesn't
really negate their skill or
347
:commitment to cybersecurity?
348
:It's more important.
349
:You know, to evaluate the professional
expertise, the understanding
350
:of security risks and how they
manage their digital footprint
351
:and how they use those platforms.
352
:I would actually love to hear from
somebody on this and you can find my
353
:contact information in the show notes.
354
:Otherwise, please.
355
:Do like, and share this podcast.
356
:It will help get the word out.
357
:And I appreciate everybody listening.