Episode 24

full
Published on:

11th Dec 2023

Ep24: Can Cybersecurity Experts Safely Use TikTok?

As a security engineer. I'm curious about your thoughts on the intersection of professional cybersecurity roles. And personal social media use. And specifically. Using platforms like TikTok, does that compromise the trustworthiness of security professionals?

---

I do hope you enjoyed this episode of the podcast. Here's some helpful resources including any sites that were mentioned in this episode.

--

--

Find subscriber links on my site, add to your podcast player, or listen on the web players on my site:

Listen to Byte Sized Security

--

Support this Podcast with a Tip:

Support Byte Sized Security

--

If you have questions for the show, feedback or topics you want covered. Please send a short email to marc@bytesizedsecurity.show with the Subject line of "Byte-Sized Security" so I know it's about the podcast.

Connect with me on TikTok: https://www.tiktok.com/@bytesizedsecurity

Transcript
Speaker:

As a security engineer.

2

:

I'm curious about your

thoughts on the intersection.

3

:

Of, professional cybersecurity roles.

4

:

And personal social media use.

5

:

And specifically.

6

:

Using platforms like Tik

TOK, does that compromise?

7

:

The trustworthiness of

security professionals.

8

:

I did a LinkedIn poll on this

and it was rather interesting.

9

:

Because.

10

:

It was more of a mixed bag,

but it really came back as.

11

:

At least in the United

States, the answer was no.

12

:

That they wouldn't trust

a security professional.

13

:

That uses a platform like Tik TOK.

14

:

Now they don't really give

any information as to why.

15

:

That was just a short poll

and that was the vote.

16

:

Personally, I find it a

rather simplistic view.

17

:

And I'm going to go over a few of

the reasons why I feel that way.

18

:

And you can totally disagree

with me on this one.

19

:

And if you do disagree,

look in the show notes.

20

:

There's a contact area.

21

:

Please contact me.

22

:

I'd love to know what some

opposing viewpoints are on this.

23

:

So the first thing is

professional versus personal use.

24

:

And I think a security insured can

be proficient in their job while

25

:

using social media platforms.

26

:

For personal entertainment or networking.

27

:

And furthermore.

28

:

I think from what I have seen.

29

:

That if you take a piece of

information that you want to

30

:

give out, You're going to reach a

completely different audience there.

31

:

That may be very receptive to your

message and might need to hear it.

32

:

But it's not getting an education

and not getting any understanding

33

:

of that need because there's an

entire generation of people that

34

:

have decided it's not trustworthy

and they're not going to go there.

35

:

But they don't understand,

or maybe they don't care.

36

:

That the platforms they're

used to promoting on are

37

:

not used in other countries.

38

:

Or it's only in English and

they're not using subtitles.

39

:

Or you're not reaching a generation of

people who are younger, who just are

40

:

not going to be on LinkedIn, looking

at your stuff, or maybe that maybe that

41

:

platform is blocked in that country.

42

:

YouTube doesn't seem to get

the respect that it wants.

43

:

Did I use it?

44

:

And I still like YouTube myself.

45

:

But it's very different.

46

:

Now you're getting a lot of

different people that are not

47

:

going to find your message on.

48

:

A long video, right.

49

:

If I do a.

50

:

If I do a long video on multi-factor

authentication on YouTube.

51

:

I gotta be honest with you, unless you're

a power player for your small creator.

52

:

That's not going to go anywhere.

53

:

And if you do a short, I hope you

have, you know, a very entertaining

54

:

way to do that because that's also

really not going to go anywhere.

55

:

It's just not how that platform promotes,

but maybe you'll have different luck.

56

:

But if you were to do the same

video and you were to do that on

57

:

Tik TOK, You had hit an entirely.

58

:

Different audience.

59

:

Of younger people that have different

opinions or maybe actually find that

60

:

information valuable, especially when

they're looking for cybersecurity

61

:

information or career advice.

62

:

Which is going to be a completely

different audience and you're

63

:

going to find on LinkedIn.

64

:

Which would again be a completely

different audience than anybody

65

:

listening to this podcast.

66

:

And this is a completely different

audience from newsletters.

67

:

So it's rather interesting.

68

:

To simply dismiss something and that's

professional versus personal use.

69

:

Number two could be awareness

and risk management.

70

:

So, you know, security professionals

are typically well informed about the

71

:

risks associated with social media.

72

:

And then more likely to take

precautions to mitigate these risks

73

:

such as strong, unique passwords.

74

:

Enabling two factor authentication.

75

:

What you can do on these platforms.

76

:

And being cautious about the

personal information they share.

77

:

So if you have a security

engineer that has a channel.

78

:

On YouTube and a channel on tech talk.

79

:

And they're just sharing information

about cyber security and how to secure

80

:

yourself and be better in the digital

world and, you know, take care of your

81

:

own personal information as well as, you

know, people, family, friends loved ones.

82

:

How is that a bad message to spread?

83

:

To the world.

84

:

I don't think it is.

85

:

I think it's our obligation.

86

:

To take the knowledge and the

understanding that we have

87

:

as technology professionals,

people that do understand this.

88

:

And spread that information and to,

to a different audience, a different

89

:

generation that needs to hear it,

that wants to hear it, but needs

90

:

to not hear in technical terms.

91

:

So for example, If I was going to

explain cyber security to my mom.

92

:

I would tell her about, you know,

securing your information and bad

93

:

guys are out there to get it and they

want to steal it and they want to.

94

:

You know, social engineer or,

you know, user information to get

95

:

loans or, or medicine, whatever,

or make fake IDs who knows.

96

:

But I'm not going to be able

to describe that to her.

97

:

Talking about E.

98

:

S encryption and all these other kind

of terms, it's going to go over her

99

:

head and she's going to tune me out.

100

:

So it's a message that needs to

be put out to different audiences.

101

:

And I think that that message can be

spread on a multitude of platforms with

102

:

not compromising your own information.

103

:

Number three would be

understanding of platform security.

104

:

So just being familiar with

the wide range of platforms.

105

:

Uh, including Tik TOK can give skirt

security professionals a broader

106

:

understanding of different security

models, potential vulnerabilities, and

107

:

the way in which user data is handled.

108

:

So understanding those different

platforms, if you're going to be an

109

:

expert on something, usually you need

to use it yourself and understand

110

:

it and understand the audience.

111

:

In order to disseminate that information.

112

:

For example, my podcast now

is at least six minutes.

113

:

Some people will listen to that.

114

:

I do not think this would be a very

successful podcast on YouTube or.

115

:

Most of the platforms

people have tuned out.

116

:

They're not going to listen.

117

:

So it's a different audience, the

audience that I'm potentially reaching.

118

:

Now it's interested in listening to

something for more than 30 seconds or.

119

:

A couple of minutes.

120

:

And that's not normal for these

other platforms, but the information.

121

:

Can still be pertinent.

122

:

So I think as a professional,

just negating and ignoring

123

:

things that are out there matter.

124

:

There's a whole general, if you ignore

that, there's an entire generation of

125

:

people that are learning from people

who are much younger, who do not have

126

:

the industry experience and they might

be learning a lot of the wrong stuff.

127

:

But they're not going to know it because

the generation that's supposed to be

128

:

teaching them has decided that not they're

not going to participate in that at all.

129

:

And so you have younger people

teaching younger people.

130

:

And who knows.

131

:

And a lot of it's marketing.

132

:

I've seen some rather interesting

things on the platform where you

133

:

have very prolific influencers with.

134

:

You know, 20 plus 40, 60,000

followers, which is quite huge.

135

:

And they've only been in

cybersecurity for a year.

136

:

I mean.

137

:

Okay.

138

:

It seems like this interest.

139

:

I mean, I've only been

in it for five years.

140

:

And had it as a.

141

:

Uh, personal hobby,

something that I've done for.

142

:

Quite some time, including an it career.

143

:

And I'm still learning a lot

and understanding this thing.

144

:

So I don't understand.

145

:

Anybody, anybody who has

one year under their belt?

146

:

Is suddenly an expert about the field.

147

:

So.

148

:

There should be more people in that space.

149

:

Educating and giving different

opinions on that rather than just

150

:

a certain, you know, generation.

151

:

Giving that, uh, that information.

152

:

Which leads me to number four, which

is educational and outreach purposes.

153

:

I mean, Some security professionals

use platforms like Tik TOK

154

:

to educate the public about

cybersecurity, digital hygiene and

155

:

the importance of data privacy.

156

:

Absolutely.

157

:

It's a platform that's going

to hit a different audience.

158

:

You should take advantage of that.

159

:

And I, I think that is huge.

160

:

You have an educational and outreach

opportunity that you normally

161

:

wouldn't have with other platforms.

162

:

So there is something to be said for that.

163

:

Five is keeping up with trends.

164

:

So social media platforms are

often the front lines of new

165

:

types of security threats.

166

:

So being familiar with these platforms

can help professionals understand emerging

167

:

threats and evolving digital landscape.

168

:

A lot of the things.

169

:

Breaking news or breaking

threats are going to happen.

170

:

In the social media space long

before they ever hit the news.

171

:

And so if you want to keep up with those

trends in order to educate and understand.

172

:

Then you're going to need to

be on the forefront of that.

173

:

And that's usually in very

popular worldwide platforms.

174

:

Six would be personal choice and privacy.

175

:

So using a social media

platform does not automatically

176

:

apply irresponsible behavior.

177

:

I mean privacy settings and usage

patterns vary, greatly amending it.

178

:

Individuals.

179

:

So how you're using it.

180

:

In a professional capacity does

not make you less trustworthy.

181

:

You could reverse the script.

182

:

If you were in a different country,

you could say I don't trust a security

183

:

professional that would use YouTube.

184

:

It's the same thing to me.

185

:

You're negating a platform based upon.

186

:

How, you know, something that you're

thinking about or how you're using it.

187

:

And I think the important part to

think about is how are you using it?

188

:

Are you being secure?

189

:

Are you being safe or using it

as a platform to educate people?

190

:

Okay.

191

:

Then that message should be

spread in a very, you know, a

192

:

variety of different things.

193

:

What I say in this podcast,

Could be really toned down to be

194

:

something that could be on YouTube.

195

:

It could be something that

could be in Tech-Talk.

196

:

It could be something that's on.

197

:

Uh, newsletter.

198

:

There's a lot of different ways

to take this information and

199

:

change it so that I can get this.

200

:

Message out to the right people.

201

:

You also have a number seven, we

demonstration of security principles.

202

:

So.

203

:

You know, a security engineer might

use social media to demonstrate good

204

:

security practices like avoiding

oversharing, personal information,

205

:

or recognizing phishing attempts

or identifying misinformation.

206

:

As they're all good uses of

that platform to help educate.

207

:

And number eight, a diverse exposure.

208

:

So exposure to variety of

technologies, including social media.

209

:

Can enhance your ability to

adapt to new security challenges.

210

:

So.

211

:

I don't think that the use of a

social media platform like Tik TOK

212

:

automatically negates a security engineer

skills or commitment to cybersecurity.

213

:

I think it's more important to

evaluate their professional expertise.

214

:

The understanding of security risks and

how they manage their digital footprint.

215

:

That to me, Make some more

of a trustworthy individual.

216

:

Than simply using or not using a platform.

217

:

In my capacity.

218

:

I want to teach and talk about cyber

security, just like I did with fitness

219

:

that I've, I've done for years.

220

:

And how I reach that audience.

221

:

Then I just have to change and adapt.

222

:

If I decide.

223

:

That all I'm going to do is

do a newsletter and a blog.

224

:

Okay, that's fine.

225

:

And that could work really well.

226

:

But I could do a lot better if I

engage my audience in the way that

227

:

they want to consume information.

228

:

So for example,

229

:

I think reading is important.

230

:

I know how to read.

231

:

But I don't sit down

and read a lot of books.

232

:

But I do listen to a lot of podcasts

and I do listen to a lot of audio

233

:

books that I get through the library.

234

:

So if you've got a really, really

good book, I should, I should read.

235

:

You're not going to catch me necessarily.

236

:

Cause that, that isn't

how I consume information.

237

:

But if you have that book in an

audible format, I will listen to it.

238

:

So you can take the same

information in different formats.

239

:

And reach a much large, larger audience.

240

:

So you take that blog.

241

:

You take that newsletter.

242

:

And you read it.

243

:

Right.

244

:

Let's say you just read it, whatever.

245

:

Now it's a podcast and you've just

reached an entirely different audience.

246

:

It's not, it's just an email

more email and they're not

247

:

really going to read your blog.

248

:

They don't have time for that, but they

are going to listen to what you're saying.

249

:

On a commute or in the car, just like

you might be listening to this podcast.

250

:

Then you take that information and

you decide I'm going to take what I'm

251

:

saying and try to make it under three

minutes because people who are in hurry.

252

:

It's better practice, public speaking.

253

:

It's better practice for now rambling.

254

:

It helps you communicate your message.

255

:

Clearly concisely quickly.

256

:

So.

257

:

Using different platforms

for me has been very.

258

:

It's been very helpful.

259

:

Let me put it that way.

260

:

The information that

I'm able to disseminate.

261

:

If I take two things of, of equal value.

262

:

I won't be able to disseminate

that information on YouTube.

263

:

That I can.

264

:

On Tik TOK, I could have the exact

same message and the exact same video.

265

:

Of me doing that.

266

:

And.

267

:

It's not going to be a short shown

on YouTube for whatever reason

268

:

their algorithm or who knows.

269

:

But I can reach out to

people who are curious.

270

:

Ask questions.

271

:

We'll share that.

272

:

And I can educate people

on a different platform.

273

:

So if I have a message and I

think it's important, let's

274

:

take two factor authentication.

275

:

I think that's really important

to enable on every account

276

:

that you can enable it and on.

277

:

Sure.

278

:

It's a little bit.

279

:

Challenging to get a code,

but it's actually not that

280

:

hard once you get used to it.

281

:

It's like a no-brainer, but it

is really important to do it.

282

:

So I can write that in a blog.

283

:

I can write that in the newsletter.

284

:

I could do it in the podcast.

285

:

I can do it on YouTube.

286

:

I can do it on Tik TOK.

287

:

I am going to get that message out

that is very important to do this.

288

:

On a multitude of platforms.

289

:

So people are consuming that,

that message in a variety of ways.

290

:

And if I could just help one person.

291

:

I put two a Fe on an account

that matters to them.

292

:

Whereas they don't.

293

:

Get compromised or the

identity doesn't get stolen.

294

:

They don't lose their email account

or they don't lose one of the social

295

:

media accounts or they're on Tik TOK.

296

:

And they go, I, oh, I didn't

realize it had to affect, I

297

:

guess I should turn that on.

298

:

I'm all for that because

the message I'm putting out.

299

:

Is important.

300

:

And I'm more interested in how the

message gets out and is received than

301

:

am in the platform that I'm doing it on.

302

:

So, however, Whoever and however

they need to consume that information

303

:

is how I'm going to do it.

304

:

And I think there's a

benefit to me too, because.

305

:

It helps me.

306

:

Get better at things I'm not good at,

which is getting to the point quickly.

307

:

Right.

308

:

A podcast for me is okay.

309

:

Cause it's 20 minutes or

15 minutes or whatever.

310

:

And I don't mind listening

to something longer cause I'm

311

:

usually doing something longer.

312

:

But when I'm watching a short video,

I'm looking for a tidbit of information,

313

:

a piece of information, and I kind

of want to consume it quickly.

314

:

And I really don't have time

for one minute of your antics

315

:

or whatever it is you're doing.

316

:

And for me as a producer of

that content, it's difficult.

317

:

I getting to the hook quickly and

capturing people within three seconds.

318

:

That's just new to me

and that's not my forte.

319

:

I'm used to this kind of a medium

where people are listening and I'm

320

:

not having to rush explanations.

321

:

So I'm pretty excited about the

different platforms that are out

322

:

there and how to communicate.

323

:

A single message and then disseminate it.

324

:

In a variety of ways.

325

:

And I'll go back to that, you

know, that just that book.

326

:

Example that I gave you might have

a great book, but I don't really put

327

:

aside the time necessarily to read it.

328

:

Like some people really do put a time,

put aside time to read something.

329

:

I prefer to listen to it.

330

:

So you're going to reach a

much larger audience by having

331

:

your book in an audible format.

332

:

Now you've got the people that read and

the people that listen, and I kind of feel

333

:

the same way with social media platforms.

334

:

Sure.

335

:

I can do a blog post.

336

:

I can stick to this podcast

where I feel comfortable, but

337

:

if I put myself out there.

338

:

In a, kind of a public facing

area where I'm talking on video,

339

:

which is new to me and looking

at a camera, which is new to me.

340

:

It puts me in a different,

I guess, exposure area.

341

:

And I can reach an entirely different

audience with the same message that I

342

:

think is important to get out there.

343

:

So back to the original question.

344

:

Would you trust a security engineer?

345

:

That's on Tik TOK.

346

:

Or do you agree that it doesn't

really negate their skill or

347

:

commitment to cybersecurity?

348

:

It's more important.

349

:

You know, to evaluate the professional

expertise, the understanding

350

:

of security risks and how they

manage their digital footprint

351

:

and how they use those platforms.

352

:

I would actually love to hear from

somebody on this and you can find my

353

:

contact information in the show notes.

354

:

Otherwise, please.

355

:

Do like, and share this podcast.

356

:

It will help get the word out.

357

:

And I appreciate everybody listening.

Support the Podcast with a Tip

If you're enjoying Byte-Sized Security and finding these practical tips useful, please consider supporting the podcast with a small contribution. It costs $17 per month just to cover podcast hosting fees, and your support helps offset the costs of producing this security resource and keeping episodes free. Even a tip of $1-5 per month from loyal listeners adds up and allows me to continue providing great cybersecurity info. Please considering a donation. I appreciate you helping sustain Byte-Sized Security! Now back to the security tips..
Support the Podcast
A
We haven’t had any Tips yet :( Maybe you could be the first!
Show artwork for Byte Sized Security

About the Podcast

Byte Sized Security
Snackable advice on cyber security best practices tailored for professionals on the go
In a world where cyberattacks are becoming more commonplace, we all need to be vigilant about protecting our digital lives, whether at home or at work. Byte Sized Security is the podcast that provides snackable advice on cybersecurity best practices tailored for professionals on the go.

Hosted by information security expert, Marc David, each 15-20 minute episode provides actionable guidance to help listeners safeguard their devices, data, and organizations against online threats. With new episodes released every Monday, Byte Sized Security covers topics like social engineering, password management, multi-factor authentication, security awareness training, regulatory compliance, incident response, and more.

Whether you're an IT professional, small business owner, developer, or just someone interested in learning more about cybersecurity, Byte Sized Security is the quick, easy way to pick up useful tips and insights you can immediately put into practice. The clear, jargon-free advice is perfect for listening on your commute, during a lunch break, or working out.

Visit bytesizedsecurity.com to access episodes and show notes with key takeaways and links to useful resources mentioned in each episode. Don't let cybercriminals catch you off guard - get smart, fast with Byte Sized Security! Tune in to boost your cybersecurity knowledge and help secure your part of cyberspace.
Support This Show

About your host

Profile picture for Marc David

Marc David

Marc David is a Certified Information Systems Security Professional (CISSP) and the host of the cybersecurity podcast, Byte-Sized Security. He has over 15 years of experience in the information security field, specializing in network security, cloud security, and security awareness training. Marc is an engaging speaker and teacher with a passion for demystifying complex security topics. He got his start in security as a software developer for encrypted messaging platforms. Over his career, Marc has held security leadership roles at tech companies like Radius Networks and Vanco Payment Solutions. He now runs his own cybersecurity consulting and training firm helping businesses and individuals implement practical security controls. When he’s not hosting his popular security podcast, you can find Marc speaking at industry conferences or volunteering to teach kids cyber safety. Marc lives with his family outside of Boston where he also enjoys running, reading, and hiking.