Mentoring: On Blogging

Received the question about blogging. More specifically:

  • How and Why
  • How to benefit from blogging
  • How to be consistent with posting
In my mind, the key to success and blogging is to be totally selfish in its planning and execution.
Blogging is a personal activity/journey that you allow the public to be a part of.  What I mean by this is that the main audience for your blog should be YOU.  My blog is a place where I take notes and occasionally try to talk about a more touchy-feely topics or issues. These notes are notes that I’m ok with sharing publicly. I also keep a private blog  (but really more notes/cheat-sheet think RTFM…I use MDwiki) because you don’t need to give everyone all your tricks and secrets.   If you show up for a new job and everyone knows your tricks because you’ve shared them publicly (because you need attention from strangers) what value are you bringing to your employer?
The benefit to blogging is note taking. I’m a HUGE proponent of taking notes and I’d chalk a lot of my success up to taking copious notes.  When I figure out how to mess with technology X, I take notes on it. As a consultant, it may be months or years before I see it again.  Having notes to go back to saves time and stress.  It also allows me to help people on my team in the event they run into it while I am on a different project.
How/Platforms:  I use Blogger because I don’t want to secure/worry about my blogging platform. This blog was on Drupal for a bit and some jerk person decided to make an example of the blog’s lack of updates publicly at BlackHat (appreciate the heads up…#totallynotbitter).  With Blogger, hosted WordPress, or some other hosted platform I’m offloading the risk and I don’t have to worry about keeping up with patches.  
Consistently posting. No idea. It’s clear I have lost the ability to consistently post. I do sometimes queue up a bunch of posts and schedule their posting.  I’ve found it was easier to find things to blog about when I was consulting since I had a different client every week so it would be difficult to tie a vulnerability back to any particular client.  Now that I work for a company, if I’m talking about some vulnerability or exploit I used there is a good chance I used it for work; potentially exposing the company to risk.

Length.  No one reads long posts.  Break long posts into separate logical posts even if you choose to post them at the same time.

Also see the “On Social Media” post (Todo)

Also
https://www.j4vv4d.com/a-blog-about-blogging-with-bloggers/

Also see this timely tweet by Robin Wood
https://twitter.com/digininja/status/900340713669279745

This is a Security Bloggers Network syndicated blog post authored by CG. Read the original post at: Carnal0wnage & Attack Research Blog