Lester Chng

Rogers Cybersecure Catalyst, Toronto Metropolitan University

Corporate Training & Cyber Range
https://cybersecurecatalyst.ca/

Senior Cybersecurity Advisor

The Essential Cybersecurity Exercise Playbook

https://lesterchng.gumroad.com/l/The_Essential_Cybersecurity_Exercise_Playbook

Part I - Executing a single exercise
Chapter 1 - How to develop objectives for your exercise
Chapter 2 - How to run joint exercises with 3rd party
Chapter 3 - How to decide the modality of the exercise
Chapter 4 - How to create injects for your exercise
Chapter 5 - How to facilitate a cybersecurity exercise
Chapter 6 - How to encourage discussion during an ex
Part II - Establishing an exercise program
Chapter 7 - How to establish a cyber exercise program
Chapter 8 - How to write a business case for your prog
Chapter 9 - How to create a 5 part ransomware exercise
Part III - Bonus information
Chapter 10 - 120 facilitation questions for your exercises
Chapter 11 - 30 objectives for your exercises
Chapter 12 - 3-part Ransomware exercise deck

Book Author - The Essential Cybersecurity Exercise Playbook

BMO Financial Group

I built a cybersecurity and crisis management exercise program from scratch for one of the largest financial institutions in North America.

Execution of >50 cybersecurity, fraud, physical security, and crisis management exercises

Execution of Financial Crimes Unit Exercise and Drill Program
• Design and execution of exercises and drills to operationalize the Financial Crimes Unit Fusion Centre
• Scenario creation and exercise execution for Information Security, Enterprise Fraud Management, Physical Security, and Global Crisis and Continuity Management teams 
• Providing effective challenge of incident response readiness through exercise observation
• Execution of enterprise-wide Purple Team Exercise


Cybersecurity Exercises: Purple Team, Ransomware, DDoS, Malware, Data Corruption, Data Breach, 3rd Party Incidents
Fraud Exercises: ATOs, Attack on Payment systems, Business Email Compromise, PII Breach
Physical Security Exercise: Active Assailant, Civil Unrest, Bomb Threats
Crisis Exercises: Disaster Recovery, Business Continuity, Operational Resilience, Fire Incidents, Natural Disasters, Utilities Disruption

Senior Advisor, Financial Crimes Unit Exercises. BMO Fusion Centre

Managed technological delivery of TD's anti-money laundering project
• Proactive management and engagement of multi-faceted team of architects, vendors, developers
• Established work plan, identified project deliverables and motivated team to deliver projects
• Prepares daily reports and presentations to executive groups
• Highly complex project involving IT infrastructure build, code deployment, and data and app migration
• Detailed risk identification and assessment and performed active risk mitigation
• Directed and coordinated project activities across various teams to ensure adherence to schedule

Project Manager - Enterprise Enabling Technology Solutions (AML)

Driving project delivery excellence through portfolio governance and quality assurance practices
• Championed and responsible for standards and procedures across PMO
• Represented the PMO for all enterprise level project methodologies issues
• Delivery of training program for project management practices
• Conduct analysis of project trends and risks to enhance PMO delivery excellence
• Provide direct support to projects on methodology, adherence to standards, and policies
• Led the development of Portfolio Key Performance Indicators, Benchmarking, and Dashboard development

PMO Governance Lead - Technology Risk Management and Information Security PMO

Ministry of Defence of Singapore

Project Manager
- Represented the Navy and delivered the award winning state of the art training facility.

- Developed all security and safety procedures as the Unit Security and Unit Safety Officer.

- Established new training scenarios for Navigation, Maritime Security and Naval Warfare.

Project Manager [Major] Naval Simulation Centre

- Designed and delivered turnkey training solution to generate 240 crew and 8 leadership teams for 8 new ships.

- Streamlined work processes of the new vessel and promulgated best practices.

- Executive coaching on leadership, communication, team dynamics, and effectiveness.

Head of Training [Major], Littoral Mission Vessel Squadron

- Directed exercises as “Enemy Force” to test Operational Plans of the Navy.
- Led a team of 19 senior military experts to operate key training facility of the Navy.
- Project advisor of instructional video which saved 90% manpower resource.
- Coached participants on leadership, communication, team work and professional knowledge.

Directing Staff, Wargaming and Simulation Centre [Major]

- Second in Command of a Patrol Vessel (30 Officers and Military Experts).
- Unit Security Officer responsible for all aspects of security including IT, physical security and info security. 
- Responsible for the safety, discipline, training, morale, operational readiness and security.
- Coached junior officers in leadership, watch-keeping duties and naval warfare.
- Prepared the ship for operational duties and responses to maritime incidents.

Executive Officer and Unit Security officer [Captain], Patrol Vessel

Unit Security Officer responsible for all aspects of security including IT, physical security and info security.

Assistant Operations Officer and Unit Security Officer [Captain]

Navigating Officer [Captain]

Combined Maritime Force, Bahrain

-Held the appointment as Liaison Officer (Intelligence) in the Combined Maritime Force (CMF) 
- Headquarters in Bahrain under the US-led Task Force
- Main intelligence link between the Singapore Led Command Team and the CMF HQ.
- Involved in in-depth analysis of Somali pirate operating models.

Intelligence Analyst

Helping Cybersecurity firms secure 24/7 inbound leads via content | Senior Cybersecurity Advisor | Author | Naval Officer | CISSP | PMP | 🇨🇦🇸🇬 |

If you run a cybersecurity agency, you know leads are the lifeblood of your business. 

No leads = No new clients = No new $

You are probably:

1. Overspending on paid adverts
2. Neglecting business & family
3. Doing too much cold outreach
4. Overly dependent on word of mouth 
5. Stressed over lead generation
6. Wasting time on discovery sessions
7. Not maximizing LinkedIn

Why LinkedIn?

Because it is time you tap into the biggest B2B platform in the world. 

And it is time to do it right. 

No more cold DMs.
No more pitch slaps.
No more random posts.

Your clients are here.

And you want them to reach out to you. 

What would it do for your business to have 4 inbounds leads every month?

How much additional revenue will it bring?

Can you afford not to have those leads?

Here's how it works. 

I will:
- review your LinkedIn profile
- create your LinkedIn strategy
- ghostwrite your LinkedIn posts 

You will:
- watch your inbox fill up w leads
- focus on signing clients
- deliver quality work


Let's start Securing Leads™ today.

DM me “leads” to get started.

____________________________________

Also, I am a Senior Cybersecurity Advisor helping organizations run Cybersecurity Exercises and Risk services. 

You can also find my latest book - The Essential Cybersecurity Exercise Playbook in my featured section.

Execution of Financial Crimes Unit Exercise and Drill Program
• Design and execution of exercises and drills to operationalize the Financial Crimes Unit Fusion Centre
• Scenario creation and exercise execution for Information Security, Enterprise Fraud Management, Physical Security, and Global Crisis and Continuity Management teams 
• Providing effective challenge of incident response readiness through exercise observation
• Execution of enterprise-wide Purple Team Exercise


Cybersecurity Exercises: Purple Team, Ransomware, DDoS, Malware, Data Corruption, Data Breach, 3rd Party Incidents
Fraud Exercises: ATOs, Attack on Payment systems, Business Email Compromise, PII Breach
Physical Security Exercise: Active Assailant, Civil Unrest, Bomb Threats
Crisis Exercises: Disaster Recovery, Business Continuity, Operational Resilience, Fire Incidents, Natural Disasters, Utilities Disruption

It's that time again. Time to network with folks in my connections.

I want you to network with my connections and followers:

I have 84,000 followers.
If you want to connect with someone.
Please put #opentonewconnections.

Tell us a little bit about yourself and what you do and what your working on.
Tell us what kind of work or job you want to do next.

I have plenty of job recruiters that follow me.

Let's meet new folks today and build genuine connections.
Let's learn from each other.
Let's connect.

Today is #socialsaturday.

Don't forget to connect with:
Michael Refuerzo, CPD, CPT
Derek Scheller Jr
Simon Linstead
John Spiegel
Jaye Tillson
Teegan A. Bartos
Jeremy Ventura
Tasha Holloway
Marcus W.
Professor Roger Whyte
Joe Hudson
Ron Eddings
Chris Cochran
Patrick Gorman
Richie Lampani
Tyler McQuillan
Lester Chng
Xavier D. Martinez, CISSP
Kevin Doyle
Josh
Chris Denbigh-White 
Zinet Kemal 
Jacob 
Mike Romano  
Anupama Jaiswal 
Vinod Akunuri, PMP, CSM 
David Meece 
Huxley Barbee 
☁️ Christophe Foulon 🎯 CISSP, GSLC, MSIT 

#network #work #job #connections #security #recruiters #itsupport #itsupportservices #itsupportspecialist #cybersecuirty #desktopsupport #desktopsupporttechnician #desktopengineer #servicedesk #servicedeskanalyst #servicedeskengineer #helpdesk #helpdesksupport #helpdesktechnician #helpdeskspecialist #careers #systemadministrator #systemengineer #systemadministration #systemsengineering

Are you still looking for a job in Cybersecurity?🔥 I have 105,355 folks in my network to share with you. Every weekend, I host my Cybertech Dave networking event. :) I want to see people leverage LinkedIn to get a job in cybersecurity. 

Introduce yourself in the comments.... "Let's network together and help each other get hired in 2024!!"

I would also like to add networking in person is equally important as virtually interactions. I cannot stress enough----The "power of networking" on LinkedIn is real !!

Let's take full advantage of this networking opportunity and connect with likeminded individuals and make meaningful relationships today.

✅️ Opportunities comes from building relationships and networking. ✅️

I want you to connect to me and the other great folks in my network today.

Lets make genuine and meaningful connections today.
Feel free to connect to with me and my network.

Grow your professional network by following these 3 simple steps below:

👉 1. Introduce yourself (tell your story)

👉2. Engage with people in the comments (network and build relationships)

👉3. Repeat this process consistently each week (make meaningful connection)

Let's build our network together.
And help each other..
Don't forget to send a note and connect with these folks:
👇👇
Lorraine K. Lee
Dr. Ludmila Morozova-Buss
Chris Roberts
Carmen Marsh
Burcu YARAR

Carolina Bozza
Andréa Thomé
Dan Williams
John Young
Jacob Hill
Kip Boyle

Phillip Wylie
Patrick Gorman
Confidence Staveley
Tennisha Virginia M.
Zinet Kemal, MSc
🔥 Jax S.
Thomas Richard

Kevin Apolinario
Troy Hunt
Corey J. Ball
David Kennedy
Caitlin S.
Marcus Hutchins

Lisa Ventura MBE
Melissa Sanford
Lester Chng
Sumit Siddharth
Debbie Reynolds
Kim K.

Jane Frankland
Candace Williams MBA, CCISO, CISA, CISM
Helen Yu
Joas A Santos
Dan Barahona
Ejona Preci
Lily Clark
Tib3rius ​
Meisam Eslahi, Ph.D.
Praveen Singh

All of these professionals have so much good content it's hard to catalog. Please start following everyone I mentioned above to enhance your cybersecurity content in your daily LinkedIn feed :)

🔥Come Join thousands of other folks in my "Get a job in Cyber" News letter for actionable tip on career and personal growth https://lnkd.in/g9TdqxKk

We are stronger together - David Meece -- Cybertech Dave

#cybersecurity #infosecurity #infosec #leadershipbyexample

Are you still looking for a job in Cybersecurity?🔥 I have 104,868 folks in my network to share with you. Every weekend, I host a networking event. :) I want to see people leverage LinkedIn to get a job in cybersecurity. 

Introduce yourself in the comments.... "Let's network together and help each other get hired in 2024!!"

I would also like to add networking in person is equally important as virtually interactions. I had the pleasure of meeting my friend Iboro Philip in 3D almost 2 years after meeting him virtually on LinkedIn at a Bsides conference last year. I cannot stress enough----The "power of networking" on LinkedIn is real !!

You simply can't beat meeting people in real life and human interaction/connection. 

Let's take full advantage of this networking opportunity and connect with likeminded individuals and make meaningful relationships today.

✅️ Opportunities comes from building relationships and networking. ✅️

BONUS networking opportunity:
🔥👇👇👇 🚨🚨
Join my 100 days of Cyber challenge:➡https://lnkd.in/gkrcCxMc

I believe in the power of networking on LinkedIn..
I want you to connect to me and the other great folks in my network today.

Lets make genuine and meaningful connections today.
Feel free to connect to with me and my network.

Grow your professional network by following these 3 simple steps below:

👉 1. Introduce yourself (tell your story)

👉2. Engage with people in the comments (network and build relationships)

👉3. Repeat this process consistently each week (make meaningful connection)

Let's build our network together.
And help each other..
Don't forget to send a note and connect with these folks:
👇👇
Lorraine K. Lee
Dr. Ludmila Morozova-Buss
Alexandre BLANC Cyber Security
Carmen Marsh
Jorge Orchilles

Carolina Bozza
Andréa Thomé
Burcu YARAR
Dan Williams
Rana Khan
John Young
Jacob Hill

Phillip Wylie
Patrick Gorman
Confidence Staveley
Tennisha Virginia M.
Zinet Kemal
Alexis Ahmed
☁️ Christophe Foulon 🎯 CISSP, GSLC, MSIT

Kevin Apolinario
🐾 Carol Valencia
Gabrielle B.
Ron Eddings
Chris Cochran
Thomas Richard

Jean-Francois Maes
Lisa Ventura MBE
Melissa Sanford
Lester Chng
Ranbir B.
Ashwin Krishnan

Jane Frankland
Candace Williams MBA, CCISO, CISA, CISM
Jeremy Ventura
Joas A Santos
Yash Gorasiya
Ejona Preci
Mike Miller

All of these professionals have so much good content it's hard to catalog. Please start following everyone I mentioned above to enhance your cybersecurity content in your daily LinkedIn feed :)

We are all in this together! - David Meece "Cybertech Dave" 

#cybersecurity #infosecurity #infosec #leadershipbyexample

I don't do social media like LinkedIn. 
 
That's the excuse I gave myself for years. 
 
LinkedIn is no longer just social media. 
 
It is your professional portfolio. 
 
But only if you are intentional about it. 
 
𝗟𝗶𝗻𝗸𝗲𝗱𝗜𝗻 𝗮𝘀 𝗮 𝗦𝗼𝗰𝗶𝗮𝗹 𝗠𝗲𝗱𝗶𝗮 𝗣𝗹𝗮𝘁𝗳𝗼𝗿𝗺: 
- scroll daily and click some likes 
- neglected your profile page 
- not responding to DMs 
- reposting every news 
- 0 original post 
 
How do you expect to grow professionally if this is what you do? 
 
So before you find excuses like I did, commit to change and stick with it for 6 months at least. 
 
𝗟𝗶𝗻𝗸𝗲𝗱𝗜𝗻 𝗮𝘀 𝗮 𝗣𝗿𝗼𝗳𝗲𝘀𝘀𝗶𝗼𝗻𝗮𝗹 𝗣𝗼𝗿𝘁𝗳𝗼𝗹𝗶𝗼: 
- refresh and update the profile page 
- write original and insightful posts 
- actively connect with other pros 
- support other professionals 
 
I hope you start to be intentional. 
That's the only way it will work.

No alternative text description for this image

Writing on LinkedIn is risky. 
 
But stories like this encourage me to go on. 
 
- Not everyone will agree with you. 
- You will be judged on your words. 
- You will even be made to feel dumb. 
 
Ever feel like giving up on writing? 
Play it safe and keep to yourself? 
 
Of course. Won't that be easier? 
 
But every once in a while, gems of encouragement will emerge. 
 
"Honestly, you've helped give me clarity on my path and our conversation was one of the most valuable I've had as I make this career transition." 
 
"You are more than my ghostwriter; you are an expert communicator who has helped sharpen our messaging." 
 
"Your presentation changed my entire perspective of LinkedIn and how I have been using it." 
 
Everyone needs encouragement. 
 
If you are a new creator, a business owner launching your product, a professional leveraging LinkedIn to network for promotion or a job, drop your latest post here and I'll be sure to check it out. 
 
And encourage you. 
 
Like how many have encouraged me.

5 Things I learned from designing a complex TTX + Cyber Range Exercise 
 
1. Clarify the client's objectives 
- listen deeply during discovery calls 
- there are always pain points to solve 
 
2. You are the expert in your craft 
- State clearly what they will gain 
- If you are not firm, they won't buy it 
 
3. Prepare for the possibilities 
- You can't predict participants actions 
- But you need to role-play and prepare 
 
4. People are bored of tabletop exercises 
- It is usually just the same old ppl talking 
- Time to action on all that talk 
 
5. Companies are taking cyber seriously 
- There is no more hiding from it 
- Either be prepared or struggle in response 
 
P.S What's the most complex exercise you have been part of? 
 
Mine was a 6 months live cyber exercise..... 
Which ended with a series of TTXs 
 
P.S.S I wonder if they exercised their plans for the Battle of Winterfell

I have posted here daily for >800 days.

And maybe you have also felt this way.

I don't think anyone wants to read my posts.
Why do I spend time daily on this platform?
Did I breach company social media policy?
Does anyone even care about what I post?
What if someone ridicules me in my post?
I don't feel like I am good enough to write.
What will my colleagues think of me?
What if all these efforts go nowhere?
What if no one likes my content?

Here's the hard truth.

These feelings don't all go away.

So I had to fall back on my why.
Credit: Simon Sinek 

Career resilience
Scaled networking
Increased opportunities
Professional relationships

And the biggest why of them all.

I want to retire my wife.

What is your why?

The number 1 reason cyber exercises fail. 
 
And it can cause more harm than good. 
 
Participants are focused on demonstrating competency instead of seeking to improve. 
 
You may have encountered this before. 
 
- "How we respond is written in our plan" 
- "The teams know exactly what to do" 
- "We have external help for this" 
 
The outcome?  
 
A wasted chance to strengthen resilience. 
And it is causing more harm to the teams. 
 
- overconfidence in their preparedness 
- prevents questions from other teams 
- puts up walls and avoids conflict 
 
𝗛𝗲𝗿𝗲'𝘀 𝗵𝗼𝘄 𝗜 𝗽𝗿𝗲𝘃𝗲𝗻𝘁 𝘁𝗵𝗶𝘀 𝗳𝗿𝗼𝗺 𝗵𝗮𝗽𝗽𝗲𝗻𝗶𝗻𝗴. 
 
1. Reiterate the intent of the exercise 
2. Pre-identify domineering individuals 
3. Direct questions to quieter members 
4. Dig deeper into their responses 
5. Leverage exercise sponsor to align 
6. Assure them that it is not a test 
 
Don't let the exercise go to waste. 
 
P.S  
What other tips will you add? 
 
P.S.S  
Have you been part of a failed exercise?

🚀 Are you ready for it? Unlock your potential with the Mastercard’s Emerging Leaders Cyber Initiative (#ELCI) 🚀

Are you ready to propel your career to new heights in Cybersecurity and Digital Risk Management? Then APPLY for the Mastercard Emerging Leaders Cyber Initiative at Rogers Cybersecure Catalyst, Toronto Metropolitan University —where your potential meets opportunity! The application due date is July 26th. 

🌟 Why You Should Apply:
1️⃣ Expert-Led Modules: Dive into a curriculum that spans Law & Regulation, Emerging Technologies, Business Case Development, and more. Each module is tailored to enhance your strategic skills and prepare you for executive-level roles in cyber / digital risk management.

2️⃣ Mentorship from Industry Leaders: Connect one-on-one with top professionals, enhancing your understanding and skills in the field.

3️⃣ Dynamic Network Building: Engage with a vibrant community of peers dedicated to shaping the future of cyber and digital risk management.  Together, you'll collaborate, inspire, and empower one another to succeed.

🌈 My Journey with ELCI: "From Connections to Friendships—Cultivating Networks That Last!"
I was class valedictorian! Not only, did I enhance my presentation skills, strengthen my brand but also expanded my network by making 30 new friends! A standout moment was role-playing as 👩‍⚕️ Dr. Carmichael for our board presentation on the CommonSpirit Health data breach—wearing a white coat added an authentic touch to the experience! 

📅 Time is Ticking - July 26th is the deadline! This funded program has limited spots available and is for female and non-binary leaders. Apply at https://lnkd.in/gA8BYvv2

#Cybersecurity #Leadership #DigitalRevolution #MastercardEmergingLeaders #WomenInTech #NetworkingBeyond #ApplyNow Lester Chng Trish Dyl Serena Jerkovic Avleen Bassi Sasha (Aleksandra) Krstic

Dear busy Cybersecurity CEO, 
 
Who would you want to write your posts? 
 
a.) Generic corporate ghostwriter 
 
b.) ✋🏼✋🏼✋🏼 
- Someone who is a cyber professional 
- Someone who has written >679+ posts 
- Someone who understands the platform 
- Someone who has worked at enterprises 
- Someone who is active in the community 
 
Let's work to build yr LinkedIn positioning. 
Get invites to podcasts and conferences. 
Make every lead a warm or hot one. 
 
DM me "ghost" and let's drive those leads. 
 
Or you can continue with the InMail spam? 
 
P.S. Who replies to InMail messages?

I wrote daily for the last 816 days. 

Here are 3 things I tell clients and friends that are new to LinkedIn 

1. Stop spamming reposts 
2. Stop writing like you are preaching 
3. Stop worrying. 

Only you read your post twice. 

The number of people that assumed I worked at the nuclear plant. 
Guess I looked the part. 
Maybe one day I’ll work for Ontario Power Generation 

Fun fact:
I got this shirt in a Tokyo thrift shop. 

P.S what is your 1 tip you would share with someone new to LinkedIn. 

P.S.S Don’t listen to all advice. 
I know. The irony.

You don't need a $xMM budget for leads. 
 
Quality leads come from elite strategies. 
 
I’ve spoken to 40+ cybersecurity founders about lead generation. 
 
These are the most significant pain points. 
And how they are not winning. 
 
𝟭) 𝗟𝗮𝗰𝗸 𝗼𝗳 𝗶𝗻𝗱𝘂𝘀𝘁𝗿𝘆 𝗰𝗼𝗻𝗻𝗲𝗰𝘁𝗶𝗼𝗻𝘀 
 
It is daunting to try and make a name for yourself and your company. 
 
Pitting yourself against the big boys and their $10MM marketing arsenal. 
 
Why play their game? 
Be strategic and efficient in making your name and your company known. 
 
Yet you still do the same things: 
- cold email 
- spam adverts 
- random messages 
 
Why? Do you like pain? 
 
𝟮) 𝗖𝗿𝗲𝗱𝗶𝗯𝗶𝗹𝗶𝘁𝘆 𝗶𝘀𝘀𝘂𝗲𝘀 
 
How do you gain credibility? 
 
What you may be doing: 
- joining pay-to-win awards 
- spamming blog after blog 
- splurging on every keynote spot 
 
What you should be doing instead: 
- show behind-the-scenes 
- create content to showcase work 
- testimonials, testimonials, testimonials 
 
If your business is for the long term, play the long game and invest in this. 
 
𝟯) 𝗧𝗿𝘆𝗶𝗻𝗴 𝘁𝗼 𝘁𝗮𝗿𝗴𝗲𝘁 𝗲𝘃𝗲𝗿𝘆𝗯𝗼𝗱𝘆 
 
If someone reads your content and it doesn't speak directly to that 1 person, that is a missed opportunity. 
 
Write for that 1 person. 
About 1 topic. 
 
𝟰) 𝗣𝗲𝗿𝘀𝗼𝗻𝗮𝗹 𝗯𝗿𝗮𝗻𝗱 𝗱𝗲𝘃𝗲𝗹𝗼𝗽𝗺𝗲𝗻𝘁 𝗰𝗵𝗮𝗹𝗹𝗲𝗻𝗴𝗲 
 
Where to start? 
I don't want to be an influencer. 
This social media is not for me. 
 
Focus on these 3 things: 
- professional profile 
- inviting about section 
- start writing your posts 
 
Outcomes of the brand: 
- get people to know you 
- get people to like you 
- get people to trust you 
 
𝟱) 𝗟𝗶𝗺𝗶𝘁𝗲𝗱 𝗺𝗮𝗿𝗸𝗲𝘁𝗶𝗻𝗴 𝗯𝘂𝗱𝗴𝗲𝘁 
 
Marketing dollars are precious. 
And marketing costs are rising. 
 
Conference booths. 
Advertising campaigns. 
Paid influencer partnership. 
 
And it doesn't bring your leads. 
 
Here's where to spend your dollars. 
 
Invest in that sleek website. It matters. 
Build up the blog/whitepaper library. 
Learn copywriting and start writing. 
 
LinkedIn is free. 
Your clients are here. 
Your community is here. 
 
𝟲) 𝗕𝘂𝗿𝗻𝗼𝘂𝘁 𝗳𝗿𝗼𝗺 𝘄𝗲𝗮𝗿𝗶𝗻𝗴 𝗺𝘂𝗹𝘁𝗶𝗽𝗹𝗲 𝗵𝗮𝘁𝘀 
 
You started your cybersecurity firm to solve the most pressing cybersecurity issues and challenges. 
 
You don't want to spend all your time with business development and chasing leads. 
 
Yet you know how important leads are to your business. 
 
No leads 
No sales 
No cashflow 
No employees 
No new products 
 
You outsource many things. 
Time to outsource your content. 
 
It is still early days on LinkedIn. 
 
If you and your business are for the long game, why are you neglecting this channel? 
 
P.S What other pains do cybersecurity founders face on LinkedIn?

graphical user interface, text, application, chat or text message

Neglecting your LinkedIn profile is deadly. 
 
Especially if you are running a digital biz. 
 
In an enterprise where I used to work, I was asked for my opinion of a company that provided cyber awareness training. 
 
I did a quick sniff test of the company. 
 
Website wasn't the greatest. Lacked info. 
Moved on to the staff's profile. 
 
Founder's LinkedIn profile - no details 
Co-Founder's profile - incomplete 
Lead marketing profile - not updated 
 
I stopped at that point. 
 
This was my response. 
"I wanted to learn more about them, but they made it so hard that I gave up." 
 
The managing director who asked for my opinion agreed and didn't proceed w them. 
 
"These guys didn't even bother to align their LinkedIn profiles. What a waste, they were a referral from a contact." 
 
Imagine losing a potential deal like this. 
 
𝗛𝗲𝗿𝗲 𝗮𝗿𝗲 𝟱 𝗳𝗶𝘅𝗲𝘀 𝘁𝗼 𝗽𝗿𝗲𝘃𝗲𝗻𝘁 𝘁𝗵𝗶𝘀. 
 
- Update LinkedIn profile 
- Make it clear what you do 
- Connect with industry peers 
- Align with your corporate branding 
- Post 3 times a week to build awareness 
 
Don't lose deals because of your profile. 
 
P.S Do you check the LinkedIn profile of someone before a meeting?

You just completed the "annual" cyber TTX. 
 
Here are 4 times to consider rerunning it. 
 
1. When you have staff turnover 
2. When there is a change in threat level 
3. When there is a change in ops model 
4. After post-incident remediation 
 
 
1. Imagine if your CEO or CISO is new 
 
Would you be confident that your organization is ready to respond? 
 
When significant staff change or key leaders are new, run a quick exercise. 
 
It allows the leaders to: 
- assess the readiness of the team 
- understand shortcomings and risks 
- provide direction and guidance to team 
 
Don't leave it to chance. 
 
2. When there is a change in threat level 
 
I hope someone on your team is monitoring the threat level or receiving threat intelligence reports and indicators. 
 
When the threat level changes or a clear incident is ongoing with key partners or sector companies, it is time to pay attention. 
 
Spend some time assessing the intel. 
Pull your team together for a quick exercise 
 
This helps with 
- getting everyone up to speed on the threat 
- validating that controls are updated 
- verifying if there are known gaps 
- getting awareness levels up 
 
This is active risk mitigation. 
 
3. When there is a change in ops model 
 
If you onboarded a sexy new SOAR tool or migrated your entire infra to cloud, or you outsource secops to an MSSP, you should probably run an exercise asap. 
 
There is nothing funnier than opening up incident response plans and crossing out paragraphs and marking them "Outdated". 
 
Bring your third parties into the exercises. 
 
4. After post-incident remediation 
 
This is self-explanatory. 
Don't assume that processes are in place.  
Run the exericse and make your own assessment. 
 
P.S Feeling comfy with that annual TTX? 
 
P.S.S What other times am I missing?

Every piece of content has its purpose. 
 
And I don't mean getting likes + comments. 
 
I have seen many Cybersecurity Professionals make this mistake. 
 
Not being intentional with what you post. 
 
You have a vague idea of what you hope to achieve as you write and publish each post. 
 
- My audience needs to know this news 
- I want to showcase my achievements 
- More need to know about my product 
- This is useful information for others 
- This format is trending, I shld use it 
- I want to create familiarity, selfie time 
 
And you wonder why you get no leads. 
 
𝗛𝗲𝗿𝗲 𝗶𝘀 𝗮 𝟯-𝘀𝘁𝗲𝗽 𝘀𝘁𝗿𝗮𝘁𝗲𝗴𝘆 𝗳𝗼𝗿 𝘆𝗼𝘂𝗿 𝗰𝗼𝗻𝘁𝗲𝗻𝘁. 
 
1. Write for that 1 specific target individual 
 
2. Write within your expertise area 
 
3. Write with 1 clear objective per post 
 
Stop with the  
- "reporting" of the latest cyber attack 
- bashing of industry practices 
- chasing the algorithm 
 
Be surgical about your approach. 
Start making LinkedIn work for you. 
 
P.S Ask someone to read your last 5 posts. 
Ask if they understand your objectives.

Some spend 6-figures to complete an MBA.

And all they wanted was the networking.

This is a unique opportunity to get into an exclusive group comprising of the next generation of cybersecurity leaders.

The Mastercard Emerging Leaders Cyber Initiative by Rogers Cybersecure Catalyst, Toronto Metropolitan University

6 modules
7 months long
30 industry mentors
1:1 learner and mentoring pairing

𝗠𝗼𝗱𝘂𝗹𝗲𝘀
Law & Regulation
Leading Through a Crisis
Business, Risk & Governance
Canadian & Geopolitical Landscape
Supply Chain & Third Party Dependency
Emerging Technologies & e Future of Cyber

Apply now as applications are closing.

Did I mention it is a fully funded program?

Planning for your 2025 Exercise calendar?

Here are 11 teams to consider engaging.

Taplio

Lester Chng's Linkedin Analytics

Lester Chng

What is Lester talking about?

Who is engaging with Lester

Lester Chng's Best Posts (last 30 days)

Want to drive more opportunities from LinkedIn?

Taplio

.css-1jgreyo{background-image:linear-gradient(284deg, rgba(39,43,72,1) 0%, rgba(33,47,183,1) 100%);color:transparent;-webkit-background-clip:text;background-clip:text;}Lester Chng's Linkedin Analytics

Lester Chng

What is Lester talking about?

Who is engaging with Lester

Lester Chng's Best Posts .css-qqfgvy{font-size:var(--chakra-fontSizes-md);}(last 30 days)

Want to drive more opportunities from LinkedIn?

Lester Chng's Linkedin Analytics

Lester Chng's Best Posts (last 30 days)