Lester Chng's Linkedin Analytics

Most CISOs know how to buy tools. But neglect a robust training program. This can lead to a false sense of security as security teams and project teams rush to operstionalize tools. They can’t wait to go-live and tick a box to move their maturity levels and color the yellow boxes green. Launching a security tool and using it effectively are two different pieces of a puzzle. Add multiple puzzles together? That starts to complicate things as your security teams struggle to make sense of their new toys, manage incidents, and troubleshoot new amalgamated streams of info. What is neglected? Training takes a back seat. Knowledge debt accumulates. Teams sweep issues and press on. Harsh truth is. Most Cybersecurity teams barely receive adequate training. Most training programs looks like this: - annual awareness module - phishing simulation - quarterly TTX Good luck and go forth and defend. If this was the military, the commander would be court marshaled for gross neglience. Yet we tolerate it in corporate cyber. What does your cyber training program look like? Anyone has good examples? P.S Do you stack tools like armour?

5 questions I ask a cyber exercise client that you should be asking internally as well. 𝟭. 𝗪𝗵𝘆 𝗻𝗼𝘄? What triggered the need for this exercise? Audit finding?  New threats?  Past incident? Executive request? 𝟮. 𝗪𝗵𝗮𝘁 𝗱𝗼 𝘆𝗼𝘂 𝗵𝗼𝗽𝗲 𝘁𝗼 𝗮𝗰𝗵𝗶𝗲𝘃𝗲? Awareness?  Testing plans? Highlighting maturity gaps? Improving decision-making? 𝟯. 𝗪𝗵𝗼 𝗶𝘀 𝗽𝗮𝗿𝘁𝗶𝗰𝗶𝗽𝗮𝘁𝗶𝗻𝗴? Executive leadership?  Technical only?  Business units?  Third parties? 𝟰. 𝗔𝗿𝗲 𝘁𝗵𝗲𝗿𝗲 𝗸𝗻𝗼𝘄𝗻 𝗴𝗮𝗽𝘀 𝗼𝗿 𝗶𝘀𝘀𝘂𝗲𝘀? Half-built IRP?  Disjointed SOC?  Executive conflicts?  Hidden politics matter. 𝟱. 𝗪𝗵𝗮𝘁 𝗵𝗮𝗽𝗽𝗲𝗻𝘀 𝗮𝗳𝘁𝗲𝗿? Is there a commitment to act on findings? Or is this just to tick a box? Good exercises are built on clarity. Bad exercises are built on assumptions. Which question would YOU add to this list?

Your headline is your first impression. A strong headline sets the stage for everything that follows. Get it right, and you capture attention instantly. 5 steps to craft a powerful headline: 1. Be clear and concise  - Your headline should convey the main idea in a few words.  - Avoid jargon and complex terms. 2. Reflect your expertise  - Show your knowledge in the headline.  - This builds trust and authority right away. 3. Focus on the outcome  - What will the reader gain?  - Highlight the benefits clearly. 4. Stay consistent  - Align your headline with your brand’s message.  - Consistency builds recognition and loyalty. 5. Optimize for search  - Use keywords that your audience is searching for.  - This boosts visibility and attracts the right readers. Remember: A headline is not just a title. It’s your chance to make a lasting impression. Take the time to refine it. Your words matter. Make them count.

Cyber CEOs seldom share their insights. And never leveraged their position. Perhaps they are hiding behind their marketing and all the corporate copy. Or they are heads down building their product and working with their dev teams. Or they are also deep in conversations with their clients, investors, & industry partners. But this happens more often than not. They don't have the opportunity to share their wisdom, challenges, inspiration, vision, and passion for their cause. They can't find the words or the time to pen their thoughts into articles and posts that highlight their leadership in their niche. They also don't realize the importance of building their brand while building their company.  That's a long game for leaders who are here to build a legacy, not just to sell products and hit KPIs. Need to hit numbers? -> Try your AI-powered DM agency Want to play the long game? -> Drop me a message

Cyber CEOs: How to make effective use of your time on LinkedIn Let's be real. You are mad busy. And being intentional on LinkedIn is near the bottom of the to-do list. In fact, it may not even be on the list. But you do recognize it is an increasingly important channel. Whether it is the nudges from your CMO to "be more active" (whatever that means), or seeing up-and-coming Cyber CEOs gaining a ton of attention on LinkedIn. Here are 3 things you can fix by next week. 1. Update your profile This is borderline basic and if you can't even do this properly, then you can skip this post and continue scrolling. Like it or not, this is your new Biz card. Show up sharp.  Be clear abt your business. Spend some money on graphics. Leverage your corporate designs. People are skipping your profile. Even fewer are messaging you. Refresh it periodically. 2. Start learning basic copywriting Yes, we know you are an expert writer and communicator. You write brilliant emails, RFPs, Pitch Decks that secured billions in funding. But there is a nuance for social copywriting. Spend some time understanding it. When doing so, write out a calendar and pen down topics that you are passionate about. This gives you the material to work on your future posts. Start slow with posts. Start twice a month. Then once a week. No one expects the CEO to post daily. 3. Connect and be human Send connection requests. Send those DMs. Connect with: - industry partners - competitors - past colleagues - other CEOs This is a community platform and you have free reign to build your audience. Yet, most dont even do this. Take those 3 steps and you are already way ahead of most other Cyber CEOs.

You just completed the "annual" cyber TTX. Here are 4 times to consider rerunning it. 1. When you have staff turnover 2. When there is a change in threat level 3. When there is a change in ops model 4. After post-incident remediation 1. Imagine if your CEO or CISO is new Would you be confident that your organization is ready to respond? When significant staff change or key leaders are new, run a quick exercise. It allows the leaders to: - assess the readiness of the team - understand shortcomings and risks - provide direction and guidance to team Don't leave it to chance. 2. When there is a change in threat level I hope someone on your team is monitoring the threat level or receiving threat intelligence reports and indicators. When the threat level changes or a clear incident is ongoing with key partners or sector companies, it is time to pay attention. Spend some time assessing the intel. Pull your team together for a quick exercise This helps with - getting everyone up to speed on the threat - validating that controls are updated - verifying if there are known gaps - getting awareness levels up This is active risk mitigation. 3. When there is a change in ops model If you went live with a sexy new Agentic AI SOC or migrated your entire infra to cloud, or you outsource secops to an MSSP, you should probably run an exercise asap. There is nothing funnier than opening up incident response plans and crossing out paragraphs and marking them "Outdated". Bring your third parties into the exercises. 4. After post-incident remediation This is self-explanatory. Don't assume that processes are in place. Run the exericse and make your own assessment. P.S Feeling comfy with that annual TTX? P.S.S What other times am I missing?

Sure way for an exercise to fail? Spring a surprise on the execs. Imagine this. You’re ready. Your tabletop scenario is sharp. Your injects are crafted perfectly. You launch into the executive tabletop. First inject lands. Everyone hesistates. Shields up. Defensive posturing. The room falls silent. Exercise slowly dies. ⸻ Why? Failure to socialize the exercise. Executives: • Didn’t know it was happening • Didn’t understand its purpose • Felt blindsided and judged You instantly lose executive trust. ⸻ Proper socialization means: ✅ Briefing on objectives ✅ Setting the tone: this is training, not a test ✅ Giving a heads-up on focus areas (not full spoilers) This builds psychological safety. Executives are more willing to be vulnerable and engaged. ⸻ Cyber resilience is built on trust. Lose it, and your exercise programs and future exercise will struggle. Have you ever had an exercise collapse because leadership wasn’t onside?

Cybersecurity CEOs and Leaders LinkedIn can be confusing:    - What to write - How often to post - Does my profile matter - Can I copy from my website - Do I really understand networking   No, you won't become an influencer Yes, your clients are here and reading But just not reading your content. Yet.   Get a head start on your competition. Or do you want to keep remaining invisible? 📌 Here's how I would start:  https://lnkd.in/gMkXZFie

LinkedIn has changed many lives. But it’s not changing yours. I have seen it first hand. You have witnessed it too. This platform has been a revelation. Some have left full time roles to set up million dollars businesses revolving around LinkedIn and social media. Some have become thought leaders in Cybersecurity and leveraged the network they have built to move into senior roles. Some have tapped on their presence to promote and market themselves and their organizations. But those are the success stories. What’s more commonly seen: - folks who never learned the platform - ppl who skip writing and use AI - sales pros who keep be salesy - founders who are too “busy” - leaders who shun influence - folks who stopped too early - pods who live in lalaland - ppl who blame the algo Keep the faith. Keep learning. Keep writing. If it is easy, everyone will do it. P.S is being active on LinkedIn on your 2025 plans? Is it working? Anime makes me look 10 years older. Is that suppose to happen.

Here is my LinkedIn content strategy. Or do you post randomly? 1. Choose your objective. - Be as clear as possible. - Revisit this as many times as needed. E.g My objective is to be the go-to person for cybersecurity exercises. Some other examples from my clients: - to be the leading MSSP provider in [Niche/Sector/Client] for the [Region] - to be the expert in Agentic AI for SOC Ops for [Niche/Sector/Client] Stick this objective on your monitor. Don't deviate too far from it. 2. Conduct deep research - understand your target audience - dig deep into their pain points + emotions - leverage your marketing research You should write to your audience.  Use the exact words that you hear. All your client chats are gold content. 3. Decide on content pillars - can't go wrong with these 3: Authority Personal  Trust OR - 4A framework Anthropological  Aspirational Actionable Analytical 4. Decide how often you want to post Min: 3 days Best: 7 days Map out your calendar. Mon: Actionable Wed: Analytical Friday: Anthropological Saturday: Aspirational Populate your calendar for the month with topics from your content pillar. Building a presence doesn't happen by chance. It takes intentional planning, research, trial and error, and a lot of writing. And thinking of outsourcing this to an AI tool or your intern? You may be damaging your reputation. I have seen horror stories. Don't play with trust, in cyber,  that's a no-go.

Cyber exercises are misunderstood. Here are the top 5 misconceptions: 1. "A tabletop is enough." Tabletop exercises are beneficial, but they tend to be low-stress and low-complexity. You need simulations, drills, and range exercises to truly prepare. 2. "Only IT and Cyber teams need to participate." A cyber crisis is a business crisis. If legal, risk, communications, and executives are not involved, you are not ready. 3. "We already have a plan, so we’re covered." Plans can degrade faster than you think. Turnover, tool changes, and new vendors can turn today’s plan into tomorrow’s liability. 4. "Exercises are expensive and time-consuming." Compared to what? Think about the cost of a 30-day outage, regulatory penalties, and brand damage. 5. "Our MSSP will save us." Your Managed Security Service Provider is a partner, not a shield. You still own your risks. You still own your response. These misconceptions can lead to disaster.

Running a cyber exercise isn’t as simple as downloading a scenario off the internet. It requires deep preparation. Here’s how I approach it: 𝗦𝘁𝗲𝗽 𝟭: 𝗜𝗻𝘁𝗲𝗿𝘃𝗶𝗲𝘄 𝘀𝘁𝗮𝗸𝗲𝗵𝗼𝗹𝗱𝗲𝗿𝘀 Understand what’s worrying them. What’s the business context? What decisions scare leadership? What gaps are we most worried about? 𝗦𝘁𝗲𝗽 𝟮: 𝗔𝗹𝗶𝗴𝗻 𝗼𝗯𝗷𝗲𝗰𝘁𝗶𝘃𝗲𝘀 An exercise shouldn't test everything. Focus. Validate decision-making, cross-team collaboration, or specific IRP steps. 𝗦𝘁𝗲𝗽 𝟯: 𝗧𝗵𝗿𝗲𝗮𝘁 𝗶𝗻𝘁𝗲𝗹𝗹𝗶𝗴𝗲𝗻𝗰𝗲 𝗱𝗲𝗲𝗽 𝗱𝗶𝘃𝗲 Review sector-specific threat landscape. Use real-world incidents and active TTPs (tactics, techniques, procedures). 𝗦𝘁𝗲𝗽 𝟰: 𝗦𝗰𝗲𝗻𝗮𝗿𝗶𝗼 𝗰𝗿𝗮𝗳𝘁𝗶𝗻𝗴 Scenario = believable + challenging. Build real consequences, cascading impacts, unexpected forks. 𝗦𝘁𝗲𝗽 𝟱: 𝗜𝗻𝗷𝗲𝗰𝘁𝗶𝗼𝗻 𝗱𝗲𝘀𝗶𝗴𝗻 Not random chaos. Every inject should align to the objectives. Drive thinking, decision-making, action. 𝗦𝘁𝗲𝗽 𝟲: 𝗣𝗿𝗲-𝗯𝗿𝗶𝗲𝗳𝗶𝗻𝗴 𝗮𝗻𝗱 𝗰𝗮𝗹𝗶𝗯𝗿𝗮𝘁𝗶𝗼𝗻 Engage critical teams before the day. Ensure buy-in, preparedness, and set expectations. 𝗦𝘁𝗲𝗽 𝟳: 𝗙𝗮𝗰𝗶𝗹𝗶𝘁𝗮𝘁𝗶𝗼𝗻 𝘀𝗰𝗿𝗶𝗽𝘁𝗶𝗻𝗴 You don't read slides. You orchestrate conversations, tensions, and decisions. P.S. Curious, which step do you find the hardest to get right?

My 6 biggest struggles in building my Cyber personal brand via LinkedIn: 1. Being repetitive 2. Running out of ideas 3. Writing from a blank page 4. Confusing my audience 5. Doubting myself Anyone reading this who has the same struggles, here's my advice: 1. You need to repeat your stories 2. Conduct deep research + speak to others 3. Use proven templates for your posts 4. Stick to a few topics from yr objectives 5. Don't exaggerate, write simply I have been writing for over 1,000 days. What else do you struggle with? I will provide some advice. P.S Reading helps writing

How do you keep up writing posts daily and constantly generating new ideas? Here's the truth: I don't. This is what works for me: - learn and be coached - define what I write about - research what interests others - repeat ideas and repurpose content - write your post in batches - study other ppl's posts If you don't prepare, practise, have systems, dedicate some time to learn, you will struggle to keep up with writing. Then you will find shortcuts. And generate vanilla content. And blend into the crowd. And be invisible again. Which is what you are now anyway. So choose your path. What's your way of getting new ideas? P.S Who is ready for lake season?

If you run a cybersecurity firm but neither you nor anyone from your team is creating content here on LinkedIn, you are missing out on a huge opportunity. And no. I don’t mean just reposting your posts from your company’s page or copying and pasting the latest product launch details. I mean content such as: - what is it like to work there - what motivates you professionally - what motives you personally - what problem are you solving daily - what are some client concerns - what are you learning to improve - what are some lessons learned - what does a day of work look like Why is this important and an opportunity? 1. Builds credibility for your firm. People are watching. Investors, prospects, clients, and future hires. If you are proud of the culture, product, and team that you are building, you should be proud to share that and leverage on the work done. 2. Beats traditional marketing. How many will read your white paper? Looking to host another Roundtable? Flying to drop $50k on a booth? Run advertising banners? Reinvest the money into coaching your team and building your personal brand and presence on LinkedIn. It’s not going away anytime soon. 3. The current and next gen are here. Your firm is gearing for a strong future yet your tactics are stuck in 2018. Yes the decision makers may still like a round of golf and steak dinners. But the future of networking starts here. Referrals are being made. Deals are initiating here. Don’t miss out by neglecting this channel. P.S why do you think most people are not leveraging LinkedIn? - don’t know how to write? - afraid of being judged? - worried abt what their boss thinks? What else?

3 reasons CISOs should run tabletop exercises in the 1st 100 days. 1. Teamwork You get a chance to work in the trenches with your incident response teams. Planning for the exercise will enable you to get to know your team better and start building teamwork. This will also be a good break from your other 100 days “assessments” and KPI coloring book activities. 2. Leadership engagment You get a opportunity to drive the conversation at various levels of leadership. This allows you to showcase the commitment to cybersecurity and progress of your team and readiness. Significant background work needs to take place to socialize roles/responsibilities prior to the exercise for it to be effective. It may backfire if you don’t prep well. But it can be a catalyst to get support for your overall cyber program. 3. Readiness assessment You get a first look at the incident response readiness of your team and the support from the rest of the organization. This will be important as it allows you to get a good sense of the state of readiness. You can potentially implement interim measures for any areas where you see huge risks before a longer term fix. It will also help you sleep better (or not). P.S would you run exercises in the 1st 100 days? Any other reasons you can think of?

How to be invited to cybersecurity podcasts and speak at conferences - Pick your passion topic  - Make sure it is aligned to yr biz - Write about it on LinkedIn frequently - Connect with podcast + conference hosts That is pretty much it. Yet not many Cyber CEOs do it. Instead, you may have to end up paying $$$ to be on a podcast or sponsor a stage... Only to go on it and pitch your solution and turn off the audience. Don't just build your presence to sell. People will smell it from a mile.

Here are things I never write about And maybe you should avoid too. - politics - religion - complaints - sensitive info - overly personal info - every trending or news event Not every opinion of yours needs to be shared and definitely not here. What else do you see others posting about that should be avoided? P.S this is not a political pic 😂

I’m the star of Rogers Cybersecure Catalyst, Toronto Metropolitan University. Who else but Fern who delights us with her presence in the office. P.S who did u think I was referring to? 😄

Some tabletop exercises take a page out of a Hollywood movie. A North Korean hacker somehow breaks into a water treatment plant. A ransomware actor somehow takes down every cloud provider at once. A sophisticated APT decides to target your 50-person startup for no reason. Not realistic. Not useful. Use real cases to drive your scenario. ✅ What's happening in your sector? ✅ What are the active threats, vulnerabilities, and TTPs? ✅ What regulations or public concerns amplify your risks? Example: If you're in financial services — Wiper malware targeting payment systems makes a compelling, real exercise. If you're in healthcare — A ransomware attack disrupting patient records is far more plausible than an APT1 nation-state plot. When you use relevant scenarios: Teams take the exercise seriously Discussions surface real-world weaknesses Leadership leans in instead of tuning out Make it real. Or don’t expect real learning. What was the latest threat scenario you used for your exercise?