A blog about blogging, with bloggers

I’ve never given much thought as to how long I’ve been blogging for, but for the purposes of this post I went and took a look. My first ever blog post went live on August 19th 2008, anonymously posting as The Infosec Cynic.

That’s nearly eight years I’ve been doing this whole blogging thing. It’s interesting for me seeing how my writing style, opinions, and ways in which I present my thoughts has changed quite significantly.

I often recommend people in the industry blog. Personally, I’ve found it’s been of immense use on a personal level. Giving an outlet through which I can share some of my half-formed opinions. It’s also allowed me to connect with people that share similar or opposing interests.

But I guess, if you’ve been blogging for as long as I have, you can easily forget what it’s like to get started. So I recruited the help of some other bloggers to help shed some light on the pros and cons of blogging.

Why Start Blogging?

As I alluded to earlier, not only has blogging opened up many avenues for me, I find it actually rather therapeutic. It’s an outlet whereby I can organise my thoughts.

Stuart Winter-Tear

Stuart Winter-Tear said “Primarily as a journal of my learning with the hope it might be useful to others.

“I’ve always enjoyed writing and I’ve always had a lot of opinions, and

together they form an unholy alliance” quipped Andreas Lindh. He went on to say “Seriously though, blogging for me is a way to express things that doesn’t quite come through on medias such as Twitter (often after failing to get a point across on said media). About half of my posts are technical write-ups, which really doesn’t work at all in any other form.”

Holly Graceful stated, “I had a notepad filled with ideas, notes, techniques and I wanted an easier way to track and modify it. My blog actually started out hand written and then became a .DOCX (I have terrible handwriting but I type quickly!). I didn’t like that I could only modify my notes file on my main laptop and if I was away or on a shared machine I couldn’t access it, so I wanted to place it in the cloud. I took the decision to port my naive little .DOCX over to WordPress for the simple reason of it became infinitely more accessible and simpler to edit for me. Although it was widely accessible it was never directly intended for other people, but I found myself responding to questions from colleagues with “Oh, I wrote about that!” a surprising amount – and GracefulSecurity.com was born.”


When embarking on something new, particularly with something as public as blogging there can be a certain degree of apprehension. What if people don’t like what I say? What if I’m wrong? What if my spelling or grammar is not up to standard? What if my boss doesn’t approve?

I had many of these fears to begin with. It was one of the reasons I initially started blogging anonymously. While it wasn’t too difficult for anyone to deduce I was the evil mastermind behind my blog, it did afford a certain degree of plausible deniability.

As circumstances changed, I came out from behind the curtain.

Lindh was candid in his response, “I was, and still am, super worried every time I post something. I guess the core of it is the impostor syndrome that a lot of people experience, as putting your opinions/work on print makes you vulnerable and very open to scrutiny. Which is scary.”

Sarah Clarke weighed in, “I had a gut feeling I really ‘got’ the stuff I was doing as a day job. I also thought I’d probably thought harder and longer about it than most folk. But I couldn’t be sure. In the end I couldn’t avoid finding out if what I thought was worthwhile and helpful to others. I reckoned it would:

a) Get completely ignored

b) Get ridiculed for being naive, or stuff that didn’t make sense in ways I hadn’t realised or

c) Some folk might read it and appreciate it.

A serious associated concern was that lots of folk might read it and find it obvious, wrong, or just plain rubbish and as a result my employer would be upset, or my more general reputation would go down the pan. That’s why all my early posts were as infospectives, and my real name didn’t appear on the site. Even registered new email addresses and got someone to register the domain for me just in case.”

Holly Graceful

For others, like Holly Graceful, the apprehension began to sink in as the audience grew, “At first no, because I didn’t consider the idea of an audience, let alone what my audience would look like. The content was for me. I felt my first worry when people started referring to things that I’d written, either online I’d see people post about something I’d written or worse – one day my boss mentioned something he’d read on my site. That’s when I realised people actually read my content! I became worried about two things, was the content accessible and was it technically correct.”

Bart Blaze wasn’t as worried as I was when he started blogging. He explained, “Of course I was a tad nervous when I published my first blog post ever due to it not being good or valuable enough, too simple, not enough interest from anyone etc. However, if you don’t post you may miss out on gaining feedback from the community or even yourself. Simply do it and you’ll see it won’t be as bad as you may think.”

The levels of apprehension when starting varies from person to person. But a certain level certainly exists. This isn’t necessarily a bad thing. If you’re considering blogging and are apprehensive, channel that into pushing you towards validating facts, doing more research, and establishing a strong narrative.

The Pitchforks Are Coming

The nature of the internet is such that if someone disagrees with you, they can be as rude about it as they wish. The security industry is no different, and posting something that is incorrect can lead to swift rebuttals. If you’ve spent any amount of time on social media, you’ve probably seen a public tear-down of an individual that has caused you to think twice about whether you want to step into this colosseum.

Stuart said he’s been fortunate in this regard so far, “Folk have been very kind with me, but if you put yourself “out there”, you must do so with the understanding that some may wish to take umbrage publicly. It goes with the territory.”

Bart Blaze has far thicker skin than I and approaches it in a logical manner, “Yes and no. You cannot advance without making mistakes. Even though I try my best to not make any, one can always slip through the cracks due to x,y, or z factor.””

Sarah Clarke shared found criticism to be the exception than the rule, “With nearly two and a half years and many trade articles and blog posts under my belt, I now know that’s only very rarely true. I’ve have had some fair and uncomfortable challenges: Once when I failed to give someone I disagreed with a right of reply before quoting them in a post (turns out I had missed valuable context for his comments – an important lesson learned), and once when I weighed into a debate on how a TV programme about hackers didn’t – in my opinion – help dispel stereotypes. That latter time a super high profile person in the trade directly contacted me to challenge the points I made. It was a slightly nerve-wracking thing to find myself at odds with his opinion (he was a key contributor to the programme). I subsequently moderated and caveated some points made, but remembered I was entitled to disagree, as long as I justified that opinion.

Andreas Lindh

In general though, I’ve tried (and seemingly succeeded) in not being contentious for contentions sake. And as such I’ve had far more positive feedback, constructive advice and lovely praise than anything else.”

Andreas Lindh believes it can come down to the audience, “The infosec community can be harsh, no doubt about that, but there are areas in it which are worse than others. You
could say that it depends on who your target audience is. From my perspective, the low-level tech crowd are easily the worst, some of those people seem to feed on the mistakes of others, while the more policy oriented bunch seem to be much more forgiving and encouraging.”

Showcasing the wide array of complaints that can emerge, Holly Graceful shared an odd criticism, “I received a handful of messages a day for about three weeks straight once to complain that my site is pink. Yes it is, very slightly (the header is pink, the rest is black-on-white text). The way I fought this was with humour, I posted a theme option to the site which changed the CSS so that it was green-on-black like the stereotypical hacker’s terminal – I even called the theme option “Stereotype”. If people don’t like the colour scheme, as ridiculous a complaint as I may feel that is, then I can deal with that.

I’ve never felt torn down, or like I’ll be torn down for posting. However I do spend hours working on content before I post it, making tiny changes before I’m happy enough to post – especially when it comes to video content. So maybe that’s how I deal with that feeling, I just make sure I’m happy with the content before it’s released.”

Should others blog?

Personally I always recommend blogging. But I do enjoy writing, so that is definitely a help.

Andreas and Stuart share the similar viewpoint that it’s something you have to enjoy or want to do. Andreas said, “Blogging just because it’s a

“cool” thing to do is not a good idea. As all things creative, it should

primarily come from a desire to express yourself”. Stuart shared the viewpoint, “It’s not for everybody. It can be a thankless task. But if you enjoy writing, then absolutely.”

Bart Blaze

Sarah was more inclusive in her encouragement, “Definitely, if you will enjoy it. I think the key thing is to either have a very specific aim in mind and tailor content and frequency of posting to that aim, or to just do it for yourself and take any views, shares and followers as a lovely surprise. If you’re honest about how easy it is for you to write (and find time to write!), then be honest about the kind of things you’ll be able to achieve with the blog. Also try to stick to what you know, or if you stray outside that, make sure you do some proper research and/or ask folk to review.“

Personally I lean more towards Sarah’s assessment. Blogging doesn’t necessarily mean writing Hunter S Thompson style articles. They can be very short, or only contain images. Whatever style you choose, it can be a powerful tool to help amplify your voice out to a much wider audience than you could otherwise reach.


Almost every blogger I spoke to said that blogging had been a positive experience. Holly said, “Blogging has been incredibly positive for me. I’ve learned so much through posting. It motivates me to learn more, read more, and work closer with other members of the community. I find that there are items around blogging which get better directly because of blogging. It’s not all perfect, not all content makes it and sometimes I do worry about posting content that I think might be controversial technically, but I’m still blogging. I’d strongly recommend that people try it, no one might read your content, but that’s not the point for me. It all started for me as a personal project to track my own notes – it just happens that other people on the Internet liked my tiny pink corner of the net”

Parting thoughts

If you’re one who isn’t convinced, doesn’t have the time, motivation or interest in blogging, then there’s probably nothing anyone can say to convince you otherwise. It is a time-consuming activity and it can be important to devote time to other life goals.

Stuart reminded that everyone has insecurities. “Not everybody enjoys writing and this is a must to blog. You also have to have an passion for it to keep you going. If they fear negative backlash or feel they had nothing of value to say, but still desire to blog, I’d support them and encourage them to ignore the fear and know their perspective or understanding or experience is of enormous value to the community.

After all, most of us have these insecurities to one degree or another.”

While Andreas reminds us that blogging isn’t essential, “I think that having nothing to say is a perfectly valid reason not to blog. I don’t buy the talk that everyone has to “contribute to the community”. However, if you feel that you have something to say and is afraid of negative backlash, one way would be to write something and have it peer reviewed first. Most people know someone, either IRL or on Twitter, who could read it first and point out obvious mistakes. I for one would be happy to do so. I think the main thing though is that you should write things that you’d want to read yourself. This is how I write music, I write the songs I’d want to listen to. Works for me at least.”

sarah clarke
Sarah Clarke

Sarah’s recommendations almost mirror the path I took myself. “Start small and anonymous if you are worried. Maybe put it out there quietly, or even just put it out there to folk you trust. But, if you feel enough like you have something worth saying to create the blog in the first place, chances are you really do. Remember, there are very, very few people who can even remotely claim to have seen and done all security has to offer. In your corner of your world, you will more than likely have points of view (if honestly shared with a degree of humility), that a subset of security and non-security folk will really value hearing.

Oh, and the online security crew really are, in the vast majority, fantastically supportive and helpful…unless you wade in like you own the place shouting the odds. I thank my lucky stars for a huge number of wonderful folk who welcomed and encouraged me and gave me the confidence to effectively change my life for the better.”

Finally, Bart Blaze shared some wisdom, “It’s not important to blog about something fancy, blog about your experience and the rest will come by itself. Everyone has something of value to say and a lot of people blog only about successes, not failures. Everyone fails, it’s basic human nature. The only backside in infosec is that usually nobody will hold your hand and you’ll need to grow all by yourself, which is fine. However, a mentor or peers can be of importance. This is valid in any field. In my case, I fought hard to get where I am today, as unfortunately the infosec community can be very unforgiving: if nobody knows you, you’re a nobody. Obviously this is not true.

So what’s important is:

  • A mentor or people to contact if necessary for advice
  • There are no ‘wrong’ or ‘bad’ blog posts: worst-case scenario is you made a mistake and someone gives you the opportunity to fix it
  • Just start blogging. Keep them in draft if necessary, complete the blog post and leave it for a week. Review it and correct mistakes if any, then simply publish. But honestly, at some point good is good enough.”