PKM Will Make You a Better Cybersecurity Professional
Personal knowledge management skills will lead to being more effective in any cybersecurity role
This might be my favorite topic I’ve written on in a long while, simply because I know that this has been enormously beneficial to me in my own cybersecurity career journey.
Just a few weeks ago I found out what the PKM acronym stands for, and here I am throwing it into another post title like I’m already one of the PKM cool kids. It’s justified though, because as I mentioned in that post it’s something I’ve been doing all through my 20+ years in cybersecurity and IT work. It just never had a cool acronym (or one that I knew of) and I wasn’t aware of all the impressive and deep thinking that’s been done around it in recent years.
With or without the cool acronym, this is a skill that will prove essential in your career in cybersecurity. Whether you are just starting out, mid-level, or senior - just as we should always be learning, we should also always be able to channel what we learn and make use of it. And that’s right at the core of PKM. I talked last week about note taking being an underrated cybersecurity skill. PKM starts with note taking.
This is stated far more eloquently by Tiago Forte in his “Building a Second Brain’ book, along with a wonderful introduction to the commonplace book and how it is linked to the title and theme of the book:
For centuries, artist and intellectuals from Leonardo da Vinci to Virginia Woolf ... have recorded the ideas they found most interesting in a book they carried around with them, known as a commonplace book.
We now have the opportunity to supercharge the custom of commonplace books for the modern era. This digital commonplace book is what I call a second brain.
Knowledge begins with the simple time honored practice of taking notes … The centerpiece of your second brain is a digital note taking app.
How do we put PKM to work to make us better in cybersecurity jobs?
The short answer is that this should be in the forefront of our minds during all of our efforts. It’s just as relevant when we’re doing work that includes a lot of deep technical detail as when we have that brilliant idea on how to solve a tough problem when we’re taking a shower in the morning. Here’s a starter list on some of the principles around this and how and where we should be putting it to use:
Always be taking notes - to save that lightbulb idea right after the shower, or a new thing you learn during the course of your day (or many things)
Capture details while you’re working - this might be IP addresses, domain names, user logon fail events, indicators of compromise in your security logs, or just the name of a person in a different team who you need to talk to on a project
Note down thoughts, ideas, concepts and approaches that surface in brainstorming sessions - with your team, wider groups, or even your own solo efforts while working on a task or project
Make notes when you’re studying/learning - at work, outside of work, while reading a new cyber threat intel report, an interesting whitepaper, or watching a live or recorded event
Find a great note taking app (unless you prefer pen and paper). They’re are many of them around. The images in this post of parts of a couple of my notes are in the Notion app
Put time into organizing your notes - work on developing a system that works best for you - using folders and/or tags, backlinks, notebooks etc. And do regular housekeeping on your notes - archive or delete those that no longer feel useful, trim them down. I also love the idea of atomic notes - single idea notes, and here I’m using a description of these via Obsidian Rocks:
Single idea notes … Fleeting Notes are temporary notes - when you jot something down, raw unfiltered reminders of things we want to remember
Permanent Notes are also called atomic notes. There are many different types of permanent notes … connected notes, notes that are intentionally connected to other notes in the vault
Atomic notes are what we carve out of our longer notes. They’re the most important bits of a note that we recognize when we review them X amount of time after taking them. Or they’re more of our own takes, our own words on the parts of a longer notes that feel most important to refer back to.
A lot of what this comes down to is that notes make us smarter. The better our notes are and the better we manage them - PKM - the smarter we get, and the more confident we get. Reviewing your prep notes 30 minutes before a job interview can give you a big confidence boost going into the interview. Doing the same before a project meeting can bring the same result. Same goes for our organized or random conversations with our colleagues in cybersecurity teams and people in the business units we’re interacting with.
The saying “knowledge is power” is real truth in the cybersecurity field.