Newsletter

Call to actions

<!-- Begin MailChimp Signup Form -->
<link href="//cdn-images.mailchimp.com/embedcode/horizontal-slim-10_7.css" rel="stylesheet" type="text/css">
<div id="mc_embed_signup">
<form action="https://programanalys.us18.list-manage.com/subscribe/post?u=bd5eb27cbf2439548b2e8a004&amp;id=3a3adcf571" method="post" id="mc-embedded-subscribe-form" name="mc-embedded-subscribe-form" class="validate" target="_blank" novalidate>
    <div id="mc_embed_signup_scroll">
	<label for="mce-EMAIL">Be first to hear about more cool security research (no spam, ever)</label>
	<input type="email" value="" name="EMAIL" class="email" id="mce-EMAIL" placeholder="your best email address" required>
    <!-- real people should not fill this in and expect good things - do not remove this or risk form bot signups-->
    <div style="position: absolute; left: -5000px;" aria-hidden="true"><input type="text" name="b_bd5eb27cbf2439548b2e8a004_3a3adcf571" tabindex="-1" value=""></div>
    <div class="clear"><input type="submit" value="Sounds good!" name="subscribe" id="mc-embedded-subscribe" class="btn btn--danger"></div>
    </div>
</form>
</div>

<!--End mc_embed_signup-->

Want us to send you the interesting security research we come across?
No vendor stuff, no spam, just high quality technical content.

<!-- Begin MailChimp Signup Form -->
<link href="//cdn-images.mailchimp.com/embedcode/horizontal-slim-10_7.css" rel="stylesheet" type="text/css">
<div id="mc_embed_signup">
<form action="https://programanalys.us18.list-manage.com/subscribe/post?u=bd5eb27cbf2439548b2e8a004&amp;id=3a3adcf571" method="post" id="mc-embedded-subscribe-form" name="mc-embedded-subscribe-form" class="validate" target="_blank" novalidate>
    <div id="mc_embed_signup_scroll">
	<label for="mce-EMAIL">Security career advice, useful links, and top shelf security research, sent piping fresh to your inbox. No spam, ever.</label>
	<input type="email" value="" name="EMAIL" class="email" id="mce-EMAIL" placeholder="your best email address" required>
    <!-- real people should not fill this in and expect good things - do not remove this or risk form bot signups-->
    <div style="position: absolute; left: -5000px;" aria-hidden="true"><input type="text" name="b_bd5eb27cbf2439548b2e8a004_3a3adcf571" tabindex="-1" value=""></div>
    <div class="clear"><input type="submit" value="Sounds great" name="subscribe" id="mc-embedded-subscribe" class="btn btn--danger"></div>
    </div>
</form>
</div>

<!--End mc_embed_signup-->

Ideas

  • When people join, set up an auto drip where we send them our top 3 articles, 1 a week, over several weeks.
    • From Noah Kagan’s 2018 Best Marketing Strategies
    • Noah sends new joiners 1 email a week for 3 weeks after they join of his best articles over the past 5 years.
    • NOTE: In a later video, he said that he reviewed this series and found it annoying.
  • When people join the list, include in the welcome newletter a quick poll where all they have to do is click a link: Which best describes you:
    • I want original content only, I’d like useful links + original content
  • Con search (tl;dr sec original idea)
  • Host on https://programanalys.is/con_search - VueJS standalone page.
  • Send to newsletter for feedback after importing/tagging only 1 conference.
  • What features do you want?
  • Is there a way to let other people help tag?
  • Include gif in email of me using it
  • Allow filtering by has_video, has_slides, and source_code

  • Publish subsequent newsletters to osame Twitter thread so people who previously liked it can see the update.

  • Include banner: “tl;dr sec - practical security research you can use”
    • tl;dr can be a different color, maybe DodgerBlue.

Resources

Growth Ideas

  • Write of Passage “SEO for Blogging Video”

[Neil Patel - How to Build an Audience (Even if You’re a Nobody)](https://www.youtube.com/watch?v=I3sxZIyfXh0**

1000 True Fans - engage 1:1 with your first 1,000 fans.

When you engage with those first 1000 people, those are your true die-hard fans. They become your first 1000 visitors, your first 1000 people on your subscriber list, your first 1000 customers. They’re not only much more likely to buy from you, but they’re likely to blog, share, tell other people about it. That’s what helps you get to the next 10000 buyers or fans or subscribers. Then from there, that’s what allows you to grow over 100000.

Guest post where your readers read

See what publications those 1000 people who are super engaged within the community read. Typically, they don’t read too many sites. For example, in the marketing world, there’s so many marketing blogs that I can’t keep track of, but there’s only a few handful that are super popular, like neilpatel.com, or Backlinko, or Moz, or HubSpot. But when you guest post on these sites, it doesn’t take too much effort because you don’t have to guest post on hundreds of sites.

Ask people within your community to share your content

If you ask people in your community to share your content, especially when you don’t have any fans and you’re a nobody, they’re usually not gonna do it. So you have to do something that causes them to want to share it. For example, if I was new to the marketing world and I release amazing blog posts with stats and data about marketing and I also link to BackLink or Brian Dean or someone from Moz, I would then email them saying, “Hey Brian, I have to say, I am a huge fan of your work. So much so, that I even linked to you in my newest blog post. Feel free to check it out here. Cheers, Neil. P.S. If you enjoyed this blog post feel free to share it.”

Michael Hyatt Shares How He Grew His Blog To Over 350,000 Readers Per Month

At the end of the first year his blog had 100 monthly readers, 200 after 2 years, 400 after 3 years.

It was only after 4-5 years that it had 1,000, then the following year 10,000. It hit an inflection point.

Keeping with it is the key differentiator between successes and failures.

Tip #1: Blog Consistently

  • Started blogging every week day.

Tip #2: Make it about the audience

  • What’s in it for me? What are their needs, concerns, fears?
  • Maybe a personal story to lead in to, but ultimately article about them.

Tip #3: Get involved in social media

  • Refer people back to your site

Tip #4 Find your voice

  • Only way to do so is write, can’t meditate. Takes practice.
  • Be experimental, try things.

Michael Hyatt - Blog Tips For Building A Bigger Audience In Less Time

1. Build your email list.

  • He was blogging for 5 years before storing one.
  • He went from 3-4k subscribers to +70k when he started offering a free ebook on his site that was a collection of his existing blog posts.
  • Make it easy for people to register - don’t ask for too much. First name so he can personalize later, and email.
  • He uses MailChimp.
  • Insert in side bar, super prominent.
  • Really helps to incentivize people to provide their email.
    • And it has to be excellent, it’s a sampling of your work. If it’s not good, they won’t come back.
    • Can repurpose your existing blog posts.
    • Used Keynote to generate the PDF.

2. The Consistency Factor*

  • When you blog you’re building a relationship with people. You have to be predictable.
  • You’re building trust, and trust is the #1 asset you have as a platform builder.
  • He chose to blog 3 days a week no matter what. Whatever it is, stick to the schedule.

The way to be more consistent is state your intention:

  1. State the intention - I will blog once a week.
  2. Schedulue it - what’s on the schedule is what’s get done. Block off the time.
  3. Sit down and write

For him, it was a sacred promise he made to himself. He was in touch with why that was important.

  1. Blogging without a template
    • Don’t create from scratch every time, have a structure you tend to use.
    • Have a great headline, people read that then decide if they should read the rest

TODO END 9:09

unSEXY Conf 2013: Patrick Collison, Stripe

  • 2013 interview, 2 years after Stripe was founded, they were already processing billions in payments / year.
  • Pretty much everything they’ve done for user growth has been incredibly unscalable.

Don’t just “make something people want.”

Always maximize user happiness.

Emphasizing the first 2 parts: “always” and “maximize.”

The first couple of users they acquired for Stripe, they literally asked their friends what features they needed to start using it, then built those exact features. They did this several teams, building a series of one-off features.

For their first set of users when they went public, they sent all of the early users handwritten thank you notes, signed by the entire team.

They had a help chat channel where people could pop in at any time and ask questions. It was so popular and led to such glowing feedback that when people were sad when they logged on at night and no one was there because Stripe employees were sleeping, they hooked it up to Pager Duty so that when someone asked a question it would page a random person in the middle of the night.

Their fraud detection was originally just humans manually looking at it - this is very hard to do algorithmically, but a human can do a pretty good job, even if it isn’t scalable.

They built and launched their monthly subscription service product before they had finished the monthly payment part of it - they figured they had a month to get that working.

You don’t need to build things that scale endlessly. You can figure it out gradually, given time.

  • This is a great fact to know when you’re building a start-up.
  • It frees you from feeling you have to know how to scale everything you’re doing to millions of users.

This unscalable behavior happens at every level of size of your business.

Just wake up every morning and think, “At the scale I’m at, given the resources I have, what can I do to make users the happiest they could possibly be?

People to invite

  • Me
  • Daniel
  • Zane - asked
  • Jack Leadford
  • Michael Roberts
  • Stetson University People
  • Doug deperry
  • Julian seek
  • Barbara AppSec eu
  • Marco lancini
  • Haroon Meer
  • David scrobonia - personal email
  • Andres hermosilla - personal email
  • Adrian bravo
  • David Wong
  • Gabe Pike

  • Jennifer Fernick

  • David Nichols

  • JB Sqreen

  • Justin Engler
  • Sassy Jonathan
  • Stephen gallo

  • Travis McPeak
  • Will Bengston
  • Scott Behrens
  • Astha Singhal
  • Aladdin
  • Ayman Elsawah

  • Bryan Solari
  • Joel Scambray
  • Cristiano Corradini
  • Robert Seacord
  • Tony Cargile
  • Ben Smith
  • Sid Adukia

  • Jake Heath

  • Aaron grattafiori

  • Zach Hill IT Career Questions - reach out via email and catch up first

  • Talha

  • Jeff McDunkin
    • Daniel’s other friends
  • Vikas
  • Aisling
  • Andy Grant

  • Adam Rudderman
  • Matt Lewis
  • Bogdan Copos
  • Jonathan Ganz
  • Dianna Claghorn Pandora

  • Aaron Ta - Credit Karma
  • Martin Villalba
  • Hongyi Hu
  • Devdatta Dropbox

Medium term

  • People who took the PPA training
  • Cytense
  • People who’ve reached out to me on LinkedIn
  • People who’ve reached out to me on Twitter
  • Friends at Slack (Larkin, Kelly, Nik, Fikrie, Nikki)

  • Chris Anley
  • Soroush

  • PARG list
  • Seth Law
  • Ken GitHub
  • Tanja Janca
  • Tomasz Kolinko? - probably not, won’t write about crypto
  • Mark Funk
  • Jocelyn Detectify
  • Jessica Daily Swig
  • Eduard Kovacs - Security Weekly
  • Autodesk - Hemanth, Tony Arous, Izar (AppSec Cali speaker), Amrata Kasture (Ahsan Mir - now co-founder of rapticore)

  • Francois DevSecCon
  • Jeff Dileo

  • Jonathan Marcil
  • Daniel’s lab mates and future students
  • Former HB list
  • MVP Slack
  • Hacker Pizza Slack
  • Kevin Babcock
  • Max Burkhardt
  • Flee

Long term

  • Daffyd Stuttard
  • Tyler Shields

  • Halvar Flake
  • Rob Mann
  • Himanshu
  • John Steven
  • Daniel Miessler
  • Gary McGraw
  • Leif Dreizler

Lessons Learned

Responded to: https://twitter.com/sylv3on_/status/1186352923900628993

What’s your favorite news source when it comes to infosec related news?

With:

  • @DanielMiessler has an excellent newsletter: https://danielmiessler.com/subscribe/
  • @shehackspurple tweets good stuff and has a blog: https://medium.com/@shehackspurple
  • @absoluteappsec is a podcast I enjoy
  • @lancinimarco has a great cloud security newsletter https://cloudseclist.com

=> 6 RTs, 21 likes

Then replied:

And I started a newsletter on #AppSec #DevSecOps, security talk summaries, security tools I come across, etc. https://programanalys.is/newsletter/ </shameless_plug> 😅

=> 1 RT, 4 likes

I wanted to include a bunch of other resources I thought were good before pitching my own so it didn’t feel too salesy and so the icon would be mine bc it would be the first link, but becauses I referenced everyone else in the other tweet and people like to promote themselves that got a lot more attention.

Next time:

  • Include links to tl;dr sec in the tweet with everyone else rather than separate tweet so that it gets shared with all the RTs
  • Don’t apologize for promoting tl;dr sec, be proud and genuine about desire to help people and its quality. Don’t equivocate.
  • Reference to tl;dr sec could be last in the list (or first if I want it to be the icon)

Out of this I got maybe 3-5 followers and 2 new subscribers.

Include talk title slide in tl;dr sec newsletter posts

When the latest issue of tl;dr sec includes links + a new summary, have the background image of the tl;dr issue also be the title slide of the talk (same as the standalone post summarizing the talk).

This makes clicking on the newsletter link more compelling on social media vs the standard forest one.

List Size

  • 2019-05-21 - ~32 before sending first newsletter, most manually added.
    • ~590 Twitter followers
  • 2019-05-22 - ~51 after first newsletter
  • 2019-05-23 - 60
  • 2019-05-30 - before sending newsletter #2 and tweeting
    • 67 subscribers, Clint has 614 Twitter followers
  • 2019-05-31 - 1 day after tl;dr sec #2
    • 68 subscribers, Clint has 614 Twitter followers
    • OK this one basically made no impact at all, though Dev reached out with a useful link and another 1-2 people reached out via email saying the newsletter was quite useful.
    • What was different?
      • #1 - Mon, May 20th 4:32 PM to 33 people,
      • #2 - Thu, May 30th 10:08 AM to 66 people
      • For #1, the Tweet about the newsletter got a ton of retweets and likes, the Tweet about #2 only got a handful of likes and retweets.
      • Also, #2 didn’t have a summary associated with it.
      • Stay the course!
    • As of today, SCORE Bot article on LinkedIn has 34 article views and 3 reshares (Mario SDLC, Shaun Jones, Sean Brazeau)
  • 2019-06-20 - no more newsletter issues yet, just a Clint series of birthday reflection tweets
    • 81 contacts, 80 of which are subscribers
    • 638 Twitter followers
  • 2019-06-25 - pre newsletter #3 - insecure dev, why some product teams are great and other’s aren’t
    • 85 contacts, 84 are subscribers (I added Hemanth from Autodesk and my mom/sister/brother, so actual sub count is the same really)
    • 638 Twitter followers
  • 2019-06-26 2:25pm - post newsletter #3
    • 118 contacts (+33), 117 subscribers
    • 654 followers (+16)
  • 2019-06-27 8:27pm
    • 132 contacts (14), 131 subscribers
    • 662 followers (+8)
  • Newsletter #4 - some new Twitter followers, no new subscribers!
  • 2019-08-05 - 8:50am - before newsletter #5
    • 150 contacts, 147 subscribers (some passively joined between the newsletters)
    • 703 followers

TODO: ShellCon got a ton of subscribers

  • 2019/10/21
    • 260 contacts, 252 subscribers
    • 841 followers
  • 2019/10/23 - pre tl;dr sec #11
    • 266 contacts, 258 subscribers
    • 846 followers
    • Sending out tweets, newsletter, and LinkedIn post @ 8:46am PT
    • https://twitter.com/clintgibler/status/1187032965244575744
    • https://www.linkedin.com/posts/clintgibler_tldr-sec-11-shellcon-2019-roundup-activity-6592798894504185856-Y60z
  • 2019/10/29 - post tl;dr sec #11
    • 274 contacts, 265 subscribers (+7 subscribers)
    • 852 followers (+6)
  • 2019/10/30 - post tl;dr sec #12 @ 10:55am PT, twitter/email/LinkedIn
    • 278 contacts, 269 subscribers (~ +4, rough, may be wrong because of data from below)
  • 2019/10/31 - Caleb Sima endorsed it on LinkedIn:
    • https://www.linkedin.com/feed/update/urn:li:activity:6595740429701001216/
    • As a busy exec who’s heart is still deep in tech. I have found it almost impossible anymore to keep up with latest good tools/talks in infosec. I have to give a shoutout to Clint Gibler ‘s newsletter tldr;sec which gives me a weekly email that is a curated view of the best stuff. It is absolute gold - keep up the good work Clint. I highly recommend people sign up:
    • 323 contacts, 314 subscribers (+45 subscribers)
    • Twitter followers: 863 (+11 from tl;dr sec #11)

TODO DevSecCon Tel Aviv Keynote subscribers

  • 2019/11/12 - pre tl;dr sec 13
    • 423 contacts, 413 subscribers
    • 888 followers