Open in app

Sign in

Write

Sign in

Starting up your “second brain”: How to start with personal knowledge management

Jennifer Wennekers
6 min readJan 27, 2023

--

A selection of some of the cybersecurity reports I’ve accumulated in 2022. The various artworks belong respectively to the organisations that published the reports.

When you work in cybersecurity, it is important to have a strong understanding latest threats, developments and best practices in the field. That being said, the pace with which things change quite often makes it difficult to keep up — especially the longer you work in cybersecurity, or have to deal with complex subjects on a day-to-day base. Because of this, I highly recommend creating a “second brain”: The place where you can manage your own personal knowledgebase.

Personal knowledge management

Why would I start with personal knowledge management?

A big part of my days is filled with ad-hoc requests or questions, either from friends in the industry, colleagues, or clients.

What is currently the most used type of ransomeware?”,
Which industries have been targeted the most in the last year?”,
What is the average time to detect and contain a breach?”,
Can you give me an overview of the most relevant adversaries and their preferred modus operandi for my industry?”, and
Do you remember where I can find this info-graph that clearly depicts the various types of adversaries?

are common questions I often hear. And while I’ve been trained to retain a lot of information and reproduce it in some form when requested, I am not a computer with a (seemingly) infinite amount of storage. In comes personal knowledge management. In other words, 1) acquiring, 2) organising and 3) applying of knowledge to achieve personal or professional goals through my second brain.

How should I start?

Acquiring knowledge is rather simple. Each year vendors, security organisations, research institutes and government agencies publish relevant reports on the current cybersecurity threat landscape*. In addition to that, the cybersecurity community is always eager to share updates on their own journeys, findings and developments. Look for blogs, social media posts or conference presentations.

💡 *While it initially might seem complex on where to start looking for these reports (as there are so many each year), once you’ve been in the industry a bit longer you start to identify which institutes and vendors are consistent in publishing qualitative annual reports — making it easier to track for you. However, to provide you with an easy starting point: I’ve created an overview here that contains over 40 reports that were published in 2022 alone.

Once you’ve acquired the data, you can start focussing on organising the information in your “second brain”. The easiest way to do so nowadays is in a digital format, which can range from storing it all in a notepad to having a fully-fledged database in which it is easy to store, access and update the information when needed. I myself have been using Notion** for the last year, and have been extremely satisfied with the possibilities it gives me when it comes to knowledge management. That being said, I know of friends and colleagues who use Evernote, OneNote, GoodNotes, Notepad++, and many other tools — or even a combination of various tools (as a good friend of mine does). What matters here, is that it works for you.

💡 **Notion.so is a powerful all-in-one workspace for organising and managing all your personal and professional projects. It provides the possibility to create customisable databases, wikis and task lists to keep track of your notes, ideas, and to-do items. You can also use Notion to collaborate with others, share files, and access your work from any device.

While Notion has encryption for data in transit and at rest, they do not have end-to-end encryption (E2E) while writing this. Meaning: Theoretically someone who works at Notion would have no problem accessing your pages and seeing all your data. Please keep this consideration in mind if you wish to explore using Notion, especially when thinking of what kind of data to upload to their AWS hosted storage.

After acquiring and organising the data, it’s time for you to start applying the collected knowledge to achieve your personal or professional goals. In the “Real life examples” paragraph, I’ll provide you with a couple of use cases on how to apply personal knowledge management to your own life.

Ok, but really, how?

While personal knowledge management comes down to acquiring, organising and applying of knowledge to achieve personal or professional goals, this might still sound a bit too abstract. Therefore, some concrete strategies when it comes to managing your knowledgebase:

  1. Set goals and priorities. Identify what you want or need to learn, and why. Prioritise your learning activities accordingly.
  2. Organise your information. Use tools such as digital folders, notebooks, databases or even mindmaps to store and organise your knowledge in a way that is easy to access — and to update. Identifying the main categories or topics that your information falls under. You can then create subcategories or subtopics to further organise your information into smaller, more manageable groups.
  3. Use active learning techniques. Now this may sound like the odd duck of the bunch, but hear me out. Engage with the knowledge that you’ve accumulated (or are in the process of accumulating) by taking notes (writing about it or summarising it) and by applying it in real-world situations. In other words: Don’t collect it just to say you have it — actually do something with it.
  4. Seek new sources of information. Keep up to date with the latest developments in your field of interest (whether it be cybersecurity or another field) by reading reports and articles, attending conferences (and taking notes), and networking with other professionals.
  5. Review and update your knowledge regularly. Set aside time on a regular base to review and update your personal knowledgebase, and to identify potential gaps or expansion opportunities.

Ultimately, the best approach to personal knowledge management will depend on your individual needs and preferred learning style. It may take some experimentation to find your ideal way of working.

Real-life examples

Use case 1: Knowledge base

The first example I’d like to share with you, is my own personal knowledgebase of all reports, articles and whitepapers I have collected over the last few years. I’ve stored it in a Notion database (with a “Table” view), which allows me to directly see all required data, or filter quickly based on what I’m looking for. The values that I can search for are:

  • Name
  • Vendor / Author(s)
  • The year it was released
  • The actual report file
  • Topic(s) (e.g. threat intelligence, incident response or vulnerability management)
  • Medium type, and
  • Category (e.g. tech or non-tech)
My own personal knowledgebase

Use case 2: Keeping track of your training and certification progress

As an additional bonus: Knowledge management can help you to identify gaps in your own knowledge, and act as a starting point to plan new learning and development opportunities. If you know what you’ve been focussing/collecting information on during a specific timeframe (days/months/years), it becomes easier to map out how you want to develop yourself further. And this is where for me, Notion becomes extremely handy to track my own progress.

Because it is based on databases, you can create relations and dependencies between multiple databases. So, I’ve created two databases:

  1. “Training”, and
  2. “Certification paths”

The “Training” database gives me an overview of all training that I would like to complete: Including progress status, the name of the training, the institute, and if applicable, what year I’ve completed it (this last part especially helps for example when writing your year end reflections, as you can create a filter that provides an overview of the training you’ve completed in a specific year).

The “Certification paths” database contains an overview of specific certification paths I would like to complete — and which individual trainings are a mandatory part of this. Because of the relation I’ve created between the two databases, if I complete a training that is part of a certification path, it also automatically updates the progress status for that specific training path.

Selection of individual trainings and certification paths I (as a Threat Management specialist) eventually wish to complete

Ultimately, I do realise that this might be a bit too much for some people. However, it works for me — which is ultimately the purpose of creating a second brain. How do you manage your personal knowledgebase? Let me know in the comments!

* Opinions expressed are solely my own and do not express the views or opinions of my employer or clients *

Cybersecurity
Knowledge Management
Information Security

--

--

Jennifer Wennekers
Jennifer Wennekers

Written by Jennifer Wennekers

50 Followers
16 Following

Woman (she/her/hers) in CyberSecurity that believes she contributes with her actions in the cyber security world to the greater good.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams