Hi friends,

In the spirit of the holidays, we have a special edition of the Human Element for you today. It’s our 12 days of Christmas edition!

I hope you enjoy our hand-picked collection of articles, reports, and resources. It should provide some immersive holiday reading while you avoid the in-laws.

And speaking of the 12 days of Christmas, you should know that with inflation, the current price of all 12 days is running a hot $45,523, up 10.5% vs. 2021. Those golden rings really popped this year.

We’ll be off next week, in the mountains of Colorado, but back the first week of January with a reflection on the criticality of communication skills in cybersecurity.

In the meantime, I hope you all have a wonderful Hanukkah, Christmas, and New Years. May the season treat you and your family well.

-Brad

The 12 days of Christmas - Cyber edition

1) Partridge in a pear tree

In recent years, the NSA has taken to publishing a year in review. It’s a fascinating read on the efforts NSA has put into place, often in partnership with the private-sector, to defend against cybercriminals and nation states this year.

2) Turtle doves

One of my favorite authors is Mark Mason, most famously known as the author of the Subtle Art of Not Giving a F***. Often categorized as ‘self help,’ he’s really more of a modern day philosopher. His weekly newsletters have historically been one of the best things in my inbox. He just launched a new one, meant to provide pithy thought provoking insights and practices for the week. Take a look.

3) French hens

It technically came out last year, but Nicole Perloth of the New York Times wrote such a wonderful book on the development and maturation of the zero day market, I wanted to share it here. This is How They Tell Me the World Ends reads like a LeCarre spy novel.

4) Calling birds

Momentum Cyber publishes the most authoritative studies in the industry on what’s happening in the cyber technology landscape. Key trends, fundings, all the info you need to know is here. They won’t publish their '22 year in review until early ’23, but you can stay up to date with all of their great material, including their market map, here.

5) Golden rings

The New Yorker just published a fascinating longform going on the inside with the researchers working to develop the quantum computer. Check it out.

6) Geese-a-laying

I’m a huge fan of Ray Dalio’s book, Principles. It lays out a clean, comprehensive philosophy on both life and work that centers around transparency, candor, and honesty. Ray has released a free assessment tool that puts a ‘type’ to your personality (a bit like DISC). It’s useful, and can highlight both strengths to lean into and areas to be cautious about. I found my assessment to be spot on (I’m a shaper, BTW).

7) Swans-a-swimming

Speaking of assessments, at Crux, we offer a free cognitive, personality, and motivators assessment to every professional we work with. It allows us to paint a much more well-rounded portrait of a candidate to a potential employer. And more importantly, it gives us insights to work with candidates to help them find jobs they will truly enjoy.

If you’d like to try it out, you can access the assessments here. You’ll receive an automated report that we’d be happy to review with you, and have a free career consultation.

8) Maids-a-milking

We ran across this fantastic collection of OSINT search resources. As you know, there’s a tremendous out there if you know where to look. This helps you know where to look. It's a must bookmark for anyone doing investigation and research.

9) Ladies dancing

If you are studying for your CISSP, this is an incredible ‘cheat sheet’ resource with 8 packed pages of frameworks and references. Incredibly helpful, and a good tool to just have by your side, even if you aren’t studying for the test.

10) Lords-a-leaping

Ayman Elsawah hosts a podcast where he interviews people that have transitioned into successful careers in cybersecurity. If you are making a pivot, or thinking about making one- check it out!

11) Pipers piping

Along similar lines, if you’ve ever found yourself wondering… ‘what does [insert a random job in cybersecurity] actually do,’ check out the cyber work podcast from the infosec institute. They cover various topics about the work of cybersecurity, including profiles of typical positions.

12) Drummers drumming

And finally, what would this list be without a comprehensive look back. Computing published a nice overview of the biggest stories and events in the world of cybersecurity in 2022. Check it out.

News

💼New report on CISO trends released. Not surprising, but key findings: 62% are hired from outside; less than half of CISOs have been in their jobs longer than 2 years. Just 13% of CISOs are women (Marlin Hawk)

💑WSJ published a good feature about what CISOs and CIOs at various companies are doing to work together more effectively (WSJ)

💰Equifax victims are finally getting paid, 5 years later. The Chinese are still holding the data behind closed doors (Equifax)

🦹Okta is facing yet another breach. Source code was stolen from a GitHub repository. The company maintains that customer data has not been touched (TechCrunch)

🔍GitHub made a great move and has enabled secret scanning on all repositories. This was previously a premium feature (Github)

🤖Concern is rising about the potential use of ChatGPT for nefarious purposes, including generating effective phishing emails and writing code (Techradar)

💥Russian hackers infiltrated Viasat, which provides internet services in Europe, including Ukraine. Satellite infrastructure can somewhat surprisingly often be behind from a cybersecurity perspective. CISA is arguing to designate this critical infrastructure. (Cyberscoop)

🗳️Mandiant published a very interesting retrospective of Russian, Chinese, and Iranian disinformation campaigns during the 2022 election (Mandiant)

Upcoming Events

🧑‍💻NightVision state of cyber 2023. January 3. Virtual. Great panel of speakers lined up for this high level, thematic overview of what's going on in our industry

💼FlowCon 2023. January 9-12. Santa Fe, NM. Carnegie Mellon conference focus on the flow of data for network defense.

💼National cybersecurity alliance- Convene. Jan 10-11. Clearwater, FL. Generalist industry event.

💼SANS east. Feb 13-18. Virtual. Training extravaganza.

If you have other events coming up that you'd like me to call attention to, please send them my way at [email protected]

Stat of the week

500K+

Estimated number of cybersecurity professionals in Mexico, according to ISC2.

Crux is building the talent platform for cybersecurity. Check us out.

Thinking about your next move? Join our network.

Want help with your hiring needs? Reply to this email to drop me a line