Hello friends,

I hope you have been having a good week. If no plans for the weekend, know that we have Fat Tuesday coming up. Maybe give a king cake recipe a try? Laissez les bons temps rouler!

This week we are featuring part 2 of our series on building a fulfilling cybersecurity career. Two weeks ago, we reviewed an overall framework for happiness and explored how important it is to understand yourself in this equation, and next week we’ll share advice on how to do your due diligence on an opportunity before you accept it.

As a friendly reminder, our market compensation survey is live. If you work as a cybersecurity practitioner, please fill it out (it’s anonymous!). At the end, you will be provided access to a link to register to receive ongoing compensation insights relative to your chosen cybersecurity line of work.

Cheers,

Brad

Cultivating opportunities

The career ladder is a thing of the past. The days of staying put at a given company and building tenure within that organization is generally an antiquated concept. It doesn’t mean that it doesn’t happen; it’s just rare. And it’s particularly rare within cybersecurity, where an individual’s market value typically increases much faster than a company’s willingness and ability to accommodate advancement.

I think the model today is more akin to a stream with rocks. There are many different potential paths. There is no defined objective. Every hop will yield something different and new. You can look at your choices and make your decisions, one at a time.

There is a reason that the number of jobs that a person will hold in their lifetime is increasing.

A suggestion- view your career progression as explicitly building a set of options, testing the benefits of moving parallel with the benefits of moving up.

• Moving parallel (new projects, new clients, lateral moves within a company etc) allow you to build exposure and breadth. These moves can help you discover the type of work you really like doing and are very good at. The variety can keep you sustained if you are a person that gets bored easily if not constantly challenged

• Moving up allows you to get more responsibility, including managing other people (if that’s something you want to do). It exposes you to other parts of an organization and requires you to elevate your skillset, particularly from a communication standpoint.

Try to keep these two in balance- move laterally enough to feel very good about what you do, but not so much that you don’t build expertise.

The other element to think about is building a set of choices. Choice is a good thing. In abundance it can be crippling, but in general, having the ability to make choices allows us to pick paths that are a ‘truer fit’ for our own selves.

I am amazed at how often I see people setting themselves up for binary career choices. Meaning, the question becomes: is my status quo better or worse than the alternative right in front of me? Frequently this looks like looking at an opportunity from a recruiter and saying, well this looks better than where I’m at, so yeah I’ll go with it.

My advice- be more proactive. If you are ready to move on to your next opportunity, try to set up your search so that you have a funnel of opportunities, with at least a few moving in to land at the same time. Not only does this allow you to make a decision with more information and opportunity than A vs B, it gives you a chance to negotiate compensation with a stronger hand- and you will rarely have more compensation leverage than you do before you join, with another offer in hand.

Here are a few simple things you can do to build your options:

1. Expand your network

   1. Be active at industry conferences

   2. Contribute in slack/ discord channels with the security community in your local market

   3. Go to local cybersecurity meetups

   4. Build your Linkedin presence

2. Do some contract/ consulting work

   1. Use it to test working with various types of clients: different sizes, industries, cultures. What do you like?

   2. Test working on projects adjacent to your comfort zone. Do you enjoy the work?

3. Nail your narrative. You will get much more traction (and inbound) when you have a story that fits into a strong framework

   1. What are you exceptional at?

   2. Where do you want to go?

   3. What are compelling proof points?

4. Run your search process as much like a ‘funnel’ as you can

   1. Batch your applications and outreach to hiring managers and recruiters

   2. Try to get interviews and processes to roughly line up

   3. Manage the timing to the best of your ability to get multiple offers in around the same time

Quick poll

We are about to embark on a research project looking at a large dataset of people’s experiences and careers in cybersecurity. We are curious to know which questions our readers find most interesting, and would appreciate it if you could take 30 seconds to answer the two question survey.

Tools, resources, and useful things from the internet

😈We are starting to see some very disturbing results coming back from chats with the new Bing, which is creating significant concerns for potential unintended consequences of this technology. (NYT)

📃Interesting company using AI to provide resume and networking advice/ automation

🪖The Aspen Institute has released a comprehensive report on cybersecurity lessons from the defense of Ukraine (Aspen Institute)

💼Completely intuitive but now backed by research: people that are a great fit for their job are more engaged, and more engaged people are more productive (Korn Ferry)

News

💰A new proposal is out to use tax policy to encourage better cybersecurity hygiene (SSRN)

🕸️We knew it already but here’s the latest on state-backed ransomware campaigns out of North Korea (Hacker news)

☠️Russian hackers are disrupting Turkish and Syrian aid efforts (Telegraph)

🧑‍💻Companies are continuing to invest in tech talent, despite the layoffs at tech companies

🚗Rundown of potential vulnerabilities in EVs (WSJ)

🏭Dragos is releasing reports about a very close call with Russia linked malware targeting multiple types of ICS systems, which almost took several electric and gas facilities offline last year (Politico)

🔧ASML becoming an increasingly valuable target as the Netherlands signs on to not export advanced chipmaking equipment to China (Bloomberg)

Jobs to check out

This week we are featuring security leadership roles

💼Sysco. Deputy CISO. (Houston)

💼Everest Reinsurance Company. CISO (Warren, NJ. Hybrid)

💼Welldoc. Chief Information Security and Data Protection Officer (Contract role, remote)

💼Regions Bank. Deputy CISO (Multiple locations)

💼Uber. Chief of Staff, CISO (New York, Seattle, San Francisco, Sunnyvale)

💼New York MTA. Deputy CISO, OT (New York)

💼Choice Bank. SVP, CISO (Remote)

💼JFK, Terminal One. CISO (New York)

Events

💼B Sides Tampa. April 1

💼B Sides San Diego. April 8.

💼B Sides Salt Lake City. April 14- 15.

💼B Sides New York. April 22.

💼RSA 2023. April 24-27. San Francisco, CA.

Stat of the week

400+

Number of security vendors you can expect to get swag from at RSA this year.

Crux is building the talent platform for cybersecurity. Check us out.

Thinking about your next move? Join our network.

Want help with your hiring needs? Reply to this email to drop me a line