Hello friends,

In this week’s newsletter we are starting a three week series tackling a topic that is near and dear to all of us- finding happiness and fulfillment in your chosen line of work.

We all only get one life to live; and the time goes by fast. We hope not to spend that time feeling stuck or unhappy in our days. We’ll offer advice and resources specific to your work in cybersecurity to increase your probability of avoiding that.

As a friendly reminder, our market compensation survey is live. If you work as a cybersecurity practitioner, please fill it out (it’s anonymous!). At the end, you will be provided access to a link to register to receive ongoing compensation insights relative to your chosen cybersecurity line of work.

Cheers,

Brad

Discovering you

We all want to lead happy, fulfilling, productive lives. Unfortunately, what many people end up chasing in life is not really what actually drives happiness and fulfillment.

For the next three weeks we are taking a look at the intersection of careers (particularly in security) and personal happiness. 

Sonja Lyubomirsky wrote a fantastic book called The How of Happiness, and in it she unpacks the research on what actually makes people happy (hint: it’s not what most people think). I cannot recommend this book enough. It can be life changing. There’s way more insight in than I have the space to summarize here, but I want to make an important caveat before we dive in on the career side. And that caveat is that other things are in fact, more important to happiness than your job. The research is very clear about the components that impact happiness:

• 50% of your happiness is your ‘set point’- who you are genetically, how you tend to process the world

• 40% is related to intentional activity and other things you can control- fitness, relationships, gratitude, acts of kindness, living in the present, etc.

• Only 10% are your circumstances- wealth, home, work

We tend to, as a society, overemphasize the last piece. If we can only get that promotion, or new house, or boat, etc- then we will be happy. But we find that happiness fleeting and then go back to pretty much how we felt before we got the thing.

The 40% around intentional activity is the focus of the book. It’s beyond the scope of this newsletter, but I highly recommend you check it out- there’s a ton of practical advice on practices you can develop to meaningfully improve your happiness.

Despite the 10% on circumstances, we know that what we do for our work does matter. If you’ve been in the working world for a while, you have likely found yourself having taken a job that you later come to regret; or at least found yourself not exactly happy on a day to day basis, and thinking that this wasn’t exactly what you signed up for.

Each of those moves should be a learning experience- and while those can be incredibly valuable, there’s merit in doing what you can upfront to position yourself into roles that have the best probability of providing you financial security and happiness.

After all, a bad hire from a company’s perspective means some lost time and the need to do a new search. A bad job choice from your perspective is months or years of time that you can’t get back.

I’ve seen many people in our industry get caught up by a relatively passive approach to managing their careers. As you get more experience in cybersecurity, there’s no doubt, your talents are more in demand and you don’t have to work particularly hard to generate opportunities for yourself.

However, this passive approach can be a trap. If you’ve found yourself ping ponging around to various jobs, mostly looking at comp increases as a guiding light, you are probably finding that you have a high hit rate of going into lousy situations. And it’s probably impacting your happiness level and your life.

It pays to be proactive; at least if you value things like culture; the quality of your boss; career advancement and ability to learn. You will always be better off if you actively try to generate options than if you let everything come to you.

My advice boils down to three topics. Over the next 3 weeks, we are going to focus on each in our first cycle of newsletter topics:

1. Know yourself (focus for today)

2. Cultivate opportunities (next week)

3. Do your diligence (two weeks from now)

Know yourself

You would be surprised how many people reach full adulthood and have professional careers but struggle to know and understand themselves. And thus pursue a flawed idea of what will make them happy in life.

We spend a little less than half of our waking lives working. And if you are in the wrong place, it can absolutely create unhappiness. And if you are in the right place, it can create the right conditions to live your life in such a way that you really do find fulfillment, joy, and an ability to be your authentic self.

So it begs the question: do you know the real you?

Critical to this is a willingness to:

• Try, experiment, and discover (and then to learn). Try new things (jobs or projects)

• Learn from others: seeking perspective (without outsourcing decisions and preferences that should be your own)

• Be reflective and introspective

• Be open

Here are key questions to ask yourself as you consider career decisions in cybersecurity. You really get to the answers by some combination of ‘thinking’ and ‘doing.’ Some of these are similar in nature, but reveal different ways of getting to the conclusion:

1) What makes you happy every day in your work?

• Think about jobs or projects where you feel excited when you wake up and you come home happy. What are the common denominators?

  • For me, I’ve been able to distill this down to three things: 1) Do I genuinely trust and feel connected to the people I’m working with? 2) Am I learning? 3) Am I making a significant impact?

2) Conversely, what makes you unhappy? What’s important to avoid?

• Beyond just the inverse of the above, what are the things that really drive you nuts in a working environment, where you tip from not just being unsatisfied, but being actively unhappy?

  • For me, for example, this frequently boils down to political or self-serving behavior from colleagues, cultures of talking without action, and cultures of prevailing ‘victim’ mentalities

3) What motivates you?

• Money

• External approval and recognition

• Power

• Doing good

• Doing hard or novel things

• Building and creating

• Being challenged

4) What type of work do genuinely enjoy and find fulfillment in?

• Creative work… generating new things that have never been created before

• Managing people, mentoring, coaching, helping others grow

• Leading- bringing others along to go in a particular direction

• Seeing patterns on a large scale basis and creating change

• Solving puzzles and challenges at a granular level; applying logic

• Executing within structured frameworks

• Speaking and presenting and sharing ideas

• Writing and structuring your thoughts in written form

• High amounts of daily variety or common routines

• Working in teams or more alone

• Routine/ flow work vs project work

5) What are you particularly good at?

In our industry, these may be things like:

• Reverse engineering

• Understanding patterns of human behavior

• Coding

• Data analysis

• Communicating complex ideas in a simple manner

• Building teams and helping others develop their skills

• Optimizing tools and technologies

• Understanding systems and interrelationships

• Applying detailed process and policies and making sure things are being followed 

Now, translate these to types of work, and domains/ areas of expertise:

• Types of work: 1) Protect & defend, 2) Provision, operate & maintain, 3) Investigate, 4) Analyze, 5) Operate & collect 

• Domains: Cloud security, GRC, Incident response, Penetration testing, Identity & access management, Security operations, Threat intelligence, etc.

6) What are you not good at? And of these things, which can be improved vs. are more innate?

It’s just as critical to have a clear and level-headed perspective on the things you are not particularly good at, as it is to understand what you are good at. But even within that, you should understand which of your weaknesses are relatively straightforward to improve vs. the things that are just part of who you are.

 If you are a quick learner, or have a ‘knack’ for certain things, don’t worry about the things you don’t know. Just get out there and learn by studying and doing.

Be mindful that things like communication skills, structured thinking, curiosity, attention to detail, etc are things that are more innate.

7) What are your objectives? Why are those your objectives?

• Do you have overall career goals that you want to obtain?

  • Think about why you want to obtain those goals… do those objectives come from norms or pressures from other people or are they truly your own? You will be happier if your goals are truly yours… and you deeply understand why those are you goals.

• It’s OK not to know! Then your job is to generate options, try things and learn.

Well, that probably gives you plenty to think about. In time we will be building career and job profiles that align against common skills and knowledge, and navigation tools to help you think through various security career paths and options.

In the meantime, here are a few good resources to check out that can help in your discernment process.

• Take our Free assessment from Wonderlic. It’s the gold standard for cognitive, personality, and motivator assessments and we offer it for free with all candidates that work with Crux. You’ll receive free insights back on how you work and where your strengths are.

• Principles YOU assessment from Ray Dalio. Great broad perspective, similar to DISC.

• Breakdown of NIST/ NICE jobs

• NCL Skill categories

Tools, resources, and useful things from the internet

🔥Great perspective from Fred Wilson (US Ventures) on how the downturn is healthy for the tech ecosystem. I fully agree.

⚒️Tool for predicting whether content is AI generated- you can enter content directly or link to a page

⚒️Collection of offensive security tools

⬅️Jen Easterly is asking industry to build security in natively. The ‘leftward push’ continues. (Foreign Affairs)

News

💥FBI pops the HIVE ransomware network. A pretty cool hack back example (The Verge)

📷️Fascinating report on China’s exporting of facial recognition technology, including to the US (Wired)

🤝US is expanding collaboration with middle eastern countries on cybersecurity topics (Washington Post)

↘️We may be in the upside-down. The Eurozone grew faster than the US and China last year (WSJ)

🕸️A large power outage in Pakistan may have been due to a cyberattack (Business Standard)

🕵️Mr. NSO group goes to Washington (Axios)

🌍️Japan and the Netherlands have agreed to limit exports of chipmaking equipment to China (WSJ)

🤝Roundup of cybersecurity deals in January (Infosecurity Magazine)

Jobs to check out

This week we are featuring cybersecurity roles in Dallas/ Forth Worth, TX

💼Costco. Cybersecurity Threat Analyst (On Site)

💼GM Financial. Cybersecurity Application Security Vulnerability Engineer (Hybrid)

💼Cardinal Health. Application Security Engineer (On Site)

💼TBK Bank. Threat and Vulnerability Analyst (On Site)

💼Triumph Financial. Information Security Engineer - Network Security (Hybrid)

💼Nokia. Cybersecurity Architect (Hybrid)

💼EVO Payments. Lead Engineer, IT Security (On Site)

💼American Heart Association. Cybersecurity Engineer (On Site)

💼Sodexo. Cloud Security Architect (Hybrid)

💼H-E-B. Threat Intelligence Security Analyst (On Site)

Events

🧑‍💻Darkreading emerging technology demo day. March 23. Virtual

🧑‍💻SANS east. Feb 13-18. Virtual.

💼B Sides Tampa. April 1

💼B Sides San Diego. April 8.

💼B Sides Salt Lake City. April 14- 15.

💼B Sides New York. April 22.

💼RSA 2023. April 24-27. San Francisco, CA.

Stat of the week

48%

Percent of security leaders that feel that they shortchange proper risk assessments due to lack of staff (Source: ISC² )

Crux is building the talent platform for cybersecurity. Check us out.

Thinking about your next move? Join our network.

Want help with your hiring needs? Reply to this email to drop me a line