Hello friends,

Here in Denver, the sun is shining, more birds are starting to come though, and the tulips are starting to bust out of their bulbs.

While spring is, admittedly, not my favorite season- I do love the signs of green shoots and the symbolism of the early signs of beautiful things to come.

With spring break upon us, and time for vacation, we are going to have a narrowed presence this week and next, with no reflection, but the latest on tools, news, and jobs.

I’ll be in the mountains with friends and family through the upcoming week getting the last great runs of the season in.

If you are travelling, enjoy your time, and be safe.

Cheers,

Brad

Tools, resources, and useful things from the internet

👩‍💻Ross Haleliuck wrote a great piece for his Venture in Security blog about the criticality of talent for a robust security program, and how you can’t ‘tool’ your way into defense in depth.

🧠Nick Kolenda writes about the psychology of marketing. His work is fascinating. If you ever want a window into the human mind, or care about informed marketing tactics, he’s a great resource.

💣A thoughtful exploration on the topic of burnout in cybersecurity (Security Week)

🤖A good blog by Daniel Miessler on generating effective AI prompts.

🦹Comparitech has a great resource covering data on ransomware attacks (location, amount, etc).

🗺️CISA and NSA have released a best practice framework for IAM. A great tool if you are responsible for IAM or learning the space.

News

🚪A nice update on the state of the cybersecurity jobs shortage. Headline 1: More companies are looking to upskill/ train instead of hiring ‘ready to go.’ And 2: the layoff trends are not having a large impact on security practitioners (ie. security teams in enterprise, not cybersecurity tech companies, which are seeing large layoffs) (Darkreading).

🎶Lawmakers in the house had their chance to beat up on TikTok’s CEO (WSJ).

🌩️A new CISA program is seeking to beat criminals to the punch by warning companies of very specific and relevant threats in advance of an attack (CNN).

🎭Google has launched their chatbot, Bard, on a rolling basis. If you are interested, you can sign up here.

💳You don’t often see enterprise security teams being willing to pay the necessary prices for ownership over a particular cybersecurity technology, but Mastercard purchased Baffin Bay networks, a company that uses AI to detect malicious traffic (Mastercard)

🪟A recently patched 0-day for outlook has a massive attack surface, and attacks are exploding (Dark Reading)

💼According to a report by Heidrick & Struggles boards are actually appointing fewer people with cybersecurity expertise than they were in 2021- despite the SEC’s disclosure requirements. Summary here (Heidrick & Struggles, SC Magazine)

Jobs to check out

This week we are featuring security leadership roles

💼Harvard University. Director of Security Operations and Cyber Defense (Cambridge, MA)

💼Dollar Tree. Sr. Director, Cybersecurity (Chesapeake, VA)

💼State of Alaska. CISO (Anchorage or Juneau)

💼Beazer Homes. CISO. (Atlanta, GA)

💼Scout Motors. Director, Information & Security/ CISO (Washington DC)

💼Korber Supply Chain US. VP, Cloud & Security (Remote)

💼County of Orange, CA. CISO (Santa Ana, CA)

Events

💼ISC West. Las Vegas, NV. March 28-31

💼B Sides Tampa. April 1

💼B Sides San Diego. April 8.

💼B Sides Salt Lake City. April 14- 15.

💼B Sides New York. April 22.

💼RSA. San Francisco, CA. April 24-27.

Stat of the week

10%

Percent of execs that foresee laying off cybersecurity staff - vs. 30% for human resources (Darkreading, Pluralsight)

Crux is building the talent platform for cybersecurity. Check us out.

Thinking about your next move? Join our network.

Want help with your hiring needs? Reply to this email to drop me a line