Hello friends,

How is it already almost spring break time? This year is absolutely flying by. Building a new business is a lot of work, but it’s also a heck of a lot of fun- and I feel like that makes the time move even faster.

This week we are starting a two part cycle that we will occasionally feature, peering into research on certain sectors of the security industry. As I’m currently focused on recruiting in the identity space, we’re going to start there.

But don’t worry, even if you aren’t an IAM professional, the insights here can, in many instances, be generalized within security. Or you can just skip down to the news 😊

Have a great weekend!

Cheers,

Brad

Market insights- IAM

As a benefit to our clients and the candidates that we work with, we are publishing proprietary research on a quarterly basis profiling various parts of the cybersecurity market, including compensation and employer needs. Over time we will start to trend these metrics out.

Here’s what we found for IAM:

1) Remote/ flexible work is here to stay

• More than 2/3 of jobs allow some ability to work from home

2) Very few jobs are entry level; 90%+ require at least 2 years of experience

• 2-5 years is the sweet spot as far as minimum experience is concerned

3) Median base comp is $134K, and increases ~$6K per year of experience

• There is a pretty significant range at all experience levels… high paying jobs are out there regardless of experience (obviously, employers will need to be excited about you as a candidate)

4) Interestingly, remote jobs pay less on average than jobs that require some level of on-site presence

• Could working remotely be considered a ‘perk’ that gets traded off? Or maybe this allows companies to find lower priced talent?

  

5) Azure AD and Ping are the most highly sought after areas of technology expertise

• This largely appears to mirror relative adoption/ share

6) Relatively few IAM jobs require a certification. But to the extent they are mentioned, general security industry certs are preferred

As we go forward and look at other job families, I would love to hear which questions you have that you’d like us to dig into!

Friendly reminder: We are about to embark on a research project looking at a large dataset of people’s experiences and careers in cybersecurity. We are curious to know which questions our readers find most interesting, and would appreciate it if you could take 30 seconds to answer a two question survey.

Another friendly reminder- As a thank you for being an awesome member of the Crux community, we want to share with you a new tool that we built. It allows you to tap into the power of ChatGPT, but do so in Microsoft Excel. And we are giving it to you for free! (All you need to do is have an API key from OpenAI and credit in your account).

Tool available here.

Explainer video available here.

Tools, resources, and useful things from the internet

🤖Fantastic article by Daniel Miessler on the implications of AI for software. He breaks down the capabilities of AI and the opportunities created to leapfrog existing technologies

🖥️A panel webinar highlighting experiences and advice from women in cybersecurity will happen on March 22. Details here.

💡Thoughtful piece by Noam Chomsky (at 94) discussing the inherent limitations of large language models on understanding the truth (NYT)

News

🎖️DOD has released its new cybersecurity people strategy as they have struggled (like so many companies) to find and retain the right people. It’s worth a quick read is it captures ideas for issues prevalent in our industry (Department of Defense)

🦹Crowdstrike released their 2023 threat report. It’s a good summary of key activity on the adversary’s side from the past year.

🤖Microsoft is integrating ChatGPT into more developer tools (Reuters)

⌨️WFH led to LastPass hack revealed in December.  An employee with highly privileged credentials failed to update Plex, and had a keylogger installed (Hacker News)

🔒The US Senate is taking up a bill that would set up a mechanism to review and ban foreign technologies, with Tik Tok clearly in its sights (Yahoo)

🪆This is a great retrospective on lessons learned from a year of cyberwar with Russia (Computer weekly)

⌨️It’s real. Researchers utilized ChatGPT to generate keylogger malware that went undetected by EDRs (Hyas)

Jobs to check out

This week we are featuring application security roles

💼Citi. VP, Senior Application Security Officer (Tampa, FL or Irving, TX)

💼Aflac. Application security analyst (Remote)

💼Cendant. Senior Application Security Analyst (Plano, TX)

💼Vanguard. Application Security Threat Specialist (Hybrid- Charlotte, NC; Malvern, PA; or Dallas, TX)

💼Quiagen. Application Security & SDLC Specialist (Germantown, MD)

💼Acima (Rent a Center). Application Security Engineer (Hybrid- Draper, UT)

💼Anthology. Principal IT Application Security Engineer (Remote)

💼Olympus. Application Security Lead (Center Valley, PA or Westborough, MA)

Events

💼Utility Cyber Security Forum. Chicago, IL. March 21-22

💼Secureworld Boston. March 22-23.

💼Gartner Identity & Access Management Summit. Grapevine, TX. March 20-22.

💼ISC West. Las Vegas, NV. March 28-31

💼CypherCon. Milwaukee, WI. March 30-31

💼B Sides Tampa. April 1

💼B Sides San Diego. April 8.

💼B Sides Salt Lake City. April 14- 15.

💼B Sides New York. April 22.

💼RSA. San Francisco, CA. April 24-27.

Stat of the week

4%

Percent of corporate employees that have put sensitive company information into ChatGPT, according to a recent study (Cyberhaven)

Crux is building the talent platform for cybersecurity. Check us out.

Thinking about your next move? Join our network.

Want help with your hiring needs? Reply to this email to drop me a line