Hello friends,

Lots going on this week! Both in the universe of work and security, as well as for me. It’s been a travel week, so we are going to head straight into updates. Reflection will be back next week (we may get into an alternating pattern, based on feedback!)

If you are a fellow Coloradan, please make sure to register and attend the Rocky Mountain Infosec Conference, which goes from Wednesday June 7- Friday June 9. I’ll be part of a panel Wednesday afternoon looking at trends in security jobs from the perspective of a recent entrant, CISO, bootcamp counselor, and recruiter (me). Should be fun.

Cheers,

Brad

Tools, resources, and useful things from the internet

🕷️OpenAI is gradually releasing web browsing capability into GPT 4 (Available to ChatGPT+ subscribers). See what you can do with it here. (AI advantage)

🎥AI is coming for the movies. And right now it looks a lot like Wes Anderson send ups of classic films (Star Wars, Lord of the Rings) (Curious Refuge)

⚒️Good analysis from several experts on how AI will change the nature of work (WSJ)

📱OpenAI has released the ChatGPT app- if you have an iPhone (Apple)

🧑‍🏫Free 13 hour CISSP exam prep course (Freecodecamp.org)

News

🚗Toyota disclosed the failure to put any security controls on a database of vehicle locations for 2 million customers that was publicly exposed to the internet. For a decade. Yes, you read that right, 10 years. The cloud configuration was set to public, and there were no passwords for the database. If the future of autos is as much in software and subscriptions as hardware, this type of sloppiness doesn’t bode well for the Japanese stalwart (Reuters)

⚠️Last year CISA launched a pilot program that aimed to provide a ‘heads up’ to companies at a high risk of ransomware attack, and it is yielding some early successes (FCW)

🏛️Seems these days that there are only 2 things congress can agree on- China, and a need to regulate AI. It was a big week for these discussions, with Sam Altman from OpenAI testifying (NY Times)

🎶The day the dancing died. TikTok is banned in Montana. How they will enforce it is an open question (WSJ)

🤝The quietness of IPO and M&A markets has led to a large backlog of security companies ready and looking for an exit. Capstone partners released a report looking at expected upcoming activity (Capstone Partners)

💰Even laid off tech employees aren’t really keen to work at non-tech companies, reports WSJ. The main issues: pay and pace.

🪖While not a member of NATO, Ukraine has joined NATO’s cyber warfare center. US and allies have been working closely with Ukraine since the start of the war (and before) to establish robust cyber defenses (The Record)

Jobs to check out

This week we are featuring product security roles.

💼Waymo. Senior Product Security Engineer (Mountain View, CA) $187-233K.

💼Boeing. Senior Cybersecurity Engineer, Product Security (Colorado Springs, Seal Beach, Huntington Beach) $164-238K.

💼Oracle. Senior Principal Security Researcher. (Columbia MD, Denver) $128-285K.

💼Climate. Senior Staff Product Security Engineer (San Francisco) $155-249K.

💼FICO. Senior Director - Product Security- DevSecOps/Security Engineering (Remote) $161-253K.

💼Adobe. Vice President of Product and Software Security (San Francisco, Seattle, New York, San Jose) $185-400K.

💼Geico. Principal Engineer- Product Security (Remote) $100-205K.

Events

💼Secureworld Atlanta. May 24.

💼BSides Buffalo. June 3.

💼Gartner Risk Management Summit. June 5-7.

💼ExploitCon Portland. June 7.

💼Rocky Mountain Infosec Conference (RMISC). Denver. June 7-9.

💼Secureworld Chicago. June 8.

💼BSides SATX. San Antonio. June 10.

💼BSides Boulder. June 23.

Stat of the week

125,000

Number of social security numbers leaked in the Sysco breach (current and former employees)

Crux is building the talent platform for cybersecurity. Check us out.

Thinking about your next move? Join our network.

Want help with your hiring needs? Reply to this email to drop me a line