Hello friends,

We have something special for you this week! As a thank you for being an awesome member of the Crux community, we want to share with you a new tool that we built. It allows you to tap into the power of ChatGPT, but do so in Microsoft Excel. And we are giving it to you for free! (All you need to do is have an API key from OpenAI and credit in your account).

Tool available here.

Explainer video available here.

Our use case for this has been analyzing job descriptions- it helps speed our analysis of compensation and trends- but the file is flexible enough you can imagine using it for almost anything where you’d want to pull out information or classify a particular unit of data. Think of things like:

• Cleaning up addresses for your holiday card list

• Categorizing data against a certain framework (like species into genus) 

• Summarizing a dataset (creating a Haiku out of a short story)

You can also just use it as a simple tool to access GPT3 functionality without the hassle of the ChatGPT web interface being overloaded and freezing you out.

I’d love to hear what your use cases are!

As far as our topic for the week, we are featuring part 3 of our series on building a fulfilling cybersecurity career. This one focuses on the importance of doing your due diligence before you accept a new role- so you don’t burn time ending up somewhere that isn’t a good fit for you. This is a topic we’ve written previously about, but it’s important enough that I wanted to surface it again. Enjoy!

Cheers,

Brad

You are the interviewer

As we’ve laid out the past few weeks, we have 3 overall pieces of advice for navigating to a career which you find fulfilling.

1. Know yourself

2. Cultivate opportunities

3. Do your diligence

I have always viewed the job search/ interview process as an unfolding 2 way process of discovery. And it always amazes me how one sided it feels- even in an industry that is as competitive to find talent as our own. How much work the employer puts into understanding the candidate is usually multiple times greater than how much work the candidate puts into understanding the company. It shouldn’t be that way. And it would be better for companies if their prospective employees did more diligence.

Think of it this way. Companies hire lots of people. They come and go. Of course, most companies don’t want to have high employee turnover, but as much as we each wouldn't like to think so, with a bit of effort, we can be replaced. For companies the hiring decisions are important, but a miss here or there can be recoverable (executives can be an exception to this).

But you, as a candidate, are making a bigger decision. Your time can’t be traded back. The best thing you get out a decision to join a company that you shouldn’t have is a learning experience. I’ll try to give you some tools to help accelerate that learning and reduce the odds that you go somewhere that isn’t a good fit for you.

Remember, you have every right to do as much diligence on the company as they do you on you.

Don’t be bashful. Shine a light early.

Questions you should consider asking:

What type of turnover does the team see?

• You are looking for a real understanding of turnover rates and reasons. Dig into the reasons.

How is security's relationship with the rest of the business?

• You are a looking for an environment that is collaborative, not one where security is siloed or capitated

What are the top areas of focus for the year?‍

• You are looking to understand program maturity and get a view on the type of change the program is undertaking

How have others in this role influenced direction of the program and outcomes in the past?

• You are looking to get a sense of whether you will be able to have influence and what degree of independence you should expect

What career path would you foresee?

• Moreso than the exact answer to this question, you are looking to see if the hiring manager has thought about this and whether there are pre-existing paths in place

If you could change one thing about the culture, what would it be?

• No place is perfect. You are asking this question to gauge for honesty and transparency.

Actions you should consider taking:

Beyond these questions, it would be wise to do your diligence on your hiring manager and the team you are interviewing. Your potential employer is probably going to ask for references on you. You should think about doing the same. My advice:

• It's a no brainer, but read up on glassdoor. Try to find posts relevant to the security team. Make sure you look for patterns and not one offs. Beware scorching reviews clustered around layoffs (but you need to understand why those layoffs happened and what the future company growth looks like).

• Get on Linkedin and find people that have recently left and would have worked for your manager or department. Get the inside scoop on what it’s like. Most people are more than willing to have a conversation. This can be an invaluable step.

• Do your diligence on the product or service. See if you can find a customer and gauge their experience. Look at growth of employees on Linkedin to gauge market traction. Going into a company that is struggling on the product front can lead to lack of opportunity and challenging culture.

Overall, remember: Time is our most precious asset. Putting a little bit extra in up front to make sure you are making a great decision is always a wise investment.

Friendly reminder: We are about to embark on a research project looking at a large dataset of people’s experiences and careers in cybersecurity. We are curious to know which questions our readers find most interesting, and would appreciate it if you could take 30 seconds to answer a two question survey.

Tools, resources, and useful things from the internet

🔒The White House has released a new, five pillar cybersecurity strategy. One of the more newsworthy policy recommendations is to start putting security liability onto software vendors. You can read the full strategy here.

🥓Tired of security vendor spam? Check out this podcast from Chris Roberts and Dani Woolf unpacking the problem- and offering advice on how to solve

🤖I signed up for the new Bing powered by ChatGPT. Initial reaction: pretty impressive. You can hop on the waitlist here

💡In the theme of harnessing ChatGPT, here are 50 additional tools you can utilize that embed ChatGPT (and other AI models) for certain applications (Lunas)

📊Cyber Rescue Alliance has posted a TOME of charts and references on all areas of cyber. They are in a consistent format, but clickable with more detail. Great resources if you are prepping any presentations!

News

🤑AI enabled voice re-creation technology is advancing quickly. In this podcast, Joseph Cox shares how he was able to bypass voice recognition technology to access a bank account (Cyber)

💼A large scale study of the 4 day workweek has been happening in the UK. Initial results are in and employers are excited about it (WSJ)

🦹Good news: Ransomware attacks are down significantly (WSJ)

🚀Wiz keeps rolling. Company just raised $300M at a $10B valuation, only 3 years after launch (Wiz)

🪟Microsoft continues to make big moves in security- is rolling out BEC preventing AI updates in Defender, as well as attack disruption. They have a big security event coming up (Microsoft)

Jobs to check out

This week we are featuring senior level IAM Engineering roles

💼Webster Bank. IAM Cybersecurity Engineer (Remote)

💼Wayfair. Senior Engineer, Identity & Access Management (Austin, TX)

💼University of Miami Health System. Director, Information Security Identity and Access Management (Coral Gables, FL)

💼Hagerty. IAM Engineer (Remote)

💼Kaplan. Identity and Access Security Engineer III (Remote)

💼Pearson. Senior IAM Engineer (Durham, NC)

💼Regions Bank. IAM Engineer (Alabama)

💼Schonfeld. IAM Architect (New York, NY)

Events

💼Exploitcon. Spokane, WA. March 9

💼International Conference on Warfare and Cybersecurity. Baltimore, MD. March 9-10

💼Utility Cyber Security Forum. Chicago, IL. March 21-22

💼Secureworld Boston. March 22-23.

💼Gartner Identity & Access Management Summit. Grapevine, TX. March 20-22.

💼ISC West. Las Vegas, NV. March 28-31

💼B Sides Tampa. April 1

💼B Sides San Diego. April 8.

💼B Sides Salt Lake City. April 14- 15.

💼B Sides New York. April 22.

💼RSA. San Francisco, CA. April 24-27.

Stat of the week

90%

The price reduction for utilizing the newly released underlying GPT3 model, announced this week.  Which makes queries of ~750 words cost only 1/10 of a penny. (Open AI)

Crux is building the talent platform for cybersecurity. Check us out.

Thinking about your next move? Join our network.

Want help with your hiring needs? Reply to this email to drop me a line