Paying it forward

Hi friends,

I hope that your 2023 is off to wonderful start.

This week we are discussing the role of mentoring and support in helping others start and build their careers in cybersecurity. The topic of ‘how to break in’ is oft-discussed and hotly debated in our space. I’m not attempting to tackle the whole subject here, but I did want to share some insights from people I’ve had the chance to speak to a this past week that are passionate about helping others grow their careers.

Just a reminder, that if you are thinking about your own next steps career-wise, or potentially looking for help finding the perfect person for your growing team, drop me a line. We are here to help. See what we are all about at crux.so.

-Brad

Paying it forward

At some point, if you are in cybersecurity, you got started. It may have been very planned and intentional; but maybe it wasn’t. It could have been in your room, as a teen, assembling a new computer or breaking things on the internet. Or maybe it was jumping over from an IT department job. Perhaps it was through a bootcamp or college curriculum.

But, regardless of how it happened, my bet is that you had someone or some people that were uniquely helpful at that point in the journey. A particular boss, friend, or mentor that showed you the ropes and got you going.?People that invested their time and wisdom into you along the way.

It isn’t easy to break into cybersecurity. Only about 2% of jobs do not require previous cybersecurity work experience. As the talent shortage continues to bite, we believe that number will nudge upward, but the fact remains that the vast majority of roles in our field do lean heavily on a combination of knowledge and relevant experience. And most employers aren’t looking to invest the time to train from scratch, particularly with the fear that they will walk out the door after it’s all done.

That being said, many people that have been around this industry are more than willing to lend a hand. They can’t do everything, but they are often eager to help people that are newer to security- particularly if those people show a high degree of intrinsic motivation, positive attitude and energy, and a demonstrated willingness to learn.

I spoke with Will Broom, who has built a following of over 30,000 people on Linkedin, mostly by providing incredibly helpful lists of security resources.?

Why has he put the time into this? Because, he told me, when he was getting started, he reached out to a number of experienced cybersecurity professionals who were incredibly generous to him with their time and advice.

This is Will’s way of giving back.

Will had some great advice for people looking to build their careers from relatively early stages.?He recommended:

• Thinking through what type of work will really fit you, and pursuing that with abandon, not just trying to find the highest paying job
• Gathering insights directly from people who do that type of work. He had success reaching out to people on Linkedin, who then were happy to provide additional referrals- as well as speaking directly with hiring managers and recruiters
• Emphasizing networking, volunteering, engaging with the community. Who you know matters at least as much as what you know

I also spoke with Cody Burrows, who is a VP of security at JP Morgan Chase’s travel business, and has been a CISO at several companies before. Cody is very active in the cybersecurity community here in Colorado (where I live), for example having served on the board of the local Cloud Security Alliance and mentoring countless people in the early stages of their careers.

Cody’s advice- meet your mentors halfway. Security is all about taking a different mindset toward systems and technologies... being able to think through them from an adversarial perspective, and then subsequently from a defensive posture. If you can show that you understand the underlying systems / technologies (networks, applications, cloud, etc)- then it’s much easier to learn security. Be curious, put in the time to get the foundational levels of understanding and experience, and experienced people will be more than happy to help, and pay it forward, just as others have helped them.

If you are looking for mentorship, or looking for somewhere you can contribute, here are some resources:

• Engage with your local OWSAP and Cloud security alliance chapters?
• Join the cyber mentor discord server?
• Join the Cybrary user community (must be a subscriber)
• Join the Cybermentor dojo discord server
• Join local area slack/ discord channels & meetups
• Speak with / hire students at local bootcamp programs (shoutout to my friends at?Flatiron school)

Additionally, here are a few programs with mentorship opportunities targeted toward particular audiences:

• Veterati- a mentorship connection program for veterans
• Women in cybersecurity mentorship program?
• National cybersecurity alliance mentorship program with HBCUs?

If you have cybersecurity mentorship programs that you support, but that I didn't list here, let me know and I'll make sure to feature them in future posts

Tools, resources, and useful things from the internet

??Cybersecurity career and job hunting guide.The English isn’t perfect, but the content is spot on (Stefan Waldvogel)

??Excellent longform piece on the evolution of security tools and technologies over the next 3-5 years- reviewing the role of hyperscalers, platforms, and leading point providers (Venture in Security, Ross Haleliuk)

??Coolest stuff at CES 2023 (WSJ)

??Blackhat 2022 conference recordings

News

??API vulnerabilities found impacting 16 million vehicles. We are likely just getting started. (Hacker News)

??Janco reports that overall IT hiring remains strong, and most managers predict staff increases in 2023 (Janco).

??China bans deepfakes.First legislation of its kind in the world (The Register)

??Biden administration is preparing to release national cybersecurity strategy, calling for more regulation for private companies that support critical infrastructure (Washington Post, registration required)

??The Biden administration may move to ban noncompetes?(New York Times)

???The ‘fakes’ are coming.?Microsoft developed an AI tool that can convincingly replicate a person’s voice based off only a 3 second sample. (Microsoft)

??The US Supreme court ruled in Meta’s favor, allowing them to sue the NSO group for exploitation of a WhatsApp zero day (Reuters)

Jobs to check out

This week we are featuring penetration testing roles

??Verizon. Senior Penetration Tester - Application Security (Rolling Meadows, IL. Hybrid)

??AGCO Corporation. Penetration tester (Duluth, GA)

??NTT Data. Senior Penetration tester (Rockville, MD)

??MUFG. Penetration Tester, Assistant Vice President (Remote)

??Travel + Leisure Co. Penetration tester (Remote)

??Geico. Mobile and Web Application Penetration Tester (Remote)

??BAE Systems. Cyber Penetration Tester, IT security controls (Falls Church, VA)

??Cargill. Penetration tester (Remote)

??CliftonLarsonAllen. Senior Cybersecurity - Penetration Tester (West Hartford, CT)

Events

??Cactuscon. Jan 27-28.Mesa, AZ

??Cyber risk alliance?cybersecurity summit. January 27. Tampa

??SANS?Cyber threat intelligence solutions summit. Jan. 31. Virtual

??SANS east. Feb 13-18. Virtual. Training extravaganza.

??RSA 2023. April 24-27.San Francisco, CA

Stat of the week

5%?

Percentage of passwords at department of interior that contain the word ‘Password.’ Most companies are probably higher. (Department of Interior inspector general)

Crux is building the talent platform for cybersecurity.??Check us out.

Thinking about your next move???Join our network.

Want help with your hiring needs??Ping me on linkedin