I asked DALL-E to make an image of an industry analyst trying to come up with a new cybersecurity category or acronym that makes sense.
For every 10 likes, I'll make him look more frustrated and unhinged.
I have watched the career journeys of many cybersecurity professionals and learned that people have a hard time advancing their careers because of one or more of these reasons:
It’s the time of year again for the world famous InfoSec Black Friday GitHub repo from
@securitymeta_
!
This has been a huge hit running over 5 year, and has just about everything a cybersecurity person would want.
(Plus a few things from me as well 😎)
@IanColdwater
It’s hard times out there for a lot of people, for sure!
I started a newsletter called 🔐Secure the Job a few weeks ago to help out a bit and highlight some of the places still hiring for cyber talent
Many people in cybersecurity are convinced that technology is the tough part.
Turns out it's not. Everyone soon learns it's communicating that's the hardest part of the job.
Good news everyone! It's almost job changing szn 😎
Do your future self a favor and check out The Job Indecision Calculator on
@Gumroad
New site design is live and it's also $5 off for Black Friday / Cyber Monday until the end of November
#career
Startup Founder: How can I describe our product in a way that stands out to customers? The cybersecurity market is already saturated.
Industry Analyst: I got you dog, say no more
#ztcnxadador
@JustinSaaS
I just recently broke $1k lifetime sales on
@gumroad
doing this exact thing.
Polished up a few spreadsheets I had been using for years into products and some folks bought them 🤝
Fellas: if she
- Is constantly changing what’s she’s called
- Is saying new terms that don’t make sense
- Has analysts constantly talking her up
- Makes your buying experience a living hell
That’s not your girl, that’s another cybersecurity product category from Gartner
☎️ London was calling, and we decided to answer.
I'm excited to announce that we've swapped a Queen City for a King's city and moved the family from Charlotte, NC to London, UK!
My wife and I always wanted the chance to live abroad and hoped that one of our jobs would take us
🎉 Security, Funded has finally crossed 1,000 subscribers!
This has been a long term milestone for me and here are a few tips I learned along the way about growing a newsletter and running a content business.
🔐 Secure the Job is taking a break.
It has been a lot of fun to branch out into a new newsletter topic with Secure the Job, and I hope it has been useful in your job-seeking and career-enhancing journey.
But I’ve realized that I am in a season of life where I need to avoid
A few ways you can "stay technical" in cybersecurity outside of your day job:
- Make something and ship it
- Do
@acloudguru
or
@RealTryHackMe
- Do
@CloudChallenges
- Submit a conference talk
-Write a newsletter
- Start a blog
- Start a YouTube
Doing keeps you improving
4. Not seeking peer support and learning outside of work - there are so many good communities, training, Discord or Slack groups, and meetups these days.
It’s been a while since I posted this, but here’s an open-source listing of cybersecurity technologies (both paid and open sourced) mapped to the NIST Cybersecurity Framework (CSF).
Is your child texting about bank failures? Here’s a guide to find out:
OG: Original Gains
LMAO: Losing Money & Assets Overnight
LOL: Liquidity Out of Luck
ROFL: Return On Fiasco Leveraging
BRB: Bankruptcy Recovery Blues
WTF: Where’s The Finance?
STFU: Silicon Termination Fiasco
Last year at RSA, the common question I got when I told people about my writing was:
“Why are you doing that?”
The questions were different this year:
“Can we write something?”
“When are you starting a podcast?”
“When are you opening a fund?”
A year can make a big difference!
Not a bad looking rewind from
@beehiiv
for
@ReturnOnSec
in 2023!
I wrote over 18,000 words this year, which is way more than I expected! 🤯 Here's how my literary odyssey stacks up to some other popular reports and figures from the cybersecurity industry:
📊 18,000 is about
❓I had an interesting question from one of the Security, Funded subscribers about my thoughts on the news of the NCC Group earnings update and their recent stock hit.
Here's a quick thread on my thoughts 🧵
OK, it looks like 🔐Secure the Job on
@beehiiv
struck a chord as subscribers have really taken off in the past week and pushed past 300! 🎉
Thanks again to everyone who has been sharing the word, submitting jobs, and tuning in!
It was great to be on the
@SecWeekly
’s Enterprise Security Weekly podcast with
@sawaba
and reflect on some of the happenings in the cybersecurity industry in 2023!
We got to talk through this year's trends and stats from
@ReturnOnSec
, comparing them to 2022 and making some
The cybersecurity industry is full of paradoxes and challenges.
Here are 25 lessons I've learned over 17 years in the industry to help navigate this complex field
Takeaways:
- Diplomacy > Tech
- Budgets > Checklists
- Conversations > Spreadsheets
3️⃣
@wehackpurple
🤝
@semgrep
WeHackPurple, a Canada-based application security training and education community, was acquired by Semgrep) for an undisclosed amount.
*An AppSec powerhouse has entered the chat*
Just hit 400 subscribers to the Security, Funded newsletter today! 🎉
It’s nothing compared to bigger newsletters in the security space yet, but I’m pretty proud. 😎
If you haven’t signed up yet, why not? 🤔
This past week, the big debate in the cybersecurity industry was platform-based solutions vs. best-of-breed technologies.
Let's dive into what everyone's talking about 👇
6. Not sharing what they are working on and their accomplishments enough - you're only rewarded for the work people hear about (it's part of the game).
I cannot stress the value of creating strong, on-brand partnerships in a similar niche with other newsletters if you want quality newsletter subscriber growth.
Since I started writing a blog and newsletter, I've been able to:
- Land new clients
- Make new friends
- Be on multiple podcasts
- Learn more than I ever expected
- Speak at and attend multiple new events
Why haven’t you stated writing yet?
Now pure rage is setting in after he speaks with
@anton_chuvakin
and
@philvenables
on the futility of his efforts.
He begins to question all of his life choices that led him here and slowly slips into madness
The era of security teams buying too many tools - meaning buying more tools than the organization can deploy and operationalize and then hiring for “tool people” - is coming to an end.
Security teams buying too many tools was a zero interest rate phenomenon (ZIRP)
💰 Issue 95 of the Security, Funded newsletter together with
@Lacework
In this week's issue:
• Palo Alto flexed on ‘em with bundling 💪
• China hackers and AI deception ramp up
• LLMASB (LLM Access Security Broker?)
Drop a 💌 if you'd be interested in a Notion doc with templates that go in depth on exactly how I manage monetizing my free newsletter and manage sponsors.
If you're interested in a systematic playbook to manage sponsors for your newsletter, this would be for you.
The general vibe from last week’s of public cybersecurity earnings calls:
“Microsoft? Nah we don’t compete. CFOs buy Microsoft for security, but people serious about security buy the big security platforms”
Meanwhile
@satyanadella
sitting on a $20B security business is like
🔒 Improve your organization's security and compliance management with The Security Auditing Manifesto.
Discover a set of shared values for effective security and compliance management that can help you:
* Build stronger security partnerships
* Reduce friction
* Better manage
🔒 RSA Conference 2023: A Return to Normalcy 🌟
🚀 After last year's subdued event, RSA is officially back in full swing, here is some of the sentiment I captured:
* 400+ registered vendors (plus 10-20% more on the periphery)
* Over 40,000 attendees
* Extravagant booths and
🚀 Just published a deep dive into the impact of
@RSAConference
Innovation Sandbox on cybersecurity startups!
Thrilled to collaborate with
@ramimacisabird
on this piece, and thanks for the opportunity to work together.🤝
A cool feature from
@beehiiv
: Monthly newsletter stats
Here's the stats for Security, Funded from May 2022
Issues shipped: 5
Avg open rate: 52.4%
Avg click-through rate: 24%
Subscriber growth rate: 15.3%
Most popular issue:
@HackingLZ
S1 said they found an error in how they were reporting ARR in their CRM and that their results were down from that fix.
I think it came down to investors just not believing that story and I go in a bit deeper from my newsletter yesterday
Pro Tip: Everyone will not read or listen to every piece of content you put out, and that shouldn't be your main goal as a creator.
The goal is to establish you, your brand, and your ideas as a longer term share of people's thoughts through consistency and quality.
Up-and-coming wave of cyber products will be around identifying external AI usage in enterprises.
Find out who is using OpenAI via Google/M$ auth, limiting or proxying access to ChatGPT, etc.
This will be a legal and risk management exercise.
It will look very much like the
🙌 Crossed $500 in revenue today from my collection of digital products! 💎
It's not life-changing money, but it's really fun to see that a few things I made up have gone this far. This has been a fun journey and has unlocked many more ideas.
Me most of 2020:
Hesitated on writing
Wasn’t consistent
Had vague goals
Me in 2021:
Set goals
Dove into content
Launched on Ghost
Built-up a brand
Monetized my writing
Made a profitable skill work for me
Don’t wait, dive in 💦
New podcast🎙
@mikepsecuritee
#CISO
at
@PassportHQ
discusses what gets CISO's attention, why cybersecurity is attracting big investment, and why defending against exotic threats is meaningless if you've not addressed the basics...
Get it now