Infosec Sidekick Weekly - New Podcast, Investigating RSA, and the Infosec Job Market
Infosec Sidekick Weekly - New Podcast, Investigating RSA, and the Infosec Job Market
Infosec Sidekick Weekly - May 8, 2023
In This Post:
My Personal Reflections for the week
Announcing a new Podcast: Infosec Sidekick
RSA Experience Interviews
The Infosec Job Market
Cyber Stories of Interest
Infosec Sidekick Reflections
I’ve decided to move my blog and content from a personally hosted wordpress site to here; Substack. There are a couple reasons for this…
I was too busy to keep it up to date and make it look pretty. It would probably get pwned eventually (lol)
I really just want to write and talk…I don’t need anything fancy.
So - the experiment begins. I hope that this will be a better way for me to talk and build connections within the Cyber Security community.
With that out of the way - my reflection for the week comes from a conversation I had with Tom Alcock of Code Red Partners on this week’s podcast. It has to do with those who are hesitant to reach out to find a mentor. Don’t be nervous; here is why.
It's easy to assume that the people we want to be our mentors have "made it". The reality is, they are still looking forward. Becoming someone's mentor is to take the next step in growing.
“Teaching is the highest form of understanding” - Aristotle
The Infosec Sidekick Podcast
Back in 2020 - a whole twenty years ago (that’s how it feels) - I started a project called Infosec Sidekick. My hair was longer, I had one less child, and I had no idea a pandemic was about to stop the world from spinning for a bit. But one thing hasn’t changed; I still want to build more connections and talk about Cyber Security.
Fast forward to now and I’m in a place where I’m ready to start things up again.
The Infosec Sidekick Podcast exists for one purpose - to build community and participate in the conversation.
I would love it if you could give the first episode a listen. If you like it, please consider leaving a review or shooting me a message to introduce yourself!
Here’s a link to the show → https://infosecsidekick.substack.com/podcast
Another great *Free* way to support both the podcast and this blog is to subscribe for free!
RSA 2023 Aftermath
As I entered the weekend, I saw a post by Jason Blanchard on LinkedIn that really made me pause and think.
I’m almost 100% sure this is a topic that has been brought up long before now, but it hit me this time for whatever reason. Going to an event like RSA must be a massive rush! But all things that go up must come down, right?
I really like that Jason posted this message and it clearly resonated with his connections, including me. I’ll let Jason’s words speak for themselves… “It’s quiet, and it will take time to be ok with that”.
If you happen to be one who is finding a void where RSA once was; remember that you can ALWAYS leverage your network. That same network that you met at RSA. They still exist. Reach out and hop on a call - I love it when folks reach out for no other reason than just to catch up.
Interviews w/ Attendees
Since I didn’t attend this year, I asked a few folks to summarize their experience. Unfortunately, I was unable to get a hold of anyone who attended for the talk tracks, so this commentary will be mostly from a market and product perspective.
Ofer Gayer, Head of Product
My experience at RSA Conference was quite interesting. Attendance seemed to have reached a peak, surpassing even pre-COVID times. I found it noteworthy that even the largest organizations seemed to be growing weary of the old school players and their inability to deliver. With budgets tightening and operational expenses under scrutiny, everyone was looking for ways to improve efficiency. AI was a hot topic, but it still seemed more like a promise than a gamechanger. Perhaps we'll see some significant developments at RSA 2024. It was also great to see a lot of industry folks catching up with old colleagues after a few years of limited travel. However, I couldn't help but feel that RSA's location in SOMA was a disservice to San Francisco, a city that is otherwise pretty cool and attractive. Maybe it's time for someone to pick up the glove and organize an RSA party in Hayes Valley or another area of the city.
Caleb Goodew, Sales
This year was my first time attending the event, and my time was primarily spent on the expo floor because that was all I could access with my pass. The event is MASSIVE. It seems people are back to traveling and attending in-person events. Our booth saw well over 1,000 visitors, and we hosted in-person meetings at our local office. It was great to meet people in person who I had been in conversation with over Zoom only. The personal connections were certainly the best part for me. We hosted customers in a suite at the Giants game, which was a big hit.
Tom Alcock, Co-Founder at Code Red Partners
Tom was kind enough to detail his experience at both BSidesSF and RSA on my podcast this week → Check out the episode here.
What I will say about his experience is that it sounded like a blast. He got to spend a lot of time helping folks with their careers and putting faces to names. I can’t really do his description justice, so you’ll just have to watch.
The Infosec Job Market
It’s no secret that the market today is much different than the market of even just one year ago in Cyber Security. On one hand, things seem to feel like it is no longer a “candidates market”, but on the other it feels like the demand has never been higher for skilled workers. My take is that both can be true.
In my interview w/ Tom Alcock, he told a story that sounded very similar. If you are a talented and achieved infosec professional, you will likely have an easier time finding a gig. This doesn’t come as a surprise.
What may come as a surprise is that those cushy, big tech jobs, that everyone thought were set in stone may not be anymore. The monoliths of the industry are laying off teams just like the rest of them.
And where there aren’t mass RIF’s, there is a tight budget. Many will empathize when I say that managers are being asked to run tight ships; sometimes with skeleton crews manning key positions. It’s just not the same economy for growth anymore.
Another Recruiter’s Take
Stuart Mitchell recently wrote a nice post on LinkedIn that I wanted to share. His insights are different than other’s I’ve seen and I thought they were really well laid out.
I’ll do a quick hitter version here, but I really encourage you to read the full post.
- There is a world outside big tech
- It's a great time to go early stage
- If you're looking for work, being willing to go to an office is going to raise your chances
- You might be better off gritting your teeth and staying put right now
- Having a good resume right now might not be enough
- It's a GREAT time to be hiring
My overall thoughts on this are that he’s right in my eyes. In my words:
Don’t only apply to the “household name” companies…there’s a ton of others out there waiting for you.
Lot’s of companies are starting up; look for smaller opportunities with high risk/rewards?
Being flexible increases your chances
Maybe don’t put in your two weeks tomorrow
Network!
If you are hiring, you can be picky.
What do you think? Leave a comment!
Cyber Security Stories of Interest
In this section, I’ll share stories from around the internet that I think are of note. In the future I may add commentary, but for now, enjoy some curated content and make with it what you will (I’m tired).
Judge Spares Former Uber CISO Jail Time Over 2016 Data Breach Charges
Google Chrome Drops Browser Lock Icon
Microsoft patches 3 vulnerabilities in Azure API Management
ChatGPT Confirms Data Breach, Raising Security Concerns
Thank You
Thanks for reading. If you’d like to see more content like this in the future, please consider subscribing for free. If you’d like to support me in a more concreate way, please consider sharing this on your social media platform of choice or purchasing a paid subscription. Thanks and have a great week!