Be comfortable not knowing things and delegating, don’t report to the CIO (bcuz usual conflict of interest stuff), invest in people (training, career progression stuff), don’t follow the industry herd (i.e. salivate over AI just because every other E-level type is). I’m an IC, always have been, so there’s a lot im sure I don’t know in terms of effective management among managers but from my perspective this is what I would perceive as efficacy and proficiency at that level. That and Ill throw in that traditional ways of measuring “success” or output rarely applies to infosec teams. It’s hard to measure “how secure are we” or “how many things did we block this month”.

Not really actively doin’ any certs or training. But have been learning a bit more about threat modeling recently 🤷‍♂️

Working on all manner of stuff for my site, trying to figure out how to SAFELY eradicate poison ivy in my back yard, and working on some work-stuff related to AI, Recall, and other general assessment/testing stuff.

These days, sometimes it’s just enough to survive. Stay sane out there folks.

Not particularly. Though I wouldn’t blame many of us in security / IT-in-general for having hobbies that involved getting OUT of the house. We look at computers too long each day 😅

The RSS feed should be full content now. I figured it out!

Thanks!! 🙏

You’re not the first to ask about a full-content RSS feed. I can probably figure that out, but I do think the best way to “experience” the newsletter/my site in general is directly on the site 😅. Thanks for taking a look though! 🧡

Thanks for taking a look! If you want to learn more about the IndieWeb, I wrote something up a while back about it. https://shellsharks.com/indieweb. Cheers!

Hey! There was some Cloudflare related dependency issues a few days ago causing my icon pack to load slowly or not at all. I set the .js for those icons to defer so that wouldn’t be an issue any more (had to learn about that the hard way). Let me know if you’re still seeing weird load times.

Sorry to hear it! Hope you get back into the gym soon. I know what that’s like. It also sucks to just feel like you’re losing whatever progress or gains you had made before getting sick. Feel for ya!

I know how. I just don’t. 😬

😆

Was / am still trying to work on the WEB-300 course. I’ve also dumped personal money to it at one point or another =/

Oooph I know the feeling. I have been for months and months trying to get the sustained energy to work on OffSec training. Hasn’t happened yet.

• Been reviewing Flipboard’s “Surf” app (social web browser)
• Working on some other write-ups for my blog… such as, overcoming my own burnout to write a piece ABOUT said burnout
• Assessing some (un-named) endpoint security software at work
• Testing out some other Fediverse client software, specifically, been using the Mona app more recently
• Going to start thinking about getting back into some training of some kind… not sure what though (yet)

Hello! 👋

You’ll need technical chops sure, but the hard part imo is finding the gigs. For that, good ol’ fashioned networking. Start a blog, build a portfolio, network with folks and take work where you can find it. Good luck and happy new year!

I’ve seen a lot of Cybersecurity salary surveys on Reddit (sorry to linking to the other place - https://www.reddit.com/r/cybersecurity/comments/15fo0e6/how_much_are_you_making_in_cybersecurity/). Levels.fyi is also pretty accurate for cyber/software engineer data across the various levels, especially at your typical “tech” companies (https://www.levels.fyi/)

Yes. Happens in a lot of companies I think, especially “older” companies that don’t have big security focus. Honestly, I think if you’re a good manager you can be successful even if you aren’t super technical.