When I started working at Dropbox we were encouraged to create a “Working with me” doc and include it as part of our internal company profile. I found it to be a really useful and fun tool that I brought with me to Cruise and shared with the teams I work with there. I encourage everyone to create one for themselves, share it with their team, and encourage others to create one too.

I’ve had a lot of conversations over the course of my career about the value of Security Governance, Risk, & Compliance (GRC) for an organization.

The support and value (or lack thereof) placed on the GRC function can either unleash the function’s potential to drive revenue growth for the business or box it away to do the minimum possible.

I wrote a whole article about it because the narrative and perspective around Security GRC will materially impact the organization.

I wrote an article about the importance of writing well. I really want to bring more attention to the impact your writing has on your career and provide some very tangible and helpful tips to keep in mind.

High quality writing is actually pretty rare and doesn't get talked about as a skill in cybersecurity nearly enough. I've never seen it officially mentioned on any HR leveling guide or promotion packet, and yet I've seen people get denied promotions because their documentation and writing wasn't good enough. I see such basic mistakes and issues made all the time.

It's a skill well worth investing time into developing and improving for the sake of your career.

Over the past few years I have reviewed thousands of resumes and interviewed over 100 candidates for various roles within Security Compliance, Security Risk, Assurance Engineering, and Enterprise Security roles.

Given the current job market and all the news of layoffs, I wanted to share some of my perspective and tips for job seekers as a hiring manager. This should go without saying, but please keep in mind these are all my own opinions and perspectives; others may have very different approaches.

This guide is targeted towards Security GRC roles, but most points can be generalized to any role. This is a long article. There's lots to cover. I hope those of you out there job hunting find it useful.