DeploySecurelyGPT: your AI cybersecurity advisor
2023 - the year I uploaded part of my brain to the cloud.
TL;DR
I have developed a customized version of GPT-4 trained on all Deploy Securely content, my LinkedIn posts, and more.
It’s called DeploySecurelyGPT.
It’s also awesome (examples below).
Once I get 100 paying subscribers, I’ll make a beta available to them. In addition DeploySecurelyGPT access, customers will get 2 subscriber-only Substack posts a month.
Show your interest by pledging a subscription for the paid tier of my newsletter; that’s how I’ll handle billing.
You won’t be billed until DeploySecurelyGPT is live.
If you don’t see “Pledge now” below, make sure you are subscribed and signed in to Substack.
This would be a completely reasonable thing to expense to your employer.
Generative AI is disrupting a lot of things
As an technological optimist, I have been excited about the opportunities presented by generative AI tools like ChatGPT. New innovations frequently disrupt old ways of doing business, and one of these bound to take a hit is Search Engine Optimization (SEO).
While I don’t aggressively target Deploy Securely to capture certain keywords, I do get a fair amount of traffic from Google. And people who visit the Deploy Securely site do things like buy my digital products or consulting services.
Unfortunately, I am pretty sure that this is going to dry up relatively quickly as people shift to using AI tools for querying information. Being able to get a desired answer immediately and without visiting a bunch of sites is definitely the better option, and people are just going to stop doing things the inferior way pretty quickly.
Additionally, OpenAI and its competitors have yet to publicly float any kind of program to compensate content creators for their work. Unless something like that evolves quickly, I am relatively confident that you are going to see those who generate valuable information start putting up paywalls or “do not crawl” notices.
And I know AI tools are already ingesting my content:
All bad news, right?
Well, that’s what I thought until recently. Then I got an idea.
What if I gave my subscribers the best of both worlds? My content and the ability to query it using generative AI. After a weekend of work, DeploySecurelyGPT was born.
Why DeploySecurelyGPT is so awesome
As a tase of its capabilities, check out its performance on some example prompts.
Draft a contract provision between a software customer and vendor regarding vulnerability management and notification
Even using the latest OpenAI model (GPT-4 on April 22, 2023), you get vague, non-actionable boilerplate:
DeploySecurelyGPT returns a highly actionable, verifiable, and quantitatively-driven provision:
What are some differences between the CISA KEV and the EPSS?
ChatGPT hallucinates badly and returns an almost 100% made up answer:
DeploySecurelyGPT gets it almost completely right, with one factual error and one grammatical one:
I think this is pretty good for version 0.1. And the model will only get better from here.
Details of what subscribers will get
I’ll keep already-published articles freely available, but there will be major benefits to subscribing, namely:
DeploySecurelyGPT access.
This will be via visual user interface only at first, but I plan to build an API if the demand is sufficient.
I will pencil in a limit of 25 queries per day, but may raise or lower that based on demand.
As I publish new content (including subscriber-only material) on Substack, I will retrain the model on it.
Eventually I will start feeding the model non-Substack content, like my GitHub repos, LinkedIn posts, etc.
Two subscriber-only posts a month (on top of two free ones).
The subscriber posts are going to much more tactically-oriented. Here are some examples of what will in the future be subscriber-only content:
Free posts will be more broadly-focused, with some examples being:
Other reasons I am launching a paid tier
Deploy Securely delivers a lot of value
Writing for more than 18 months has given me a pretty good idea of what is useful and what is less valuable to cybersecurity professionals and business leaders. From reader feedback, I have also learned that organizations are directly implementing many of my recommendations. Readers have told me that a:
Military officer briefed several generals about my recommended approach to vulnerability management and flaws in existing federal practices.
Cybersecurity software company is incorporating the vulnerability chaining model I developed as part of its roadmap.
Major government agency is considering implementing the Generative AI security policy I wrote.
And the Cybersecurity and Infrastructure Agency (CISA) reached out directly to me after I critiqued new vulnerability management framework.
Sponsorships might impact how I write
I have gotten some offers to sponsor the newsletter, which has been quite flattering.
But so far I have declined all of them.
While although I do mention business partners in my newsletter (with disclosures), I worry that formally taking on sponsors would influence what I write. And I know exactly zero people subscribe to Deploy Securely because I pull punches.
Having a subscriber-supported model will keep me accountable to the end users of my writing, and them alone. And you won’t have to wonder if my message is being tilted one way or another because of a sponsorship.
Conclusion
Writing Deploy Securely over the past year and a half has been an awesome experience, and I really appreciate everyone who has joined me on the journey.
Introducing the subscription model will allow me to spend more time and effort on creating quality content for practitioners “in the trenches.” And at the same time I plan to continue putting out higher-level analytical pieces available to everyone.
If you aren’t yet on my email list, please sign up below.
And if you are and have interest in a subscription, sign into your account and please pledge now!