You have to feel sorry for Intel at this point. Not only has Apple left its CPUs in the dust, but AMDs new Ryzan AI Max chips claim to do the same to Intels flagship Core Ultra 9 288V.The new chips take the same approach as Apple Silicon in combining CPU, GPU, and unified memory. AMD doesnt credit Apple with the idea, but does admit the chip wouldnt exist without the Cupertino company Engadget reports that the new chips are available with up to 16 CPU cores, 50 graphics cores, and 128GB unified memory. The result, claims AMD, is that it will render 3D graphics more than two-and-a-half times faster than the Intel Core Ultra 9 288V.AMD denies following in Apples footsteps.You might think AMD was taking a bit of inspiration from Apple Silicon, with its powerful CPU cores, graphics and unified memory. But according to VP Joe Macri, AMD was building towards this long before Apple. We were building APUs [chips combining CPUs and Radeon graphics] while Apple was using discrete GPUs. They were usingour discrete GPUs. So I dont credit Apple with coming up with the idea.However, Macri does admit that this latest chip might never have been developed in the first place without Apples influence.Macri gives Apple credit for proving that you dont need discrete graphics to sell people on powerful computers. Many people in the PC industry said, well, if you want graphics, its gotta be discrete graphics because otherwise people will think its bad graphics, he said.Apple proved that buyers dont care about integrated versus discrete, they only care about the performance. That enabled him to win the corporate politics battle needed to get the go-ahead for the development of the Ryzan AI Max.With the success of Apple Silicon, Macri was finally able to get approval to spend a mind boggling amount of money developing the Ryzen AI Max. I always knew, because we were building APUs, and Id been pushing for this big APU forever, that I could build a system that was smaller, faster, and I could give much higher performance at the same power, he said.The first chance to buy a laptop with the new chip will come in the first half of this year, with the ASUS ROG Flow Z13 and ZBook Ultra G1a (seriously, what is going on with PC naming this year?!) among the machines set to be powered by it.Image: AMDAdd 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Springer Nature, the stalwart publisher of scientific journals including the prestigious Natureas well as the nearly 200-year-old magazine Scientific American, is approaching the authors of papers in its journals with AI-generated "Media Kits" to summarize and promote their research.In an email to journal authors obtained by Futurism, Springer told the scientists that its AI tool will "maximize the impact" of their research, saying the $49 package will return "high-quality" outputs for marketing and communication purposes. The publisher's sell for the package hinges on the argument that boiling down complex, jargon-laden research into digestible soundbites for press releases and social media copy can be difficult and time-consuming making it, Springer asserts, a task worth automating."We know how important it is to communicate your research clearly and effectively to both your peers and the broader public, but it can be tedious and time-intensive to create concise and impactful texts for different audiences," reads the email. "Thats why we're excited to introduce our new Media Kit designed to help you expand the reach and impact of your work."Per the email, the package includes a roughly 250-word "plain language summary" designed to "simplify" research for the public; a roughly 300-word "research brief" that offers a "concise summary" for academic and scientific peers; a short, AI-spun audio summary; and social media copy characterized as "ready-to-use content" for promoting work "across platforms."The content, the publisher adds, will be generated using Springer's own "secure, in-house" AI tool.There's a major catch, though: the tool's "high-quality" outputs can't always be trusted. On an accompanying webpage linked in the email, Springer warns that "even the best AI tools make mistakes" and urges authors to painstakingly review the AI's outputs and issue corrections as needed for accuracy and clarity."Before further use," reads the webpage, "review the content carefully and edit it as you see fit, so the final output captures the nuances of your research you want to highlight."Simon Hammann, a food chemist at the University of Hohenheim, Germany and a Springer-published author who received the emailed offer, characterized the AI media bundle as a cash grab."I find it ridiculous,"he toldFuturism. "It's jumping on the AI bandwagon, where we throw AI at about anything, useful or not. I am even more annoyed by the price tag.""I didn't think there was anything left for publishers to monetize (after having authors acquire the funding, do the research, write the paper, do the peer review, and correct the page proofs for free while they take in all the profits), but here I stand corrected," he continued, adding that the "research brief" promised in the package "is essentially the abstract that you're writing anyway usually."Hammann added that researchers might be "left to wonder" what they're "actually paying for, if the publisher doesn't even see promotion of their outputs as their job, but hands that over to researchers as well."To that end with the exception of the audio summary, at least it's unclear what Springer's $49 package is offering authors that much cheaper or free generative AI tools like OpenAI's ChatGPT or Google's Gemini models can't."At Springer Nature, we understand how vital it is for researchers to be able to communicate their research to different audiences from colleagues and funders to policymakers and the public. This multi-media content bundle offering high-quality, AI-generated summaries and posts has been developed to help them do just that,"the company said in response to questions about this story. "The content is generated using the support of a secure AI-tool."No memory of the paper is retained or stored or used for training," it continued. "The content bundle is only created when requested by the original author of the publication and can be reviewed and edited by the original author, ensuring that a human is always in the loop."Springer has made numerous forays into AI. The publisher announced last year that it would embrace AI as a tool to drive its business and science,purportedly forward, declaring on its website that "Springer Nature is committed to unlock the potential of AI and other emerging technologies to advance scientific discovery and innovation."That apparent commitment appears to be taking shape right now. Earlier this week, for instance, the massive publishing body announced in a press release that it would be deploying a "new AI-driven tool" crafted to automate "editorial quality checks" and notify editors to "potentially unsuitable manuscripts. The announcement adds that manuscripts may be held back from peer review if the AI tool deems them editorially unfit.At the same time, amid a broader field of scientific publishers grappling with a pipe-clogging onslaught of fake, AI-generated studies being submitted for peer review, Springer has been attempting to keep garbage-quality AI entries at bay via two "bespoke AI tools" designed to detect suspicious language and imagery. (Though Springer claimed in a press release last year that both tools proved effective in pilot testing, AI detection tools are notoriously unreliable.)In other words, Springer's embrace of AI has been a juggling act.On the one hand, it's charging researchers for automated social copy and trying to use AI to expedite the review process. On the other, it's deploying AI systems to detect the unauthorized use of AI by authors.Hammann, meanwhile, noted that the publisher's $49 AI upsell is just one of the ways that Springer promises to help scientists promote their work for a little extra dough, that is."Funnily, Springer Nature emailed me with the opportunity to get a 82 x 52 cm poster for my publication," Hammann recalled. "Only $89."More on science journals and AI: Scientific Article With Insane AI-Generated Images Somehow Passes Peer ReviewShare This Article

Jan 09, 2025Ravie LakshmananCybersecurity / MalwareJapan's National Police Agency (NPA) and National Center of Incident Readiness and Strategy for Cybersecurity (NCSC) accused a China-linked threat actor named MirrorFace of orchestrating a persistent attack campaign targeting organizations, businesses, and individuals in the country since 2019.The primary objective of the attack campaign is to steal information related to Japan's national security and advanced technology, the agencies said.MirrorFace, also tracked as Earth Kasha, is assessed to be a sub-group within APT10. It has a track record of systematically striking Japanese entities, often leveraging tools like ANEL, LODEINFO, and NOOPDOOR (aka HiddenFace).Last month, Trend Micro revealed details of a spear-phishing campaign that targeted individuals and organizations in Japan with an aim to deliver ANEL and NOOPDOOR. Other campaigns observed in recent years have also been directed against Taiwan and India.According to NPA and NCSC, attacks mounted by MirrorFace have been broadly categorized into three major campaigns -Campaign A (From December 2019 to July 2023), targeting think tanks, governments, politicians, and media organizations using spear-phishing emails to deliver LODEINFO, NOOPDOOR, and LilimRAT (a custom version of the open-source Lilith RAT)Campaign B (From February to October 2023), targeting semiconductor, manufacturing, communications, academic, and aerospace sectors by exploiting known vulnerabilities in internet-facing Array Networks, Citrix, and Fortinet devices to breach networks to deliver Cobalt Strike Beacon, LODEINFO, and NOOPDOORCampaign C (From June 2024), targeting academia, think tanks, politicians, and media organizations using spear-phishing emails to deliver ANEL.The agencies also noted that they observed instances where the attackers stealthily executed the malicious payloads stored on the host computer within the Windows Sandbox and have communicated with a command-and-control server since at least June 2023."This method allows malware to be executed without being monitored by antivirus software or EDR on the host computer, and when the host computer is shut down or restarted, traces in the Windows Sandbox are erased, so evidence is not left behind," the NPA and NCSC said.Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Jan 09, 2025The Hacker NewsData Protection / EncryptionRansomware isn't slowing downit's getting smarter. Encryption, designed to keep our online lives secure, is now being weaponized by cybercriminals to hide malware, steal data, and avoid detection.The result? A 10.3% surge in encrypted attacks over the past year and some of the most shocking ransom payouts in history, including a $75 million ransom in 2024.Are you prepared to fight back?Join Emily Laufer, Director of Product Marketing at Zscaler, for an eye-opening session, "Preparing for Ransomware and Encrypted Attacks in 2025" filled with practical insights and cutting-edge strategies to outsmart these evolving threats.What You'll Learn:ThreatLabz Insights: Get the latest findings from Zscaler's experts on ransomware and encrypted attacks, including the trends making the biggest impact.2025 Predictions: Find out how ransomware groups are refining their tactics to stay one step aheadand what you can do to stop them.Encrypted DNS Attacks: Learn how cybercriminals exploit DNS over HTTPS (DoH) and DNS over TLS (DoT) to stay hidden while launching devastating attacks.Proven Defense Techniques: Discover how to uncover hidden threats and stop ransomware before it hits your organization.Ransomware doesn't wait, and neither should you. Every day you delay could cost your organization millions or expose sensitive data to attackers.Seats are limitedsecure yours now! Register for the Webinar.Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Jan 09, 2025Ravie LakshmananVulnerability / Threat IntelligenceThreat actors are attempting to take advantage of a recently disclosed security flaw impacting GFI KerioControl firewalls that, if successfully exploited, could allow malicious actors to achieve remote code execution (RCE).The vulnerability in question, CVE-2024-52875, refers to a carriage return line feed (CRLF) injection attack, paving the way for HTTP response splitting, which could then lead to a cross-site scripting (XSS) flaw.Successful exploitation of the 1-click RCE flaw permits an attacker to inject malicious inputs into HTTP response headers by introducing carriage return (\r) and line feed (\n) characters. The flaw impacts KerioControl versions 9.2.5 through 9.4.5, according to security researcher Egidio Romano, who discovered and reported the flaw in early November 2024.The HTTP response splitting flaws have been uncovered in the following URI paths -/nonauth/addCertException.cs/nonauth/guestConfirm.cs/nonauth/expiration.cs"User input passed to these pages via the 'dest' GET parameter is not properly sanitized before being used to generate a 'Location' HTTP header in a 302 HTTP response," Romano said."Specifically, the application does not correctly filter/remove line feed (LF) characters. This can be exploited to perform HTTP Response Splitting attacks, which, in turn, might allow it to carry out reflected cross-site scripting (XSS) and possibly other attacks."A fix for the vulnerability was released by GFI on December 19, 2024, with version 9.4.5 Patch 1. A proof-of-concept (PoC) exploit has since been made available.Specifically, an adversary could craft a malicious URL such that an administrator user clicking on it triggers the execution of the PoC hosted on an attacker-controlled server, which then uploads a malicious .img file via the firmware upgrade functionality, granting root access to the firewall.Threat intelligence firm GreyNoise has reported that exploitation attempts targeting CVE-2024-52875 commenced back on December 28, 2024, with the attacks originating from seven unique IP addresses from Singapore and Hong Kong to date.According to Censys, there are more than 23,800 internet-exposed GFI KerioControl instances. A majority of these servers are located in Iran, Uzbekistan, Italy, Germany, the United States, Czechia, Belarus, Ukraine, Russia, and Brazil.The exact nature of the attacks exploiting the flaw is presently not known. Users of KerioControl are advised to take steps to secure their instances as soon as possible to mitigate potential threats.Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

John Edwards, Technology Journalist & AuthorJanuary 9, 20256 Min ReadPanther Media GmbH via Alamy Stock PhotoDisaster recovery technologies are designed to prevent or minimize the data loss and business disruption resulting from unexpected catastrophic events. This includes everything from hardware failures and local power outages to cyberattacks, natural disasters, civil emergencies, and criminal or military assaults.As AI continues to transform and enhance a seemingly endless array of tasks and functions, it should come as no surprise that the technology has caught the attention of disaster recovery professionals.Preparation and ResponseJoseph Ours, AI strategy director at Centric Consulting, says AI can assist disaster recovery in two essential areas: preparation and response. "In many respects, speeding disaster recovery means planning and preparing," he observes in an email interview. Ours notes that a growing number of government agencies and insurance companies are already routinely performing these tasks with AI assistance. "They use predictive and classification models to analyze historical data and environmental factors to determine potential risk."AI-enabled resiliency planning provides speed and precision that traditional methods lack, says Stephen DeAngelis, president of Enterra Solutions, an AI-enabled transformation and intelligent enterprise planning platform provider. "AI's ability to process large volumes of data quickly allows it to detect anomalies and potential risks earlier," he explains in an online interview. Unlike conventional disaster recovery plans, AI-powered solutions are adaptive, updating in real-time as conditions change. "This means companies can pivot their strategies almost immediately, reducing the time needed to return to normal operations and ensuring minimal disruption to the supply chain."Related:Automatic DetectionIn businesses, AI-enhanced disaster recovery automatically detects anomalies, such as ransomware-corrupted data, allowing technicians to skip over unusable files and focus on clean, viable backups, says Stefan Voss, a vice president at data protection and security firm N-able. "This eliminates the time-intensive, manual review process thats standard in conventional recovery methods."AI can also improve boot detection accuracy, ensuring that machines will bounce back successfully after recovery, Voss says in an email interview. "Well-trained AI models can significantly reduce false positives or negatives, enhancing technician confidence in the reliability and efficiency of the restored systems," he explains. "With AI-driven accuracy, organizations can recover systems faster, with fewer errors, and minimize downtime."Related:AI solutions rely on access to high-quality data to generate accurate predictions. "When data is siloed or incomplete, models are likely to produce less reliable results," DeAngelis warns. To ensure success, he advises businesses to establish robust data management practices before implementing AI solutions. "Today, we're seeing innovators develop sophisticated techniques, such as advanced data modeling, to bridge critical data gaps and enhance AI accuracy."Getting StartedAn important first step toward using AI in disaster recovery is conducting a comprehensive assessment of current supply chain vulnerabilities. "Identify critical points of failure and gather historical data on past disruptions," DeAngelis suggests. Next, collaborate with an AI partner to build predictive models that simulate various disaster scenarios, such as geopolitical risks or extreme weather events. Focus on implementing AI tools that integrate seamlessly with existing systems, allowing for smooth data flows and real-time updates. "A phased approach is ideal, beginning with pilot projects and scaling up as the organization gains familiarity with the technology."Related:Voss says the next step should be identifying any existing challenges in the disaster recovery process. "For example, if your main goal is increasing recovery testing accuracy, look for AI tools designed to improve boot detection and guarantee reliable system restoration," he suggests. "On the other hand, if the goal is precisely detecting backup anomalies, focus on AI solutions that specialize in identifying compromised or corrupted data quickly and accurately."After clearly defining the issue at hand, seek out the AI solution that will meet your needs, Voss advises. "Always start with your pain points and let AI provide the answer, not the other way around."ChallengesAI disaster recovery can offer significant advantages, yet it also comes with several serious drawbacks. High development and integration costs can be a barrier, especially for small businesses, Voss says. "The skills shortage in AI expertise makes it difficult for organizations to develop or maintain AI-driven systems."Remember, too, that even with well-trained models, AI is far from infallible. False positives or negatives can occur, potentially complicating recovery efforts, Voss warns. "Additionally, an over-reliance on AI can reduce human oversight, making it imperative to strike a balance between automation and manual processes."Perhaps the biggest drawback is that some disasters arrive as unpredictable black swan-type events. "In this case, AI is neither a benefit nor contributor to the failure to respond because, by their very nature, humans would struggle to respond adequately as well," Ours says.A Competitive EdgeA proactive investment in AI not only mitigates risk but can turn challenges into competitive advantages, DeAngelis says. He notes that by being prepared to adapt quickly when disruptions occur, enterprises can maintain continuity and even capture market share from less-prepared competitors. "As we've seen from recent events, such as the US port strike, hurricane-related supply chain impacts, and the ongoing pressures of inflation, businesses that leverage AI to build resilience are better positioned to thrive in uncertain environments."About the AuthorJohn EdwardsTechnology Journalist & AuthorJohn Edwards is a veteran business technology journalist. His work has appeared in The New York Times, The Washington Post, and numerous business and technology publications, including Computerworld, CFO Magazine, IBM Data Management Magazine, RFID Journal, and Electronic Design. He has also written columns for The Economist's Business Intelligence Unit and PricewaterhouseCoopers' Communications Direct. John has authored several books on business technology topics. His work began appearing online as early as 1983. Throughout the 1980s and 90s, he wrote daily news and feature articles for both the CompuServe and Prodigy online services. His "Behind the Screens" commentaries made him the world's first known professional blogger.See more from John EdwardsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also LikeWebinarsMore WebinarsReportsMore Reports

Frank Kim, SANS Institute Fellow January 9, 20255 Min ReadEmre Akkoyun via Alamy StockAdopting zero-trust security architectures is increasingly becoming a corporate imperative, with zero trust serving as the recommended approach for building resilience against the evolving nature of enterprise threats. This shift represents more than just implementing the latest and greatest best-of-breed tools. Its a foundational shift away from perimeter-based security controls and external network defenses that were not designed for todays threat landscape.More than 80% of all data breaches today are attributed to human error or negligence, making human risk a pressing security concern amid the rise of hybrid work environments. A zero-trust architecture limits the damage that a compromised user can cause by segmenting the organizations security environment into smaller, isolated zones that restrict the ability to access sensitive data across the entire ecosystem. Unfortunately, the path to effective implementation has proven challenging. Forrester research found that more than 63% of enterprises are struggling to implement zero-trust frameworks, and Gartner predicts that by 2026 only 10% of large enterprises will have a mature and measurable zero-trust program in place.This heightens the role of the transformational CISO to the forefront. CISO success today requires more than being a pure technologist from the SOC room. They need to serve as transformational leaders who are capable of navigating shifting organizational priorities to foster collective buy-in amongst executive leaders, establish effective processes with business line stakeholders, and develop versatile security teams. Cultivating this company-wide alignment is critical to alleviating the roadblocks that hinder zero-trust adoption today.Related:Articulating Zero Trusts ValueNearly 50% of IT professionals describe collaboration between security risk management and business risk management as poor or nonexistent, according to NIST research. As CISOs, its our job to bridge this divide by framing zero trust as an enabler of business agility, operational efficiency, and competitive advantage rather than focusing on technical specifications. Leveraging scenario-based planning and risk quantification techniques can effectively articulate the value of zero trust in terms that resonate with various stakeholders -- correlating the ramifications of cyber incidents to high-value outcomes that impact their department. Marketing leaders, for example, might better appreciate zero trust when they understand how it prevents customer data breaches that result in brand reputational damage.Related:CISOs should establish regular touchpoints with business unit leaders to understand their workflows, pain points, and growth initiatives. This collaborative approach helps identify opportunities where zero trust can enhance business processes rather than hinder them. By securing visible support from the C-suite, CISOs can overcome initial resistance and ensure the necessary resources are allocated for successful implementation. It also helps strengthen organizational buy-in across all employees, giving the company a platform to address concerns, share implementation progress, and maintain alignment with business objectives.Minimizing Organizational FrictionSuccessful zero-trust adoption requires a carefully orchestrated change management strategy. Rather than pursuing lower-risk areas, organizations often achieve better results by starting with mid-risk priorities and moving methodically toward more complex challenges. This approach prevents implementation paralysis and drives meaningful security advancement.Clear communication at every stage is essential. Regular updates, user awareness training, and open feedback channels help maintain transparency and address concerns proactively. When employees realize that zero trust can streamline their access to resources while maintaining security, resistance typically diminishes. The key lies in balancing security requirements with user experience. Modern implementations should leverage automation and contextual access controls to make security seamless. Implementing single sign-on solutions alongside zero-trust principles can enhance both security and convenience, making the transition more palatable for end users.Related:In addition, developing a comprehensive change impact assessment helps identify potential friction points before they emerge. This involves mapping current workflows, understanding dependencies, and creating mitigation strategies. Regular user satisfaction surveys and feedback sessions enable continuous refinement of the implementation approach, ensuring that security measures align with operational needs while maintaining robust protection.Positioning Practitioners for SuccessThe technical complexity of zero-trust architectures demands a targeted focus on skill development amongst security practitioners. With practitioners often wearing multiple hats across architecture, implementation, operations, and monitoring, they must be all-around defenders who are capable of seamlessly transitioning between functional roles. This requires a strong foundational knowledge spanning both on-premises and cloud security domains. Security teams must understand the organization's end-to-end security environment, from network tools to cloud applications, endpoints, and data storage systems.Investment in targeted learning is crucial here. Prioritize formal trainings and upskilling programs that build team-wide competencies and implement cross-training initiatives that facilitate knowledge sharing to reduce key person dependencies and develop operational resilience. Establishing a dedicated zero-trust center of excellence can accelerate this skill development by providing guidance and support to other security team members while maintaining documentation and best practices.The path to zero trust is a continuous journey of organizational transformation. While technical implementation remains crucial, the transformational CISO's ability to bridge cultural gaps, foster organizational alignment, and develop comprehensive team capabilities will determine the success of zero-trust initiatives. As cyber threats continue to evolve and regulatory pressures mount, organizations that successfully execute this cultural and technical transformation will be better positioned to protect their critical assets and maintain business continuity in an increasingly complex threat landscape.About the AuthorFrank KimSANS Institute Fellow Frank Kim is a SANS Fellow where he leads the Cloud Security and Cybersecurity Leadership curricula to help shape and develop the next generation of security leaders. Previously, he served as the organizations CISO where he led the information risk function for the most trusted source of cybersecurity training and certification in the world.See more from Frank KimNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also LikeWebinarsMore WebinarsReportsMore Reports

AI tools will enable significant productivity and efficiency benefits for organizations in the coming year, but they also will exacerbate privacy, governance, and security risks.

Time zones: GMT (UTC +0), CET (UTC +1), CVT (UTC -1)The RoleWere looking for a Technical Customer Support Specialist to join our team! In this role, youll be the first point of contact for our customers, helping them via chat and email (no phone calls). Youll assist with inquiries, troubleshoot issues, and ensure a smooth customer experience.This position is fully remote. However, if youre based near Nantes, youre welcome to work from our office occasionally.What Were Looking ForFluency in English is mandatory: English is our primary working language, so strong written and verbal communication skills are essential.French and a third language required: Fluency in french and in another language (German, Dutch, etc.) is required,Technical knowledge: You dont need to be a developer, but a solid understanding of tech concepts (e.g., HTML/CSS) is required. This isnt a learn on the job rolecome prepared!Team spirit: Empathy, kindness, understanding, active listening, and a collaborative mindset are essential. Youll fit right in if you value teamwork and fostering a positive work environment.Experience: Familiarity with customer support software is a plus, but not mandatory.What Makes Crisp Special?Everyone does support: even our developers contribute to customer support, keeping everyone connected to our users needs.No meetings: Say goodbye to unnecessary meetings and focus on meaningful work.No personal KPIs: We trust you to do great work without micromanagement or performance pressure.Contract DetailsIn France: If youre based in France, youll be hired under a standard employment contract (CDI).Outside France: If you live outside of France, the position will be under a full time freelance service contract. Youll need to have an independent contractor status in your country and be able to issue invoices.Who Can Apply?Must be located within the EU timezone.Immediate availability is a plus.Compensation & PerksThe compensation range for this role is around 30k/35K gross per year , depending on the profileJoin a diverse and inclusive remote-first team that values work-life balance and flexibility.

Growth Marketer at Better ProposalsWe havent done bad at Better Proposals over the last 7 years. Weve pioneered massive parts of the proposal software industry, are one of the big 4 that compete on a regular basis and weve done it all without VC money and a deliberately small team.We're looking for one, maybe two multi-skilled Growth Marketers to help us do the big stuff better while not losing sight of the small stuff. The big things for us are SEO, content marketing and Adwords.Fully remote.Work whenever you like.Potential to run the team.Up to $80k.Applications close 17th Jan.WARNINGUsing AI to apply is an instant no. It doesn't matter how good your CV is, if you don't spend a few moments writing us a quick personal message, we won't consider your application.The core of the role:You need to have a bit of a business brain. We get pages ranked in Google, drive visitors to start a trial and hopefully convert them to a paying customer later - that's our business and ideally you have worked with that kind of business model before - preferably SaaS.You need to have a clear idea of how SEO works, that includes knowing how to do keyword research, find "opportunities", use a CMS to create a page (with the help of our designer, writer and link builder) and get it ranked.You should also have a good idea of how to maintain and improve existing rankings and react appropriately if Google gives us a slap. This means being able to assess what's happened, why rankings have dropped and put a plan in place to fix it. Whether it's coordinating getting more links to a page, writing more, or different content or fixing some technical SEO - you'll know what to do here.You're an all-rounder:Copywriting - You don't need to be the next Dan Kennedy, but you should be able to write conversion copy to an okay standard.PPC - Know your way around Google Adwords, and PPC platforms. You don't need to be world class, but a good knowledge would be great.HTML/CSS - It's not essential at all, but if you're not a <div> when it comes to HTML. That always comes in handy. (I think my Dad would be pleased with that joke)Communication - If you're not scared of the phone and can talk to potential collaboration partners, work on webinars and create traffic building relationships - amazing!Email marketing - If you know your way around spam traps and can get people to click on your persuasive emails, superb!The random stuff - Getting a book converted to be listed on Amazon, social media, content creation, interviewing customers for testimonials, looking into customer data. If you can be our person for these random things - lovely!Start-to-finish kind of person - The more things you can do start to finish, and don't need help and input from the co-founders the better. We need people here who can execute a plan.Managing people - There's potential to run the marketing team as it grows. The person we hire should have that ability or potential.ExperienceWe're looking for a leader, someone who's been there and done it and has actual experience. We don't judge it in number of years, but results and your level of involvement. You don't necessarily need to be a direct match for everything above because the plan is to hire two people. Ultimately our hope is that you can run the marketing team at some stage. Be ambitious!Salary and Working EnvironmentThe role is fully remote. We don't have an office, we never will.It's a full time role but we don't clock watch. You're responsible for your own working hours.Salary is a large range because it depends what skills you have and what you can do: $42,000 - $78,000.3 weeks paid holiday + 1 week for every year (capped at 6 weeks)+ Your chosen 8 national holiday days per yearNext stepsAssuming everything goes well, heres how our hiring process goes:You applyWe will reach out to any successful applicants after the deadlineWe have an initial interviewWe will have a 2nd interviewIn special cases we might have a quick 3rd call to clarify a few things, but mostly not.We offer you the jobYoure expected to accept it within 1 business day.