- CPA to Cybersecurity
- Posts
- How to Install The Latest (GoLang) Fabric Client
How to Install The Latest (GoLang) Fabric Client
Build and Wield Your Personal AI Ecosystem
Steve McMichael
December 29, 2024
Contents
Backgrounder
This step by step tutorial on how to install the fabric client provides a foundation for this one:
GitHub - Danielmiessler/fabric > README > Installation
Get Latest Release Binaries
# MacOS (arm64):
curl -L https://github.com/danielmiessler/fabric/releases/latest/download/fabric-darwin-arm64 > fabric && chmod +x fabric && ./fabric --versionInstall Go
Install Homebrew (if not already installed)
Open your terminal and paste the following command. This will install Homebrew, a package manager for macOS:
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"Install Go using Homebrew
Once Homebrew is installed, you can install Go by running:
brew install goVerify the Installation:
To ensure Go is installed correctly, you can check its version by typing:
go versionInstall Fabric
# Install Fabric directly from the repo
go install github.com/danielmiessler/fabric@latestSet Environment Variables
For Apple Silicon based macs:
Edit the .zshrc file:
nano ~/.zshrcAdd the environment variables
# Golang environment variables
export GOROOT=$(brew --prefix go)/libexec
export GOPATH=$HOME/go
export PATH=$GOPATH/bin:$GOROOT/bin:$HOME/.local/bin:$PATH Make sure each export line is on a new line in the file.
Save and close the editor
Ctrl+X
Y
Enter
Apply the changes
source ~/.zshrcSetup
# Run the setup to set up your directories and keys
fabric --setupAdd aliases for all patterns
In order to add aliases for all your patterns and use them directly as commands ie. summarize instead of fabric --pattern summarize You can add the following to your .zshrc or .bashrc file.
nano ~/.zshrc# Loop through all files in the ~/.config/fabric/patterns directory
for pattern_file in $HOME/.config/fabric/patterns/*; do
# Get the base name of the file (i.e., remove the directory path)
pattern_name=$(basename "$pattern_file")
# Create an alias in the form: alias pattern_name="fabric --pattern pattern_name"
alias_command="alias $pattern_name='fabric --pattern $pattern_name'"
# Evaluate the alias command to add it to the current shell
eval "$alias_command"
done
yt() {
local video_link="$1"
fabric -y "$video_link" --transcript
}Ctrl+x
Y
Enter
This also creates a yt alias that allows you to use yt https://www.youtube.com/watch?v=4b0iet22VIk to get your transcripts.
Test 1: Analyze Paper
Input
pbpaste | fabric -p analyze_paper -sOutput
Based on the research paper, here's my analysis:
SUMMARY:
Small healthcare providers struggle with effective information security despite regulations and business motivations, due to limited IT knowledge and overreliance on IT vendors for security.
AUTHORS:
Gerald Auger
AUTHOR ORGANIZATIONS:
Dakota State University
FINDINGS:
- 78% of participants self-identify as having limited IT and security knowledge
- 78% trust and rely heavily on IT vendors for security expertise
- 67% assume security is included in IT vendor services
- 56% view security narrowly as just privacy/confidentiality
- 89% are confident in their current security programs
- 89% outsource IT operations
STUDY DETAILS:
- Qualitative grounded theory study using intensive interviews
- 9 small healthcare providers in South Carolina interviewed
- Focused on organizations with 10 or fewer physicians
- Examined information security management decision processes
- Used constant comparative analysis and theoretical sampling
STUDY QUALITY:
STUDY DESIGN: Qualitative grounded theory methodology with semi-structured interviews and theoretical sampling
SAMPLE SIZE: 9 participants, representing small healthcare providers in South Carolina
CONFIDENCE INTERVALS: Not applicable for qualitative study
P-VALUE: Not applicable for qualitative study
EFFECT SIZE: Not applicable for qualitative study
CONSISTENCY OF RESULTS: Strong consistency in findings across participants
METHODOLOGY TRANSPARENCY: Clear documentation of methods, data collection and analysis procedures
STUDY REPRODUCIBILITY: Detailed protocol provided including interview guides and coding procedures
DATA ANALYSIS METHOD: Grounded theory systematic analysis with concurrent data collection and analysis
CONFLICTS OF INTEREST: NONE DETECTED
RESEARCHER'S INTERPRETATION:
Limited IT knowledge and overreliance on vendors creates misalignment between perceived and actual security risks at small healthcare providers.
PAPER QUALITY:
Novelty: 8/10 - Addresses understudied area of small healthcare provider security practices
Rigor: 7/10 - Strong qualitative methodology but limited sample size
Empiricism: 8/10 - Based on direct data collection from practitioners
RATING CHART:
Known [-------8--] Novel
Weak [------7---] Rigorous
Theoretical [-------8--] Empirical
FINAL SCORE: A-
Strong methodology and novel findings in an important understudied area, with minor limitations in sample size.
SUMMARY STATEMENT:
Small healthcare providers have dangerous gaps in security due to limited knowledge and vendor overreliance. Policy changes and education are needed to address this critical issue.
Let me know if you would like me to expand on any part of this analysis.Test 2: Extract Wisdom
Input
source ~/.zshrcyt https://youtu.be/BwjqbcOf8JQ | fabric -p extract_wisdom -sOutput
# SUMMARY
Gerald Oer discusses how to become a GRC (Governance, Risk, Compliance) analyst in 2025, covering required skills, resources, and communities.
# IDEAS
- GRC analysts spend sixty percent of their time writing documentation, policies, procedures, and analyzing complex data metrics.
- Successful GRC professionals must be comfortable working in ambiguous situations and balancing competing business security needs.
- Risk assessment skills are the primary driver of high compensation for experienced GRC professionals.
- NIST Special Publication 800 series provides comprehensive documentation for understanding information security fundamentals and practices.
- GRC professionals serve as the critical interface between information security teams and business stakeholders.
- Security awareness training must be engaging and practical to effectively reduce organizational cyber risk exposure.
- Compliance frameworks like CMMC 2.0 are creating increased demand for qualified GRC professionals in 2025.
- Technical fundamentals knowledge enables GRC analysts to understand threats and recommend appropriate security controls.
- Continuous learning and staying current with evolving regulations is essential for long-term success in GRC.
- Effective communication skills are required to explain complex technical concepts to non-technical business audiences.
- Community engagement and networking accelerate professional growth and development in the GRC field.
- Documentation and writing skills are fundamental requirements for success in GRC roles.
- Risk assessments require understanding both technical vulnerabilities and business impact considerations.
- Information security policies must balance security requirements with practical business operational needs.
- Audit experience provides an excellent foundation for entering and advancing in GRC careers.
# INSIGHTS
- GRC bridges the critical gap between technical security teams and business stakeholders through effective communication.
- Success in GRC requires balancing perfect security with practical business needs and risk tolerance.
- Community involvement and continuous learning separate exceptional GRC professionals from average practitioners.
- Technical knowledge enables better risk assessment by understanding both threats and appropriate controls.
- Documentation skills directly impact GRC effectiveness through clear policies and procedures.
- Security awareness programs must engage employees to successfully reduce organizational risk exposure.
- Compliance frameworks create structured approaches for implementing security controls across organizations.
- Risk assessment capabilities drive both business value and professional compensation in GRC.
- Practical experience through hands-on labs and projects accelerates skill development.
- Professional networking provides ongoing learning and career advancement opportunities.
# QUOTES
- "If you want to go fast go alone, if you want to go far go as a group"
- "In this field you're either growing or you're falling behind"
- "GRC analysts spend about 60% of their time writing policies, procedures, analyzing metrics"
- "You need to be very comfortable with ambiguity"
- "Risk assessment is literally the bread and butter of GRC"
- "The cyber security industry is desperately underserved when it comes to GRC training"
- "Think of GRC as the interface between the information security office and the business"
- "The compliance landscape is constantly evolving"
- "Having the skills is only half the battle"
- "Start small but be consistent"
# HABITS
- Continuously stay current with evolving security regulations and compliance requirements through regular study.
- Network regularly with other GRC professionals through Discord communities and local meetups.
- Document processes, findings, and recommendations clearly and thoroughly for different audiences.
- Regularly assess and communicate risks to appropriate stakeholders in business-relevant terms.
- Balance security requirements with practical business needs when developing policies.
- Create engaging security awareness content that effectively reduces organizational risk.
- Build strong relationships with both technical teams and business stakeholders.
- Participate in professional communities and share knowledge with others.
- Read NIST publications and other authoritative sources to stay current.
- Maintain technical knowledge while developing business acumen.
# FACTS
- CMMC 2.0 compliance will be required for all Department of Defense contractors.
- GRC analysts spend approximately 60% of time on documentation and writing tasks.
- NIST Special Publication 800 series provides free, comprehensive security guidance.
- Boards are being held personally liable for cyber security incidents.
- The GRC field requires continuous learning due to evolving regulations.
- Security awareness training is often ineffective due to poor engagement.
- Risk assessment skills command premium compensation in GRC roles.
- Technical knowledge requirements are lower but still essential in GRC.
- Community involvement accelerates professional development significantly.
- The cyber security industry lacks comprehensive GRC training resources.
# REFERENCES
- NIST Cybersecurity Framework
- NIST Special Publication 800-37 (Risk Management Framework)
- NIST Special Publication 800-53 (Security Control Catalog)
- NIST Special Publication 800-18 (Security Planning)
- NIST Special Publication 800-30 (Risk Assessment)
- Simply Cyber Academy GRC Analyst Masterclass
- Study GRC website and community
- Professor Black Ops YouTube channel
- Space Tacos Discord Community
- Steve McMichael's CPA to Cybersecurity blog
- CMMC AB website
- Simply Cyber Discord community
- Jack Scott's LinkedIn content
- CIS Controls framework
- PCI DSS compliance framework
- HIPAA regulations
# ONE-SENTENCE TAKEAWAY
Success in GRC requires continuous learning, strong documentation skills, and effective communication between security and business.
# RECOMMENDATIONS
- Join relevant Discord communities to network with other GRC professionals and share knowledge.
- Study NIST Special Publications to build foundational knowledge of security controls and frameworks.
- Develop strong technical fundamentals while focusing on business communication skills.
- Practice risk assessment through hands-on exercises and real-world scenarios.
- Create engaging security awareness content that effectively reduces organizational risk.
- Build relationships with both technical teams and business stakeholders.
- Stay current with evolving regulations through continuous learning and community involvement.
- Focus on practical experience through hands-on labs and projects.
- Document processes and findings clearly for different audience types.
- Network regularly through local meetups and online communities.Test 3: Get Wow Per Minute
Input
yt https://youtu.be/jYwNI5IB__k | fabric -p get_wow_per_minute -sOutput
{
"Summary": "Comprehensive overview of cybersecurity careers, focusing on entry-level opportunities, salary ranges, job types, and networking strategies, with emphasis on addressing the experience catch-22.",
"Surprise_per_minute": 7,
"Surprise_per_minute_explanation": "Frequent revelations about salary ranges, job accessibility, and alternative paths into cybersecurity provide consistent surprising insights throughout the presentation.",
"Novelty_per_minute": 8,
"Novelty_per_minute_explanation": "Fresh perspectives on entering cybersecurity, including unconventional paths and practical strategies for gaining experience, delivered consistently throughout.",
"Insight_per_minute": 9,
"Insight_per_minute_explanation": "Rich with insider knowledge about industry dynamics, job roles, and practical advice for breaking into cybersecurity from various backgrounds.",
"Value_per_minute": 9,
"Value_per_minute_explanation": "Extremely high practical value with actionable advice, salary information, job search strategies, and specific steps for entering cybersecurity.",
"Wisdom_per_minute": 8,
"Wisdom_per_minute_explanation": "Deep industry knowledge shared through personal experiences and strategic career advice, particularly valuable for career transitions and networking.",
"WPM_score": 8.2,
"WPM_score_explanation": "Consistently high-value content combining practical advice, industry insights, and actionable strategies, making it extremely valuable for cybersecurity career seekers."
} 
