Finding a mentor to help you with your cybersecurity career might seem like an intimidating prospect, but in actuality, it doesn’t have to be. There are quite a few misconceptions when it comes to finding a security mentor. And in this blog post, we hope to dispel some of those and provide some straightforward ideas for developing a mentor-mentee relationship, no matter the stage of your career.
Why Get a Cybersecurity Mentor?
A mentor can help you up your security game when it comes to technical skills, soft skills, and professional skills.
A mentor can help you dig into technical subject matter that you want to familiarize yourself with (e.g., enhancing your network pen testing skills), as well as soft skills to develop effective communication and management. Other skills mentors can help you improve include salary negotiation, interviewing, and advocating for yourself in the workplace. These skills might not be as flashy as red teaming, but they are still extremely beneficial in developing professionally!
A mentor can help guide you down your desired career path.
Application Security Practice Director Kelly Albrink shared that early on in her security career, it was her mentors that helped her determine what area of security was best for her. If you feel like you might want to switch specialties, consider finding a mentor.
“Tap into your network; people you might even be second connections with on LinkedIn, for example, can end up being great resources. You gain more diversity of experience and perspective. Look into building a wider network, so you have a more expansive pool to draw from.” – Bishop Fox Recruiting Manager Kaitlin O’Neil
How Do You Find a Cybersecurity Mentor?
You might not know where to start in your cybersecurity mentor search; it can seem daunting (or even just plain awkward). Here are some tried-and-true ideas from Bishop Fox’s Kelly Albrink, Kaitlin O’Neil, and Shanni Prutchi.
Begin with your network.
We mean co-workers, professors or teachers, friends, classmates, and even family members. Shanni Prutchi’s first mentor was her Dad; “He really nurtured my interest in STEM. When I wanted to learn more about Ancient Egypt, he contacted the University of Pennsylvania Museum’s head curator and arranged a private tour for me! He showed me the importance of finding outside resources who could help me pursue my interests.”
And as far as finding a mentor to help her discover her niche in security, Shanni looked to academics. “For infosec, my first mentors were two professors; one was the head of the infosec program at my school and the other was my digital forensics professor. They went above and beyond; their support surpassed the classroom. They made themselves available for brainstorming, resume reviews, and they helped provide me with research opportunities. They also shared real-world cybersecurity stories from their experiences that proved invaluable context to have for just starting out in the industry.”
Look up to someone at work or online? Talk to them!
Don’t just ogle your professional hero’s success from afar; be upfront and tell them they are someone you admire, and you’d like to pick their brain about pen testing, work-life balance, whatever strikes your fancy. Shanni explained, “I admired someone on social media; she works in a different field, but I noticed that we were both attending the same conference. So, I decided to ask her if we could meet up and we did! Now, we meet a few times a year for brunch and to talk about our careers.” It might seem uncomfortable at first, but the reward outweighs the risk. “Don’t be afraid to send a LinkedIn request to someone you professionally look up to and would like to get to know,” says Kaitlin. If that sounds a tad too intense, maybe just message them first.
We cannot overstate the importance of networking. Network, network, network.
Now that in-person meetups are making a slow comeback, take advantage of that trend and attend one. You can also check out what online meetups are available in an area you’d like to explore; plus, you might be able to network with more people via virtual meetups.
Register for conferences like DEF CON and BSides; if there’s a hackerspace in your area, stop by and chat with folks there. There is no shortage of security groups like OWASP or the 2600 Club, either. And when all else fails, there is always social media! One way to locate a possible cybersecurity mentor (or mentors) is the weekly #CyberMentoringMonday thread on Tanya Janca (@SheHacksPurple)’s Twitter. We’ve included a list of Discord servers and Slack channels to join in the Resources section of this blog post, too!
Things to Know About a Security Mentorship
Now that we discussed why you might want to think about getting a mentor and how to find one, here are some things to consider before you embark on your professional development quest.
A mentorship isn’t an automatic “in” to a company.
It’s true that sometimes mentorships can lead to professional opportunities, but don’t make that your most important and immediate expectation. A mentorship is not the same as a job application.
Mentorships don’t need to last forever.
A mentorship doesn’t need to stretch your entire professional career; they can be short term or long term. You can have a mentorship as long as you’d like or as long as it’s needed (for example, until you secure a new job.)
Your mentor is a person with a life and other responsibilities.
If your mentor needs to prioritize other things over the mentorship or needs to step away from the mentorship due to conflicting priorities, don’t take it personally! Remember your mentor has their own thing going on, and the mentorship might take a backseat to other responsibilities at times.
Mid-level or senior in your career? You can still be mentored!
No matter what level of career you might be in, there’s always room for continuous learning. Mentorships can also make you aware of other opportunities that exist in security and even spur a career change.
Mentorships don’t have to be overly formal.
If you’re talking to someone who can teach you things, that’s still essentially a mentorship. You don’t have to use those terms. But that being said, it helps to establish some goals and a cadence to the relationship.
You can have multiple mentors.
Different perspectives can often be incredibly helpful; it’s not a bad idea to seek out different areas to find mentors with different expertise. You don’t need to be locked into having one mentorship. Maybe someone helps you learn hardware hacking, whereas someone else helps you get more comfortable with mobile app testing.
Finally, sometimes a mentorship just doesn’t work out. Like any relationship, if it’s not serving you, don’t feel bad for walking away.
The Bishop Fox Mentorship Program
At Bishop Fox, we have had a formal mentorship program in place for the past year. The brainchild of Kelly and Kaitlin, our program focuses on matching up security consultants with someone they want to learn from to achieve their professional goals.
“We match people at different career phases with similar interests so they naturally complement each other. A couple times a year, we check in with these matches and see if they’d like to continue with their current pairing or switch it up. We also check to see if they have any ideas for improving the program.” – Kelly Albrink, Application Security Practice Director, Bishop Fox
At the start of the mentorship, the program provides mentors with resources and has plans to release training on setting goals in the near future. As of this blog post’s publication, there are 87 total unique participants with 67 matches altogether.
The program takes a “choose your own adventure” approach to mentoring, meaning that the matches get to define what the mentorship looks like. So far, some of the results have been unexpected for Kelly and Kaitlin. “When we first unveiled the program, we were surprised to see that a lot of people were choosing to be mentored around leadership and soft skills as opposed to technical skills,” Kelly shared.
Hopefully, you now feel somewhat more confident about finding a cybersecurity mentor that can help you up the ante on your career. The following are some resources to utilize as you start scouring the internet and the real world for the infosec Robin Williams to your Matt Damon.
- “Mentoring: The Biggest Problem We Don’t Know We Have” slides by Niranjanaa Ragupathy from Day of Shecurity 2019 (Fun fact: This presentation actually helped to inspire the Bishop Fox Mentorship Program!)
- Bishop Fox’s RedSec Discord
- Insider PHD Discord Server
- The Cyber Mentor Discord Server (AKA TCM Security)
- Black Hills Information Security Discord Server
- TryHackMe Discord Server
- Infosec Prep Discord Server
- Women's Society of Cyberjutsu Slack Channel
- “How Great Leaders Inspire Action” – A Ted Talk by Simon Sinek
Subscribe to Bishop Fox's Security Blog
Be first to learn about latest tools, advisories, and findings.
Thank You! You have been subscribed.