One of the aspects that makes the information security industry so unique is the sense of camaraderie, even among competitors. In such a rapidly evolving landscape, practitioners and leaders alike turn to their community for valuable data and insights in efforts to inform quick and decisive actions. We know that a more knowledgeable community means a safer community. We can face the relentless onslaught of adversary behavior because we draw strength from a community framed by shared experience.
For that reason we wanted to take the time to focus on the foundation of our community: the relationships. Earlier this year we asked our social media followers to share the names of people who had inspired them along their career path or someone on their current team who is just plain awesome.
The responses were overwhelming! More than 90 people took time out of their busy schedule to share their appreciation for their mentors and active members of the security community. We reached out to the folks who were nominated and asked them to share some advice with the security community at large. Here is what they had to say.
Advice for mentors
I would say don’t simply recommend *your own* path as the way forward for the next generation. The mentor’s path will have been borne from a wholly different generation of technology, a dramatically different threat landscape, a far less diverse and inclusive workplace, and a different business environment. Instead see the world from the perspective of the mentee first, then apply your skills, experience, influence to help them move ahead.
—Dave Herrald, Principal Security Strategist at Google
It’s easy to be a mentor. But to be mentored takes humility and courage.
—Peter Schawacker, Cybersecurity Business Leader
I think of mentorship as an engagement that brings tremendous value to both parties. In our technology and security practices, we must keep top of mind that our future success is reliant upon not only our intellectual property, but in fact is more dependent upon the relationships we have fostered and continue to cultivate.
—David Uhl, Technical Account Manager at Trace 3
As a mentor, it can be challenging to corral someone’s enthusiasm, but you have to so they can hone their craft. There’s an air of discipline that meets creativity and method that is difficult to teach. What makes it easier is having your mentee challenge you along the way. When a mentor has to stop and sharpen their own craft because the mentee pokes so many holes in it, you know you’re teaching them right. It’s what my mentors did, whether they meant to or not. It was their openness to being challenged that allowed me to grow, so I did the same. More mentors should be open to being wrong.
—Davis McCarthy, Principal Security Researcher at Valtix
I use a lot of frameworks; this one is a favorite of everyone whom I’ve used it with. It’s really good for early-career people who don’t know what they want to do as well as late-career people who want to change careers or are disillusioned with their current job.
—Gary S. Chan, President at Alfizo LLC
As a mentor, have the vision not to block innovation and curiosity but to guide in the bigger picture of management, customers, and strategies. Don’t block ideas because you think you know better. Use your experience to guide people—there is a pretty good chance that you will learn something in the process, and you might not see the end goal in the beginning.
—Martin Kofoed, Director, Detection Advisory & Cyber Defense at Improsec
Advice for people just starting out in cybersecurity
There is so much to say but I would say get involved with local meetups, submit PRs to GitHub repos and join communities linked to those repos through Slack, Discord, etc. And lastly, get involved with your university, supporting collegiate cyber defense competitions. Eventually, through being in all those circles you’ll figure out where you want to be.
—Jesse Moore, Senior Cybersecurity Advisor at the University of Washington
Stay curious and never accept “This is how it’s done” or “This is normal” as an answer. We only move forward by questioning and probing processes and observables.
—Joe Slowik, Senior Manager, Threat Intelligence & Detections Engineering at Gigamon
Stay curious and relentless. Knowledge and perseverance only strengthen our efforts against our adversaries.
—Arnel Manalo, CISO & VP Infrastructure at Evergreen Home Loans
I suppose the best advice I can offer is to stay hungry, stay humble, be a lifelong learner, and share your knowledge. The community flourishes as we collaborate and expand/build upon the knowledge of each other.
—Christopher Mazzei Security Consultant II, Attack & Penetration, Threat Management at Optiv Inc
The advice I would give is the same that was given to me when I started. To be successful in information security you have to be curious, inquisitive, and above all passionate. Without these qualities it’s just a job.
—Paul Dumbleton, Team Manager, Enterprise Information Security at Gordon Food Service
Focus on projects, not training. Continually develop your communication skills. And be a leader in whatever role you are currently in.
—Samuel Cameron, RTP Site Team Lead at Cisco
Advice for the community
The biggest piece of advice that I’d give to the security community is to enjoy the process. When we’re hyper-focused on the end state, we miss tons of opportunities to learn and grow because we’re just trying to go as fast as possible. Learning how to slow down and appreciate the journey to that end state has been the single best thing I’ve ever done for myself.
—Matt Hand, Principal Consultant at SpecterOps
Build security champions throughout your organization—take the time to explain the why (in simple terms). While often infosec can be a thankless job, you never know when that one nugget of information or explanation will inspire, teach, or at least build an understanding to help others be a champion.
—Vince Aimutis, Information Security Manager at Federated Insurance Company
My advice would be to encourage those who have the skills and experience to mentor others to do so. And, I would encourage those who wish to get into cyber or build a new skill in cyber to never be afraid to reach out.
—James Haughom Jr., Security Researcher at SentinelOne
*Some answers edited for length and/or clarity.
If you have your own bit of advice you’d like to share with the security community, or want to shine the light on the difference makers in your organization, reach out to us on LinkedIn or Twitter, or email our community team. We’d love to hear from you!