What I Learned After a Year as a Cybersecurity Mentor

April 29, 2019
Category: Uncategorized

When I first broke into the field of cybersecurity as a penetration tester, I immediately knew that I wanted help others achieve the same. I started with blogging and helping build a military veteran cybersecurity community here at VetSec. As we grew, I moved into creating YouTube content and eventually live streaming on Twitch. My goal as a mentor has always been to help drive interest into our cyber communities and assist my mentees as best as I can. Along the way, I’ve learned quite a bit about being a mentor, the types of people you encounter as a mentor, and paths to success in our field. I’m writing this article in hopes of sharing that knowledge.

So, what have I learned?

There Are Right and Wrong Ways to Approach a Mentor

In mentoring, I often come across two types of people: 1) Those looking for guidance 2) Those looking for a handout. The people that mentors love are those that are looking for guidance. The questions asked by this group are not those that are easily Googled, but instead relate directly to an experience a mentor has had in the past and can provide guidance on. Let’s take a look at a couple of good, engaging questions I’ve received:

E-mail 1
E-mail 2

What’s good about these e-mails? The first person (e-mail 1) shows initiative. He or she has put in research about the relevant certifications, already worked towards a certification in cybersecurity (eJPT), and is seeking some guidance on where he or she can learn next on a budget. This e-mail, for me, is borderline. If the person had just asked “What pentesting resources can I use on a budget?”, I would have pointed them to Google. However, the obvious passion for the field and identification of resources he or she had already researched tells me that the person has already been to Google and could really use some advice from someone who has been in their shoes before.

The second e-mail is also great. The person is requesting some work advice as they are starting their first job in the field. As a mentor, I have lived this. It’s not something that can be easily Googled and every person’s perspective is a bit different. I’ve been in this person’s shoes and had the same questions. It’s the type of question a mentor really loves to answer.

With some good openers out of the way, let’s look at a couple handout e-mails:

Discord DM
Handout E-mail

These types of e-mails do not need much explaining, but do need addressed. Look at the Discord DM. The person wanted to know about becoming a web penetration tester. The person did not indicate their current knowledge on the topic, their passions/desires, how much research they have done, etc. As a mentor, it reads as “give me the answers”. That feels like a handout and goes right into the ignore pile.

The second e-mail is self-explanatory. You’re asking me to give you answers. Not only is this against terms of service for pretty much every certification and job CTF, but it teaches you absolutely nothing. Don’t be this person, please.

Cybersecurity Is Not for Everybody

There is a certain glamour to cybersecurity that draws people in. The field is sexy. It makes a ton of money. The jobs sound “cool”. Seriously, who doesn’t want to be a hacker for a living? All of these statements are true. However, it takes a very special type of individual to be successful in this field.

Cybersecurity professionals are life-long learners. We put in our 40+ hours a week at work, but it never ends there. The field is constantly changing. Every day, something new comes out. A new exploit. A new patch. New software. A tactic that worked yesterday might no longer work today. Because of this constant state of metamorphosis, a cybersecurity pro is always studying. We are reading news articles. We are catching up on Twitter. We are working on certifications, on a CTF, or whatever it is that keeps our endorphins escalated. We never stop.

Many people come in seeing the sexy, only to bail when they realize the level of effort needed to succeed. In my belief, this is why we have (and always will have) a shortage in the field:

My tweet from last week touches on this belief. There is a certain drive, a certain passion, that separates the “cans” and the “won’ts”. No mentor can teach this drive. Either you have a passion for this field or this field will eat you alive and leave you behind. A mentor can push a person in the right direction, but only the person can truly put forth the effort to succeed.

Again, be passionate. Be inquisitive. Seek guidance. Don’t seek handouts.

Mentoring Is Incredibly Rewarding

There is no greater feeling as a mentor than helping someone achieve a career goal. One of my favorite memories of late was a college student who messaged me on LinkedIn. He was a senior computer science major from a solid university and wanted to break into the field of penetration testing when he graduated in six months.

From a technical standpoint, he had already achieved quite a bit. A computer science degree is loved in the field of cybersecurity. On top of this, he had read books, blogs, and studied quite a bit on penetration testing. He wasn’t coming to me for answers, but for career advice. He wanted to know what employers were good to work for, how his resume looked and could be improved, how he could improve technically for interviews, and more. He checked all of the cybersecurity boxes mentioned above. He was passionate, inquisitive, and dedicated. Characteristics every mentor loves.

It’s easy mentoring someone who is willing to put in the work and just needs some nudges of advice. I was incredibly happy (even a bit jealous!) when he landed a role as a penetration tester with one of the best pentesting boutiques in the country. It’s moments like these that really make me love mentoring.

Mentoring Is Incredibly Exhausting

While being incredibly rewarding, mentoring can also be incredibly exhausting. Given unlimited time, I would love to mentor everyone that I possibly could. Yet, it’s overwhelmingly impossible. As I’ve grown in the community, my “celebrity” has as well. The influx of e-mails, DMs, tweets, etc. has been on an upward trend and never looked back. In the beginning, I could respond and mentor without issue. Now, I simply cannot keep up.

If you are looking to be a mentor, and I encourage you to do so, please be aware that you can absolutely bite off more than you can chew. If you’re like me and want to help everyone, it can become counterproductive. Set a limit for yourself and have other resources available as needed. Better yet, consider writing blog posts about your journey and common questions you encounter as a way to help others who are in a situation you’ve already encountered.

There Are Some Amazing Cyber Mentors

With that being said, I can still provide guidance en masse. There are many great resources out there and I hope to inspire even more with this post. First, I’d like to share an Amazing Twitter post by Tanya Janca (@shehackspurple):

The above tweet has over 500 comments at the time of this blog and is full of people offering mentorship in the cybersecurity field. It’s a great starting point if you’re seeking someone to talk to and guide you. Tanya also posts weekly mentoring tweets in hopes of pairing mentors/mentees. She is definitely worth a follow.

Another shoutout goes to Chloé Messdaghi (@ChloeMessdaghi), who I had the pleasure of meeting at CarolinaCon this year. She is doing great work for women in cybersecurity. If you are an underrepresented person in cybersecurity, consider shooting Chloé a quick DM on Twitter. She will help point you in the right direction.

On top of all of these resources, please note that mentorship does not have to be one person. It can be a community. There are several amazing cybersecurity communities out there that have people willing to mentor others. On top of that, these communities are full of cyber resources, including blogs, YouTube videos, latest news, and channels to follow. Just a small few (including some shameless self-promotion):

The CyberSec Lounge Discord – https://discord.gg/nVsfhFk
The Many Hats Club Discord – https://discord.gg/infosec
The Cyber Mentor Discord – https://discord.gg/REfpPJB
VetSec Slack (Military) – https://veteransec.com/slack
The Penetration Testing Community Discord – https://discord.gg/GXsEJqj
Laptop Hacking Coffee Discord – https://discord.gg/WfYmeKv
Hacker101 Discord – https://discord.gg/Da6JskV
NetSecStudents Discord – https://discord.gg/usn6qc6

Calling All Mentors and Resources

I know there are a million resources out there for cybersecurity and there is no way I could name them all. My ask, of you as a reader, is to comment with some of your favorite people, resources, etc. that have helped you develop in the cyber field. If you’re a person who is willing to mentor, please feel free to leave contact information and a little bit of information about yourself.

While our amazing field is not for everyone, we can all absolutely put forth our best effort to make sure we reach (and teach) those who can succeed in our field. We may never be able to close the gap entirely, but we can certainly drive more people into our field by sharing our passions with them.

If you’re not already a mentor, please consider doing so.

Thank you.

Wanna chat? Add me on Twitter, YouTube or LinkedIn!
Veteran? Join our Slack!