Invest in new security talent with cybersecurity mentorships

Cybersecurity mentorships provide a great opportunity for those just entering the industry who want a successful start. Having the right guidance is a must.

What do NVIDIA's Jensen Huang, Salesforce's Marc Benioff and Microsoft's Satya Nadella have in common? They were all deemed the greatest business leaders of 2019, according to Harvard Business Review's "The CEO 100" list. But another commonality they share is that each have had mentors to help guide them through their careers in technology and get them to where they are today.

Mentorship is critical in every industry but given the immense opportunity for career growth in the cybersecurity industry today, having the right guidance is a must. The industry faces many challenges from a staffing perspective -- from the skills shortage to employee burnout -- making the role of a mentor that much more important as others navigate these challenges. While mentorship is often considered subjective, there are a few best practices to follow to ensure you're establishing a solid foundation in the mutually beneficial relationship, not only to help new talent navigate the industry, but also to help strengthen the industry as a whole. First, let's explore what to look for when hiring new cybersecurity talent.

Recruiting cybersecurity talent

During the entry-level hiring process, look for candidates who have an entrepreneurial spirit, who don't sit but rather have taken on projects outside of school, like personal research or blogging. Typically, if candidates have their own initiatives beyond regular coursework, they will have a sense of curiosity and a passion for problem solving.

Ask questions to understand how clever they are, versus how smart they are. Give candidates a problem, but do not focus on whether they answer it correctly. A great example of an interview question for vetting cleverness and creativity is the 6s Challenge. Pay attention to the thought process. Do they talk the room through the process? Are they taking notes, collaborating with others in the room or using the whiteboard to reach a solution? I have hired people in the past who failed to solve a problem but impressed me with the approach they took.

Keeping and mentoring this new talent

So, your organization has hired entrepreneurial talent with clever minds. Now, how do you ensure that these self-starters excel in, and are happy, in their role? Here are four pieces of advice for cybersecurity mentorship success.

Formalize a mentorship program

An effective means to ensure every employee has a mentor is to formalize a career mentorship program at your organization. Structurally, it is important that the mentor is not the manager, but someone at the organization who can share career advice more broadly. I encourage you to put in place a mentoring program goal -- not to keep people in a particular role or at a particular organization, but to support them with wide-ranging career advice. Formalizing the mentorship program also ensures availability. Senior leaders may push off meetings if they are not planned for, so set specific dates and times that you meet and agree upon a cadence. A first step? In your first meeting, establish what both of you would like to get out of the relationship.

Understand that it's a mentor:mentor relationship

Mentor relationships are not one-sided and should be viewed as a mentor:mentor relationship versus mentor:mentee. Leaders will always learn from the newer talent and vice versa. Notably, being a mentor helps you be a better people leader. The conversations will allow the technology and business leadership teams to have direct insight into what's important to the next generation of employees, including what motivates them or what work they find most interesting. The mentorship role ultimately allows managers to better understand the mindset of the people who work for them.

Put in the time

Energy is perhaps the most important characteristic of a successful mentor. While time is a limited resource, to establish a strong relationship, putting in the energy and being proactive is essential. Actively reach out to build professional and personal connections with new talent. When meeting, avoid other distractions and find value in the time you're giving them. Prepare questions, set goals and ultimately create a purpose for each interaction.

Be available and put your own interests aside to put the mentee first. To achieve this, communicate without bias. For example, if someone is unhappy in their current role, help them discover a better fit -- don't get hung up on trying to fix the current role. Rather, focus on a solution that matches your mentee's goals and be open to the consideration that the company may not be the right fit for them. When they are struggling to solve a problem, work through the solution with them.

Guide those interested in joining the cybersecurity workforce

The biggest piece of advice I can give to those who are interested in joining the cybersecurity workforce is to not limit themselves to a particular training/schooling curriculum or focus area. Versatility should not be underrated. I coach my mentees to earn the characteristic of versatility by learning the basics first, the skills that will allow a later pivot to different verticals and technologies in cybersecurity. Those individuals who dive deep into the basic building blocks will be able to quickly learn and adapt to new programming language and strategies, for example, and apply them to any situation.

For people looking to make a career change, welcome them with open arms. They likely will have unique perspectives to bring to the table. Encourage them to find an area of security that's interesting to them -- an area where they will excel. For example, a former investment banker may want to begin reading up on the cybersecurity challenges that financial services organizations face today. Encouraging others to explore a career in cybersecurity will help close the skills shortage gap and boost the workforce. Plus, getting started in security does not have to have barriers: a multitude of courses are available, including these eight Ivy League schools offering free online courses.

Mentoring serves the entire cybersecurity industry

A final word: While mentorships are critical to the growth of new cybersecurity professionals, those professional relationships also support and grow the entire industry. I would like to thank the mentors in my life for taking mentorship seriously, having an open mind to learn from me as I learned from them, and being available to guide me to the role I'm in today. Thank you, John Wyatt, Bill Balicki, Drew Kilbourne, Stuart Dross, Jason Rouse, John Steven, Sammy Migues and Gary McGraw.

About the author
Nabil Hannan is a managing director at NetSPI. He leads the company's consulting practice, focusing on helping clients solve their cybersecurity assessment and threat and vulnerability management needs. Nabil has over 13 years of experience in cybersecurity consulting from his tenure at Cigital/Synopsys Software Integrity Group, where he built and improved effective software security projects, such as risk analysis, pentesting, secure code review, vulnerability remediation among others.

Dig Deeper on Careers and certifications

Enterprise Desktop
Cloud Computing