I want to take a moment to articulate my thoughts on cybersecurity mentorship and what it should entail. I speak a lot about problems I see doing extensive mentoring and career clinics, but I have been repeatedly asked for a formal resource on how to conduct mentorships (and find a mentor).
First, your mileage may vary. My opinions on what a professional mentorship look like are my own, based on coursework, experience, and other authors who have written on the topic. That said, the most successful cybersecurity mentorships I have observed and been a part of have been formal and structured. The least successful ones are ad hoc and lack a stated purpose – they tend to not achieve goals, and eventually die out unceremoniously. This does not mean this is 100% the case all the time.
We often talk about young people having no direction when trying to break into cybersecurity. I see the same problem in more senior people wishing to mentor, and receive mentorship. Just like choosing a career, a good mentorship has structured goals that both mentor and mentee agree on and understand. This includes what the mentee wishes to achieve, and a specific time frame. You should seek a different mentor to learn a technical red team skill as opposed to learn to become a manager, or deal with burnout. If you decide what topics you are qualified to mentor on, or what exactly you want to achieve as a mentee, you can build a much more fruitful relationship.
State a clear goal for the mentorship relationship. State a rough or specific time frame for achieving that goal. As a mentee, consider what professionals in which roles would best help you achieve that. That can be based on their position, expertise, or even personality or demographics. You can then clearly articulate to them what you are asking for, and they can evaluate based on time and expertise requirements whether they are willing and able to provide that to you.
Prospective mentors should consider what areas they are comfortable and qualified in mentoring.
As you meet and establish a relationship, make sure you build a clear project plan. This means, with that stated goal, that you set milestone dates and a reasonable established schedule for meetings. You need to set realistic recurrence and times that won’t burn either participant out, and are practically achievable. These time frames and schedules should be routinely reevaluated based on new needs, workload, and mental health. You should be checking in routinely to make sure you are achieving milestones on time, and if not, why. This isn’t some complex project management voodoo. Just write down objectives and dates. This helps you also decide when a mentorship relationship is no longer helpful and it’s time to walk away.
I hope this has given you some essential discussion points and tools for establishing a healthy mentorship. As the cybersecurity junior market becomes more over saturated, it is absolutely vital that senior people step up to lift up the next generation. I wish you all the best in your journeys.
Source: Lesley Carhart
Source Link: https://tisiphone.net/2025/02/16/on-cybersecurity-mentorship/