Over the last couple of weeks, I have become more involved with training and education as it relates to the information security realm. Finding myself thinking more and more about the need for advancing information security knowledge, I've realized how important becoming a cyber security mentor is to those in need.

Those of us who are more senior and have deep expertise and firm grasp on the concepts and practices relating to information security, have the ability to help others in our field. By becoming a mentor, you can share your security knowledge, help others learn and develop their own skills, create a larger population of skilled people, and ultimately help advance the overall knowledge level in the field.

Mentoring works because it lets one learn from the other person’s successes and – yes – failures. Being a mentor can take a formal route. You can, for example, be an instructor at a college, university, or technical school. You can teach a SANS course, lead an internal training course, or do presentations with an official group like OWASP, InfraGard, or a local CERT chapter. This formalized mentoring usually requires a little bit more preparation and time commitment, but is well worth what you put in. Several of the opportunities even offer compensation. Think about joining some of these formal groups and volunteering when they do activities like capture the flag, lunch and learns, or other challenges. If you want to take it to the next level, you might consider creating your own activity or challenge for others to participate in and learn from.

If the formal route is not for you, I encourage you to consider some less formal methods to be a mentor and share what you know. Something as simple as taking the time to slow down, grab several junior co-workers, and explain the why and how of what you do is extremely valuable. Your practical experience helps those junior co-workers both learn valuable skills and advance their capabilities. While it may take a little extra time for you to get your work done, in the long-run, it is worth the extra time and helps more people.

There are other informal ways to be a mentor as well. Sitting down at lunch once a week with a group of employees and explaining recent news articles, why they are important, and the security aspects is one way. Doing a brown bag lunch and explaining a more advanced topic will allow you to share what you know with others as well as help them better understand a topic. One final idea is to be part of an email/distro list, Facebook group, or Twitter feed. Posting information that you are on expert on, in an easy to understand fashion, allows others to learn about the topic. It also allows them to possibly interact with you to ask questions and go into more depth about the areas you have a great degree of knowledge.

If you are the type of person that people are constantly coming to for answers or you have an in-depth understanding of complex topics, think about helping others out and being a mentor. Mentoring can be formalized and a somewhat significant investment, but it doesn’t have to be. Taking a few minutes to explain something can go a long way. Sharing the knowledge you have will advance our capabilities as a whole, helping to make this entire field more educated and allowing us all more time to focus on the even harder problems and more advanced topics.

References:

https://www.owasp.org/index.php/Main_Page

https://www.infragard.org/

https://www.sans.org/

http://www.cert.org/engage/

Advancing Information Security Knowledge Series:

  1. Becoming a Mentor
  2. Learning from a Mentor