Throughout my career, I have had a couple managers whom I consider my mentors. One mentor I had is the one who brought me into security. I was a programmer when she approached me one day and asked if I wanted to join her security test team, doing pen testing. I told her point-blank that I didn’t know anything about that. Her simple answer was, “I know you. You’re a smart person, you’ll figure it out. That’s why I came to you.” Hearing that she wanted me not because of my skills, but because of who I am, was huge to me because you feel valued. She also taught me how to be as honest as you can with your team when you can’t always share every detail as a manager.
Another mentor I had was my manager when I got into consulting. The first time I ever spoke at a conference was while I was working there. I spoke on the common vulnerabilities in the way people were implementing OAUTH2, since I had just seen three pen tests in a row with implementation errors in the framework that led to vulnerabilities. I shared the video recording of my presentation with my team afterward and received a curt email from a principal consultant saying, “No new content here, all I see is a bunch of hand waving.” That was it. I already had shades of the imposter syndrome since it was the first time I was presenting, and since it wasn’t on some new 0-day vulnerability I had discovered. But it was my manager who came to me and said, “Look, you’ve got to understand he has his own insecurities and that’s where this is coming from. You’re threatening him by sharing the video, since he hasn’t had any speaking opportunities in a while. You had plenty of good feedback from attendees, so obviously people found value in it. Don’t let one person make you feel like you don’t belong.” He helped me believe in myself.
I’ve found that mentors work best when you find them organically. If you’re looking for a mentor, try to interact with people in the community, whether it be through Twitter, a conference or by being part of a capture the flag event. Those relationships just sort of happen. A colleague of mine does what she calls “Mentoring Mondays” on Twitter. If people are looking for a mentor, she will tweet out information about them and try to make those connections. Don’t be afraid to reach out to someone with whom you have a good working or social relationship and ask them if they would mind turning it into more of a mentorship, where you can ask questions from time to time and talk about career guidance.
Everything I’m doing I hope is inspiring people. That’s why I do it. I have a blog and am very active on social media and in speaking at conferences. I do all that not because I’m chasing some infosec rock star thing; it’s about having the ability to inspire people and to share ideas. In sharing ideas and talking about things, I learn, they learn and we continue to grow. That’s what I think inspires people – seeing they can have a good conversation with others in the field who want to engage.
There’s a hashtag I use regularly – #DoBetterBeBetter. It’s so easy to get caught up in your own world and forget where you came from and how you felt when you were the one trying to interact with the people who had 40,000 followers or the ones who were always speaking at conferences. I’ve had that situation where you try to engage with one of them and they have no interest. Sometimes I get it, they’re busy, but there’s also more we can do there. We can be better about that. And I try to do that myself.