Training
Featured CourseView All Courses
Get a free hour of SANS training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
Cloud Security Training
Can't find what you are looking for?

Let us help.

Contact us
Resources
SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

CISO Network

Engage, challenge, and network with fellow CISOs in this exclusive community of security leaders

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations
Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Talk with an expert
Talk with an expert

The Role of Mentorship in Cyber Threat Intelligence (Part 2)

Mentoring needs will vary from person to person based largely on where they are in their career. Here are a few resources to help you get there!

Authored byJohn Doyle
John Doyle

Blog authors: John Dolye, Selena Larson & Fletus Poston

Everyone needs a mentor and a mentee. No matter how long you have been in the field, you have something worthwhile to share with others. We all bring previous experience and diversity to our roles.” -Fletus Poston, SANS Instructor Candidate SANS New2Cyber 2022 Panel

BLUF:

  • Mentorship is a critically important career aid designed to empower individuals looking to grow professionally.
  • Mentorship opportunities are not limited to within one’s organizations. Many industry peers and members of the broader information security community are willing to take onboard mentees.
  • Absent a formal mentorship program within an organization, employee resource groups (ERGs), brown bags, or lunch-and-learns provide networking opportunities to find a prospective mentors from a pool of individuals who share common traits, experiences, or interests.
  • Industry conferences, collaboration and trust groups, and community-driven projects also provide similar networking opportunities. 

Finding a Mentor

In the second post in our mentorship blog series, we focus on answering the question of how and where to find a mentor. This blog post is mostly designed for junior cyber security practitioners, those looking to enter the field, or to move to a different sub-discipline within it.

  • However, irrespective of where one is in their career, they will no doubt ask themself what is next and where can I seek guidance to get there. The difference between a seasoned practitioner and junior or aspirant is how they deal with this question; the seasoned practitioner likely has a starting point – intuition of where to look or a network of established contacts to lean on.

The good and also not so great news is that there exists a spectrum of opportunities to identify and establish mentorship opportunities. We have created a potentially representative, but not exhaustive listing which could serve as a starting point that ranges the gamut of organization specific opportunities to broader industry opportunities.

Formal, organizational specific programs implemented by a Human Resources, People Operations, or Talent Management are usually voluntary and match a mentee with a mentor that meets a specific criteria like whether they are a manager or are in a particular area in the company. Once both recipients agree with the pairing, a system will generate an automated notification that encourages them to reach out, establish a meet and greet, and then wishes them the best, leaving it to a combination of the mentee and mentor to figure out scheduling, defining expectations and desires from the relationship, and next steps on how to proceed.  

A less formal construct is sometimes done at the team level where leadership will assign a mentor who is senior and seasoned on the team. By design, this is done to create a safety net, buddy system of sorts that offers the opportunity to side-saddle for on-the-job growth, pose questions about the team, organization, growth progression, and development pathways. The effectiveness of this style is ad hoc.

  • Beyond being personality dependent, the effectiveness will vary based on whether the team operates in an in-person environment or whether the team operates remotely. If remote, geographical dispersion is another consideration.
  • While this set up works well with in-person employees, it is often more difficult for remote employees. Mentees sometimes exhibit hesitance or wave reaching out for fear of burdening an already over-tasked senior resource. Ironically, most of these senior resources are more than happy to make the time; it helps break up the more mundane daily tasks and provides them with a sense of immediate organizational impact.
  • If a manager is not providing guidance either in terms of opportunities for mentorship or career development, individuals should look to other resources within an organization to support them, including Human Resources, Talent Development, etc. with specific objectives and requests for help.

By far the most common mentorship opportunities in an organization are ad hoc, relying on an individual employee to identify something within a peer or leader and then ask whether they would be open to have a conversation about something like career pathways, advancing in the organization, or how to develop a particular skill. These conversations often act as a backdrop towards establishing a more formalized mentoring relationship.

  • While not mentoring in the traditional sense, brown bags or lunch-and-learns can provide a chance for individuals to connect with one another on a shared topic. Brown bag sessions are typically designed as a “give back” to the organization, drawing usually from professional experience to cover a topic that the present feels might be useful to share more broadly.
  • The target audience for most brown bags tends to be junior or mid-career employees, but in some cases, seniors will attend to support, champion, and chime in with their perspective, often improving the utility of the event. It also provides an open forum with a safe space to ask questions about the topic at hand and, of course, to have follow-up conversations and touchpoints with those involved.

Employee resource groups (ERGs) provide individuals with an opportunity to find potential mentors from a pool of peers that have a shared set of experiences, backgrounds, or characteristics within the workplace. ERGs often are generally based on providing support, enhancing career development, and contributing to personal development in the work environment. ERGs are voluntary, so those who attend the meetings already share a certain set of expectations for what they are seeking to achieve, lowering the barriers for those of us who are shy or otherwise anxious to gain mentorship from others.

  • ERGs can also provide peer accountability and collaboration among colleagues that supports mentorship. For example, Selena, a coauthor of this blog, is a lead of an Emerging Professionals group at her organization and the team hosted a group event to build a “personal advisory board” that included mentorship representation.
  • This was a group activity that discussed professional goals and plans for action, identified key people to approach with requests for mentorship, and encouraged participants to regularly update each other on the progress of identified objectives. Having a peer group that openly discusses goals, strengths, weaknesses, and professional development experiences can help hold each other accountable to the mentorship experience.

As we pivot from organization-specific to industry-centric, three high level categories come to mind: closed, semi-open, and open communities. Each one has its own merits and the utility for mentorship purposes is largely subjective. However, each offers a venue to connect with peers, stay current on industry events, and help drive a collective mission – usually helping protect organizations.

  • Since some of these concepts may be new as of reading this, we take a moment to note that a closed group requires applying and being accepted or invited by one or more members of the group. These “trust groups” are often established for a reason, so trust and security are two of their primary pillars.
  • Semi-open groups have more laxed standards, but still often include “rules of engagement” as part of their charter.  They often are manually vetted, requiring an application and then accepted based on a particular criteria. Industry-specific information sharing forums like the ISACs would fall into this category where the criteria is showing you work for an organization in that field.
  • The discourse that takes place in either the closed trust groups or semi-open ones provides an opportunity to identify individuals of interest to help meet your own growth needs, identify their handles to follow on social media for the same, and to crowdsource personal growth questions.

Community events, initiatives, and open groups aim to bring like-minded professionals together either virtually or in-person to achieve a certain outcome, ranging from staying current on field research to garnering an understanding on what the latest best practices are. Either way, convening individuals together who are like-minded based on their work naturally allows individuals to develop a network of connections, some of which might act as good mentors.

  • For in-person events there is often a networking social function after the conference or lunch and snack breaks to provide opportunities to get to know each other. For virtual events, there’s usually a Slack or Discord channel or series of sub-channels dedicated to allowing participants the ability to connect. The Diana Initiative and Women in Cybersecurity (WiCyS) are two other examples designed to empower underrepresented individuals and female advancement in the field, respectively.
  • The SANS summits series offers similar networking opportunities to meet industry peers and thought leaders. The annual CTI summit is one worth considering for those interested in this specific niche while the New2Cyber Summit is designed to assist those looking for starting points in cyber security. At the 2023 New2Cyber summit, The KC7 project provided an overview on their non-profit organization, the free gamified capture-the-flag experience they offer for honing intrusion data pivoting skills, and the work the group is doing to help bridge the security skills gap.
  • Local conferences like BSides DC and other local BSides chapters offer an intimate setting to network with attendees ranging from a few dozen to upwards of a few hundred akin to what you would experience at a CTI-centric conference like CYBERWARCON, Forum of Incident Response and Security Teams (FIRST) CTI Symposium, Virus Bulletin, SLEUTHCON, ATT&CKCon, LABScon, and others. Larger conferences like DefCon and Black Hat can be somewhat overwhelming with thousands who attend per year.

Conclusion

While we can all benefit from professional mentorship, mentoring needs will vary from person to person based largely on where they are in their career. In this blog series we introduced mentorship concepts, the role and responsibilities of mentors and mentees, and provided resources on areas to engage to find prospective mentors, both formally through organizational program and through industry specific events or initiatives. We will conclude this posting with a few additional resources that are tangential, but related to professional development: 

Meet the expert

John Doyle
John Doyle

John Doyle

Certified Instructor

John has over sixteen years of experience working in Cyber Threat Intelligence, Digital Forensics, Cyber Policy, and Security Awareness and Education.

Read more about John Doyle
The Role of Mentorship in Cyber Threat Intelligence (Part 2)