Navigating the Network: How Mentors Can Help Newbies Break into Cybersecurity

Posted on by Sandy Carielli

There’s an interesting paradox in the security industry.  On the one hand, we are constantly being told that there is a dearth of talent in cybersecurity.  Statistics like “one million open reqs” and “zero percent unemployment” get thrown around, creating the perception that security is the field to enter if you want a stable, long term career.  As a result, more and more people are considering careers in cybersecurity, and more and more institutions are offering cybersecurity certificates and degrees.  On the other hand, it turns out that entering the security industry can be really difficult.  Not very many of those “one million open reqs” are entry level, and security is a large, diverse, complex industry.  It can be overwhelming and sometimes disheartening.  

Navigating the Network: How Mentors Can Help Newbies Break into Cybersecurity

This is why mentors in cybersecurity are so important.  Unlike other professions, there is no well-defined career path.  Getting a job in the security industry, especially as a newbie, is rarely a matter of a degree or a certificate.  Even experienced security professionals rely on their networks to find their next opportunity.  Newbies not only don’t have the network, they may not know that the network exists or how to access it.  

One of the biggest differences that mentors can make is introducing mentees to the network and resources outside of their educational institution or place of work.  When I meet and speak with cybersecurity students and others looking to break into the industry, these are some of the resources I highlight: 

  1. Local meetups and associations.  Most cities have security meetups (often more than one!) and local associations such as ISSA and Cloud Security Alliance.  Many of these are free to join, and some of the meetings even provide free food and drinks, additional incentive for the starving student.  Send a list to your mentee, and invite them to join you at one or two.  Then introduce them to others at the event.     
  1. Local conferences.  There’s almost certainly a Security BSides within 50 miles of your mentee.  Good networking, good education, usually cheap or free.  Make sure your mentee knows about these.  Again, introduce them around.  If you’re feeling really ambitious, look for ways to get your mentee involved in the conference (maybe there’s a panel about breaking into the security industry?).  
  1. Volunteer opportunities.  Volunteering can get your mentee into a conference that they otherwise could not afford or that is sold out.  Almost every local conference needs volunteers or members of the organizing committee, but even many of the bigger regional conferences will subsidize volunteers.  Remember that your mentee may not have even heard of these events. 
  1. Social media.  I’ll admit to being a relatively recent Twitter convert, and now I can’t imagine not being on it.  I’m constantly amazed by the expertise and generosity of Infosec Twitter.  Infosec Twitter is where your mentee can track the latest security news, learn from experts, hear about upcoming CFPs and events, and network for jobs.  If your mentee is new to Infosec Twitter, you can help them out by giving them a list of your favorite people to follow and by retweeting their posts to expose them to your followers. 

Many of us have been living in the cybersecurity bubble for a while, and it’s easy to forget that not everyone knows how to break in.  When you introduce your mentee into your network, you introduce them to other potential mentors, volunteer and industry activities to put on their resume, and organizations that might be hiring.  Hopefully, as your mentees advance in the industry, they will pay it forward, becoming mentors themselves and introducing their mentees to you at the next security conference.     

Sandy Carielli

Director of Security Technologies, Entrust Datacard

professional development & workforce

Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community