In today's interconnected world, it's essential to have effective mentorship programs in place to build up the next generation.
In this episode of The Security Champions Podcast, Mike talks to Ron Woerner, the President, and Chief Security Officer at Cyber-AAA and Senior Security & Risk Consultant for Forrester Research, about how security teams can successfully work with other teams.
Learn From Anyone, Everyone, Everywhere
The first key to being a successful security mentor is ABC, known as ‘always be curious.’ This means being receptive to learning from anyone, anywhere, and at any time.
Remember, education does not end after graduation, and it's crucial to continuously educate yourself and gain new knowledge and insights, especially in application security. The industry is constantly evolving with updates and changes, so staying informed is essential. By maintaining a curious mindset and continuously learning, you'll be better equipped to share your knowledge and insights with others.
By remaining curious and continuously learning, you'll be better equipped to share your knowledge and insights with others. Some great ways to continuously learn include:
- Following industry leaders on LinkedIn
- Subscribe to a platform such as BrightTalk to access on-demand and live video streaming
- Sign up for newsletters from popular industry publications
- Participate in events such as tradeshows, Hackathons, and online events
Fail Early and Fail Often
It's crucial to experiment with different ideas and approaches to acknowledge when something isn't working - whether it pertains to your projects, coding, or mentoring. Letting go of the fear of failure hindering your progress is essential.
Finding a suitable match between a mentor and mentee is vital, and being transparent about your thoughts on the relationship is crucial. Both parties must feel comfortable in the relationship; achieving this requires investing time in getting to know each other.
Understanding the background and goals of the person you're mentoring is crucial, ensuring that both parties' objectives are aligned. Sometimes, despite best efforts, the mentorship may not work out, and that's perfectly okay.
In such cases, it's worth trying to connect the mentor or mentee with someone who's a better fit. Doing so can help you expand your network and open up other opportunities.
To be a genuinely effective mentor in the security field, you must have an open-minded approach and treat the relationship as a two-way street where you can gain valuable insights from your mentees just as they can gain from you.
It's critical to approach this relationship openly and listen carefully to their ideas and perspectives. Regardless of whether they are a mentee or not, it's essential to appreciate what you can glean from their life experiences.
Moreover, selecting mentees with diverse backgrounds and skill sets is highly advantageous as it can expand your knowledge and expertise, making you a more capable leader. You can exchange mentoring opportunities; as a security leader, you can mentor someone about application security while, in turn, they can provide mentorship on another topic, such as leadership or project management.
Don’t Force It
It's important to recognize that only some have the desire or ability to be a mentor. Assigning mentoring responsibilities to employees lacking enthusiasm for the task will likely fail.
It's better to seek out volunteers willing to consistently devote their time and attention to mentoring. Mentoring is a challenging undertaking that requires patience and understanding, as it may take a considerable amount of time for a mentee to improve their skills and knowledge.
On the other hand, if an employee is receptive to mentorship, it's a good use of the mentor's valuable time. Both parties should be committed to the program and willing to invest in themselves.
Keep It Simple
In our daily lives, we tend to make things more complicated than they need to be, especially when it comes to IT and application security. Simplifying information can help developers and teams better understand the process.
Asking "why" is a great place to start. Conversations can be more effective and productive by understanding the reasoning behind a particular approach.
You can keep it simple while providing feedback by using the sandwich method:
- Start with something positive
- Then add something that you have feedback on
- End with something positive
Read More on LinkedIn: The One Minute Security Manager
Getting The Next Generation Ready
You can listen to the full episode to learn more about mentorship in security champions programs.
To learn more about security champion programs and other AppSec topics, please subscribe to "The Security Champions Podcast" by Security Journey.