August 31, 2017 By Kevin Beaver 3 min read

As an independent information security consultant, I am often asked what it takes to forge a positive cybersecurity career path and stand out in the field. I tell people that working for yourself is not for everyone. An independent security professional must constantly seek out new business, unsure where that next bit of income is going to come from. It’s not for the faint of heart. An independent cybersecurity career requires motivation, continuous learning and a bunch of stick-to-itiveness, especially when things aren’t going well.

Don’t Be a Know-It-All

Due to my youth and stubbornness, I spent a lot of time early in my career trying to figure things out by myself. I thought I knew it all. However, about midway through my career, I discovered that pretty much every problem that I was working on had already been solved. Effectively recreating the wheel was a poor use of my time and resources.

The hard part was finding out who had the answers I needed. I soon learned that I all I needed to do was consult other people who were older and wiser than me for guidance and answers to the issues for which I had no insight or experience. I have met and worked with several of these mentors throughout my career. If you are looking to kick-start a successful cybersecurity career, you need to find some mentors to guide you.

Forging Your Cybersecurity Career Path — With a Little Help

I didn’t necessarily seek out all the mentors who helped me; many just happened to appear in my life. I met them through networking events, friends and my personal hobby of racing cars. I approached these people as I would a parent, sibling or close friend and simply asked them what I need to do to accomplish certain goals in my work. They told me exactly what I needed to do — no fluff, no hype and, thankfully, no sales motivations on their part. It was just raw advice being handed down from a wiser professional to me.

Some of the best advice I have received from my mentors has been business-related. They’ve offered guidance on growing my business, building my personal brand and fostering important relationships. These things translated directly into my work as an information security professional. However, you may not necessarily need to seek out business advice. Instead, your mentors might show you the ropes on the latest technologies, or even old-school computer operating systems and networking concepts that you can still benefit from today. Regardless, it’s critical to take advantage of these opportunities to learn from people who have been there and done that.

Pay It Forward

The mentor-mentee relationship does not develop automatically. You need to nurture a level of friendship with these people and make it mutually beneficial. Many mentors will tell you that they want no favors in return. However, you should do something to show your appreciation for their advice, because it can save you literally years of mistakes made and lessons learned. If you don’t feel like you have anything to offer back to them, at least take them out to a nice dinner or provide them with a sizable gift card so they can go out for a bite.

Having been a mentor to a few budding security professionals myself, I can say that one of the things mentors love the most is when you come back to show them your accomplishments and ask more questions.

There’s that saying that you get what you pay for. That’s true for so many things. While a mentor relationship is essentially free, the advice, experience and wisdom you will gain is priceless. There’s no way to put a dollar figure on it, and it’s even hard to quantify years down the road. Just know that to forge a successful career in security, you must recognize the value mentors can bring to your professional life. If you do, like me, you’ll probably end up encouraging others to do the same.

Listen to the podcast series: A CISO’s Guide to Obtaining Budget

More from CISO

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today