As an independent information security consultant, I am often asked what it takes to forge a positive cybersecurity career path and stand out in the field. I tell people that working for yourself is not for everyone. An independent security professional must constantly seek out new business, unsure where that next bit of income is going to come from. It’s not for the faint of heart. An independent cybersecurity career requires motivation, continuous learning and a bunch of stick-to-itiveness, especially when things aren’t going well.

Don’t Be a Know-It-All

Due to my youth and stubbornness, I spent a lot of time early in my career trying to figure things out by myself. I thought I knew it all. However, about midway through my career, I discovered that pretty much every problem that I was working on had already been solved. Effectively recreating the wheel was a poor use of my time and resources.

The hard part was finding out who had the answers I needed. I soon learned that I all I needed to do was consult other people who were older and wiser than me for guidance and answers to the issues for which I had no insight or experience. I have met and worked with several of these mentors throughout my career. If you are looking to kick-start a successful cybersecurity career, you need to find some mentors to guide you.

Forging Your Cybersecurity Career Path — With a Little Help

I didn’t necessarily seek out all the mentors who helped me; many just happened to appear in my life. I met them through networking events, friends and my personal hobby of racing cars. I approached these people as I would a parent, sibling or close friend and simply asked them what I need to do to accomplish certain goals in my work. They told me exactly what I needed to do — no fluff, no hype and, thankfully, no sales motivations on their part. It was just raw advice being handed down from a wiser professional to me.

Some of the best advice I have received from my mentors has been business-related. They’ve offered guidance on growing my business, building my personal brand and fostering important relationships. These things translated directly into my work as an information security professional. However, you may not necessarily need to seek out business advice. Instead, your mentors might show you the ropes on the latest technologies, or even old-school computer operating systems and networking concepts that you can still benefit from today. Regardless, it’s critical to take advantage of these opportunities to learn from people who have been there and done that.

Pay It Forward

The mentor-mentee relationship does not develop automatically. You need to nurture a level of friendship with these people and make it mutually beneficial. Many mentors will tell you that they want no favors in return. However, you should do something to show your appreciation for their advice, because it can save you literally years of mistakes made and lessons learned. If you don’t feel like you have anything to offer back to them, at least take them out to a nice dinner or provide them with a sizable gift card so they can go out for a bite.

Having been a mentor to a few budding security professionals myself, I can say that one of the things mentors love the most is when you come back to show them your accomplishments and ask more questions.

There’s that saying that you get what you pay for. That’s true for so many things. While a mentor relationship is essentially free, the advice, experience and wisdom you will gain is priceless. There’s no way to put a dollar figure on it, and it’s even hard to quantify years down the road. Just know that to forge a successful career in security, you must recognize the value mentors can bring to your professional life. If you do, like me, you’ll probably end up encouraging others to do the same.

Listen to the podcast series: A CISO’s Guide to Obtaining Budget

More from CISO

How to Solve the People Problem in Cybersecurity

You may think this article is going to discuss how users are one of the biggest challenges to cybersecurity. After all, employees are known to click on unverified links, download malicious files and neglect to change their passwords. And then there are those who use their personal devices for business purposes and put the network at risk. Yes, all those people can cause issues for cybersecurity. But the people who are usually blamed for cybersecurity issues wouldn’t have such an…

The Cyber Battle: Why We Need More Women to Win it

It is a well-known fact that the cybersecurity industry lacks people and is in need of more skilled cyber professionals every day. In 2022, the industry was short of more than 3 million people. This is in the context of workforce growth by almost half a million in 2021 year over year per recent research. Stemming from the lack of professionals, diversity — or as the UN says, “leaving nobody behind” — becomes difficult to realize. In 2021, women made…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

Detecting the Undetected: The Risk to Your Info

IBM’s Advanced Threat Detection and Response Team (ATDR) has seen an increase in the malware family known as information stealers in the wild over the past year. Info stealers are malware with the capability of scanning for and exfiltrating data and credentials from your device. When executed, they begin scanning for and copying various directories that usually contain some sort of sensitive information or credentials including web and login data from Chrome, Firefox, and Microsoft Edge. In other instances, they…