Security Mentoring Perspectives
I have to say that Richard Bejtlich and Mike Rothman really stepped up to the plate with guidance and expertise on the issue of Security Mentoring. Richard set the stage with his post titled “Security Mentoring.” I responded to add a little more clarity to my thought process for everybody following the story. Mike then, in this weeks edition of Pragmatic CSO Weekly, responded to all of the input with an excellent summary. He detailed the methods a security professional can use to advance their skillsets in a proactive and professional manner.
I have to say that I am proud about the input and outcome from my dirt kicking. I believe that it has started the rock moving and hopefully we will see it pick up steam. From a mentoring standpoint, maybe a few people will take a little extra time to answer questions and provide guidance. From a coaching standpoint we might see some changes in a few business models (I definitely should see between 10 and 20 percent commissions for getting this rolling 
). Either way I see this as a win for everybody: upcoming security managers, current security managers, and the IT community.
How is this all going to affect me? Well, I plan to take all of the advice we have been given into consideration. Instead of worrying about establishing a planned out mentor relationship with an established security manager I will utilize the resources I already have: Trusted Catalyst and Security Catalyst Community, Other Security Bloggers, and other security forums. I will make it a point to asked more detailed questions and prod for responses. In short, I already have the resources I just have not been utilizing them effectively.
If we do see a Security Management coaching model develop from all this I will probably consider it as well. I tend to want to do things right the first time and at times it holds me back. Michael Santarcangelo says that it is the sniper in me. I think it is an effort to be cost effective and protect the image of security within my organization. As usual, it is probably a combination.
I would like to say thank you to everybody who has participated in this conversation. It has definitely helped me and I hope that it has helped others as well.
Go forth and do good things,
Cutaway
P.S. I can neither confirm or deny that my given name is “Don”. 
Rothman, Bejtlich, mentoring, TCC, Security Ripcord
Help support my training and travel to security conferences. Get your SANS Training and GIAC Certifications through the Security Ripcord.
You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
March 9th, 2007 at 12:29 pm
I commented on Richard’s blog…I think that it’s entirely possible to have mentoring, albeit not as formal as some might expect. You yourself mentioned that security professionals are leaders, and I fully agree with this. I’ve seen others in the community have to stand up and give the customer the bad news (“No, sir, we can’t answer your questions due to the condition of the systems upon our arrival”), and I’ve done so myself. I’ve also been in the position of having information that has given me a completely different view of the incident (one that was perhaps politically incorrect) from the primary for the engagement.
That being said, mentoring can take place anywhere, anytime. I was at BlackhatDC last week and took the opportunity to just absorb whatever I could from those speaking, as well as from those I spoke to. One does not have to have a formal system in place for mentoring to occur.
Harlan
http://windowsir.blogspot.com