What Makes a Good Mentor?

Why a good mentor will show, but never tell.

The "ever-evolving threat landscape" is one of the biggest challenges for information security. For every new technology, there are new threat vectors, potential exploits, and unanticipated "alternative uses" that require our attention. This makes things tricky as an industry, but it's awesome for InfoSec as a community. It presents opportunities for collaboration and growth with people of different backgrounds and disciplines: when one of us wins, we all win.


That's why the real leaders in InfoSec aren't rockstars; they're mentors.

Mentoring isn't easy. There's a difference between guiding someone through a process and doing it for them. As we build our community in ESCALATE, keep these basics in mind.

Show, don't tell.

If someone comes to you for help, don't do the work for them: ask what they've done, whether they've considered alternate approaches, and suggest tools or tactics they may not have thought of.

If necessary, remind them to go back to the basics. Repeating old challenges in ESCALATE is a great way to brush off some of the dustier tools in your toolbox.

You were new once, too.

You've walked a lot of miles. You've learned things along the way you wish you'd known sooner. By all means, pass those tough lessons on! But don’t get frustrated if those things don't quite stick.

One of the hardest things about being a mentor is teaching someone something they may not be able to understand. Patience and empathy are the keys.

We all think a little differently; listen to your mentee and ask questions to figure out what works best for them. Experiment with explaining things in different ways. You don’t always know what will make it click.

Go forth and mentor!

Putting yourself out there as a mentor is easier than you think. First, be willing to be vulnerable: “I struggled when I first started reverse engineering. If anyone is looking for encouragement or guidance, feel free to reach out!”

Second, be respectful and considerate when offering advice.

Finally, don’t forget to ask for help, too! Find communities - in ESCALATE, on Twitter, wherever - and jump in! Let people know you’re open to both mentoring and being mentored. It shows your willingness to learn, and it encourages taking risks and learning from each other - which is what the InfoSec community is all about.