Now, More Than Ever, Mentorship Matters in Cybersecurity
This blog was originally published by CXO REvolutionaries here.
Written by Kavitha Mariappan, EVP, Customer Experience and Transformation, Zscaler.
Twin trends unfolding within cybersecurity are making mentorship relationships more critical than ever. On the one hand, an increasingly digitized world is leading to nearly exponential growth in the number of targets available to malicious actors. Cybercrime is a multi-billion dollar industry that will threaten our stability and prosperity for years to come.
On the other hand, the cybersecurity industry faces a daunting gap between the skills needed to fill available roles and the professionals who possess them. Millions of jobs currently await qualified candidates and, in survey after survey, most organizations report being affected in some way by the shortage.
In reality, this leaves our schools, local governments, hospitals, and public utilities – often the very organizations with the fewest resources to allocate to IT spending – frighteningly exposed to cyberattacks.
To help close the skills gap at anything near the pace needed to address these issues, organizations, cybersecurity veterans, and early career professionals alike should consider the benefits of mentorships.
A gap in need of minding
The Information Systems Security Association (ISSA), an international non-profit organization for security professionals, conducted a study last year, which found that the cybersecurity skills shortage has touched 57% of organizations. Almost all (95%) believe the problem is only getting worse.
At the same time, cyberattacks are surging. Ransomware is fast becoming cybercriminals’ preferred method of turning a quick buck, and no sector is spared from the opportunistic eyes of threat actors. Remote work, tangled supply chains, and convoluted legacy network architecture only increase attack surfaces – and opportunities for compromise.
There are also fears that conflict between Russia and Ukraine could lead to a rise in cyberattacks by both independent and state-backed actors. While it remains to be seen how long the animosity will last, we’d be wise to prepare for a future where cyberattacks are a permanent feature of international tensions.
So the need for a healthy cybersecurity talent pipeline is clearly pressing. While formal training will undoubtedly play a role in filling it, universities and vocational programs aren’t capable of churning out the graduates needed for the 3.5 million cybersecurity jobs expected to be available by 2025.
Instead, mentorship programs, both formal and informal, can help provide the next generation of cybersecurity professionals the support they need to step up and fill these roles. Current cybersecurity professionals can help identify and nurture talent from across departments, and help mentees focus on practical on-the-job skills, closing the gap between the classroom and the corporate keyboard.
Building a bigger tent for cybersecurity talent
Diverse teams outperform homogeneous ones. They ensure that different viewpoints, experiences and approaches to problem-solving have a seat at the table. Diverse mentors in leadership roles signify that all types of individuals are valued and can succeed with an organization.
That’s why mentorship programs should actively promote the principles of diversity, equity, and inclusion (DEI). Aside from serving business objectives, DEI broadens the cybersecurity talent pool by promoting the success of underrepresented groups.
Jen Easterly, director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), recently expressed why recruiting more women into cybersecurity careers is one of her top priorities.
"As we work to collectively raise the security baseline of our nation,” she said, “the creativity, imagination and empathy that women bring to this effort will make our Nation stronger."
Luckily, great organizations like Women in Cybersecurity are already doing their part to build a bigger tent for cybersecurity talent. Their efforts should be supported and lessons internalized by would-be mentors, affiliated or not.
Whether it be women, people of color, or the LBGTQ community, mentorship matters because representation matters. And if we don't begin showing a broader swath of the population that they can be the answer to the cybersecurity skills gap, we'll be stuck with it for a long time to come.
Making the most of mentorship
Whether you become a mentor or a mentee, there are a few things to keep in mind to get the most out of the experience.
First, the relationship goes both ways. It requires engagement from both sides. When both mentor and mentee commit to the experience, growth happens. But it takes time. For busy professionals on both ends of the experience spectrum, this means blocking out time on the calendar, and that can be a tough thing to do.
Whereas a mentor can provide wisdom hard-won from experience, a mentee must come to the conversation having thoughtfully examined his or her hopes, goals, objectives, and uncertainties. Which brings us to a second key: asking questions. Questions are important, because asking the right ones can be key to self-discovery. A mentor adds great value by acting as a sounding board for the less experienced. Mentees should take this opportunity to hone their messaging.
Finally, take the first step. Every relationship starts with a connection, whether it's a conversation, call, or a coffee. If your organization has an official mentorship program, sign up. We began the Elevate mentorship program to ensure willing mentors and mentees have access to the resources they need to grow personally and professionally. At present, a third of the individuals involved with our employee resource groups globally are already taking advantage of the program.
If your organization doesn't have a sanctioned program, start one. Or don't wait for anything official. Reach out to that talented early-career professional who could use a little guidance. Strike up a chat with that executive you admire.
With a little time and effort, who knows where it might go.
Sign up to receive CSA's latest blogs
This list receives 1-2 emails a month.