homepage
Open menu
Contact Sales
Go one level top
  • Train and Certify
    Free Course Demos

    Free course demos allow you to see course content, watch world-class instructors in action, and evaluate course difficulty.

    Train and Certify
    Immediately apply the skills and techniques learned in SANS courses, ranges, and summits
    Learn More
    • Overview
    • Courses
      • Overview
      • Full Course List
      • By Focus Areas
        • Cloud Security
        • Cyber Defense
        • Cybersecurity and IT Essentials
        • DFIR
        • Industrial Control Systems
        • Offensive Operations
        • Management, Legal, and Audit
      • By Skill Levels
        • New to Cyber
        • Essentials
        • Advanced
        • Expert
      • Training Formats
        • OnDemand
        • In-Person
        • Live Online
      • Free Course Demos
    • Training Roadmaps
      • Skills Roadmap
      • Focus Area Job Roles
        • Cyber Defense Job Roles
        • Offensive Operations Job Roles
        • DFIR Job Roles
        • Cloud Job Roles
        • ICS Job Roles
        • Leadership Job Roles
      • NICE Framework
        • Security Provisionals
        • Operate and Maintain
        • Oversee and Govern
        • Protect and Defend
        • Analyze
        • Collect and Operate
        • Investigate
        • Industrial Control Systems
      • European Skills Framework
    • GIAC Certifications
    • Training Events & Summits
      • Events Overview
      • In-Person Event Locations
        • Asia
        • Australia & New Zealand
        • Latin America
        • Mainland Europe
        • Middle East & Africa
        • Scandinavia
        • United Kingdom & Ireland
        • United States & Canada
      • Live Online Events List
      • Summits
    • OnDemand
    • Get Started in Cyber
      • Overview
      • Degree and Certificate Programs
      • Scholarships
      • Free Training & Resources
    • Cyber Ranges
  • Enterprise Solutions
    New Cyber Trends & Training in 2023

    This eBook offers a glimpse into the key threats that are expected to emerge as forecasted by SANS experts.

    Enterprise Solutions

    Build a world-class cyber team with our workforce development programs.

    Learn More
    • Overview
    • Group Purchasing
    • Build Your Team
      • Assessments
      • Private Training
      • By Industry
        • Health Care
        • Industrial Control Systems Security
        • Military
    • Leadership Training
      • Leadership Courses
      • Executive Cybersecurity Exercises
  • Security Awareness
    2023 Security Awareness Report

    Empowering Security Awareness teams with industry benchmarking, program growth, and career development.

    Security Awareness
    Increase your staff’s cyber awareness, help them change their behaviors, and reduce your organizational risk
    Learn More
    • Overview
    • Products & Services
      • Security Awareness Training
        • EndUser Training
        • Phishing Platform
      • Specialized
        • Developer Training
        • ICS Engineer Training
        • NERC CIP Training
        • IT Administrator
      • Risk Assessments
        • Knowledge Assessment
        • Culture Assessment
        • Behavioral Risk Assessment
    • OUCH! Newsletter
    • Career Development
      • Overview
      • Training & Courses
      • Professional Credential
    • Blog
    • Partners
    • Reports & Case Studies
  • Resources
    Security Policy Templates

    In collaboration with security subject-matter experts, SANS has developed a set of security policy templates for your use.

    Resources
    Enhance your skills with access to thousands of free resources, 150+ instructor-developed tools, and the latest cybersecurity news and analysis
    Browse Here
    • Overview
    • Webcasts
      • Webinars
      • Live Streams
        • Wait Just An Infosec
        • Cybersecurity Leadership
        • SANS Threat Analysis Rundown (STAR)
    • Free Cybersecurity Events
      • Free Events Overview
      • Summits
      • Solutions Forums
      • Community Nights
    • Content
      • Newsletters
        • NewsBites
        • @RISK
        • OUCH! Newsletter
      • Blog
      • Podcasts
        • Blueprint
        • Trust Me, I'm Certified
        • Cloud Ace
        • Wait Just an Infosec
      • Summit Presentations
      • Posters & Cheat Sheets
    • Internet Storm Center
    • Research
      • White Papers
      • Security Policies
    • Tools
    • Focus Areas
      • Cyber Defense
      • Cloud Security
      • Digital Forensics & Incident Response
      • Industrial Control Systems
      • Cyber Security Leadership
      • Offensive Operations
      • Open-Source Intelligence (OSINT)
  • Get Involved
    Join the Community

    Membership of the SANS.org Community grants you access to cutting edge cyber security news, training, and free tools that can't be found elsewhere.

    Get Involved
    Help keep the cyber community one step ahead of threats. Join the SANS community or begin your journey of becoming a SANS Certified Instructor today.
    Learn More
    • Overview
    • Join the Community
    • Work Study
    • Teach for SANS
    • CISO Network
    • Partnerships
    • Sponsorship Opportunities
  • About
    Our Mission

    To empower current and future cybersecurity practitioners around the world with immediately useful knowledge and capabilities, we deliver industry-leading community programs, resources and training.

    About
    Learn more about how SANS empowers and educates current and future cybersecurity practitioners with knowledge and skills
    Learn More
    • SANS
      • Overview
      • Our Founder
      • Awards
    • Instructors
      • Our Instructors
      • Full Instructor List
    • Mission
      • Our Mission
      • Diversity
      • Scholarships
    • Contact
      • Contact Customer Service
      • Contact Sales
      • Press & Media Enquiries
    • Frequent Asked Questions
    • Customer Reviews
    • Press
    • Careers
  • SANS Sites
    • Australia
    • Brazil
    • France
    • India
    • Japan
    • Middle East & Africa
    • United Kingdom
  • Log In
  • Join
    • Account Dashboard
    • Log Out
  • Contact Sales
  1. Home >
  2. Blog >
  3. The Role of Mentorship in Cyber Threat Intelligence (Part 2)
John_Doyle_370x370.png
John Doyle

The Role of Mentorship in Cyber Threat Intelligence (Part 2)

Mentoring needs will vary from person to person based largely on where they are in their career. Here are a few resources to help you get there!

August 5, 2023

Blog authors: John Dolye, Selena Larson & Fletus Poston

“Everyone needs a mentor and a mentee. No matter how long you have been in the field, you have something worthwhile to share with others. We all bring previous experience and diversity to our roles.” -Fletus Poston, SANS Instructor Candidate SANS New2Cyber 2022 Panel

BLUF:

  • Mentorship is a critically important career aid designed to empower individuals looking to grow professionally.
  • Mentorship opportunities are not limited to within one’s organizations. Many industry peers and members of the broader information security community are willing to take onboard mentees.
  • Absent a formal mentorship program within an organization, employee resource groups (ERGs), brown bags, or lunch-and-learns provide networking opportunities to find a prospective mentors from a pool of individuals who share common traits, experiences, or interests.
  • Industry conferences, collaboration and trust groups, and community-driven projects also provide similar networking opportunities. 

Finding a Mentor

In the second post in our mentorship blog series, we focus on answering the question of how and where to find a mentor. This blog post is mostly designed for junior cyber security practitioners, those looking to enter the field, or to move to a different sub-discipline within it.

  • However, irrespective of where one is in their career, they will no doubt ask themself what is next and where can I seek guidance to get there. The difference between a seasoned practitioner and junior or aspirant is how they deal with this question; the seasoned practitioner likely has a starting point – intuition of where to look or a network of established contacts to lean on.

The good and also not so great news is that there exists a spectrum of opportunities to identify and establish mentorship opportunities. We have created a potentially representative, but not exhaustive listing which could serve as a starting point that ranges the gamut of organization specific opportunities to broader industry opportunities.

Formal, organizational specific programs implemented by a Human Resources, People Operations, or Talent Management are usually voluntary and match a mentee with a mentor that meets a specific criteria like whether they are a manager or are in a particular area in the company. Once both recipients agree with the pairing, a system will generate an automated notification that encourages them to reach out, establish a meet and greet, and then wishes them the best, leaving it to a combination of the mentee and mentor to figure out scheduling, defining expectations and desires from the relationship, and next steps on how to proceed.  

A less formal construct is sometimes done at the team level where leadership will assign a mentor who is senior and seasoned on the team. By design, this is done to create a safety net, buddy system of sorts that offers the opportunity to side-saddle for on-the-job growth, pose questions about the team, organization, growth progression, and development pathways. The effectiveness of this style is ad hoc.

  • Beyond being personality dependent, the effectiveness will vary based on whether the team operates in an in-person environment or whether the team operates remotely. If remote, geographical dispersion is another consideration.
  • While this set up works well with in-person employees, it is often more difficult for remote employees. Mentees sometimes exhibit hesitance or wave reaching out for fear of burdening an already over-tasked senior resource. Ironically, most of these senior resources are more than happy to make the time; it helps break up the more mundane daily tasks and provides them with a sense of immediate organizational impact.
  • If a manager is not providing guidance either in terms of opportunities for mentorship or career development, individuals should look to other resources within an organization to support them, including Human Resources, Talent Development, etc. with specific objectives and requests for help.

By far the most common mentorship opportunities in an organization are ad hoc, relying on an individual employee to identify something within a peer or leader and then ask whether they would be open to have a conversation about something like career pathways, advancing in the organization, or how to develop a particular skill. These conversations often act as a backdrop towards establishing a more formalized mentoring relationship.

  • While not mentoring in the traditional sense, brown bags or lunch-and-learns can provide a chance for individuals to connect with one another on a shared topic. Brown bag sessions are typically designed as a “give back” to the organization, drawing usually from professional experience to cover a topic that the present feels might be useful to share more broadly.
  • The target audience for most brown bags tends to be junior or mid-career employees, but in some cases, seniors will attend to support, champion, and chime in with their perspective, often improving the utility of the event. It also provides an open forum with a safe space to ask questions about the topic at hand and, of course, to have follow-up conversations and touchpoints with those involved.

Employee resource groups (ERGs) provide individuals with an opportunity to find potential mentors from a pool of peers that have a shared set of experiences, backgrounds, or characteristics within the workplace. ERGs often are generally based on providing support, enhancing career development, and contributing to personal development in the work environment. ERGs are voluntary, so those who attend the meetings already share a certain set of expectations for what they are seeking to achieve, lowering the barriers for those of us who are shy or otherwise anxious to gain mentorship from others.

  • ERGs can also provide peer accountability and collaboration among colleagues that supports mentorship. For example, Selena, a coauthor of this blog, is a lead of an Emerging Professionals group at her organization and the team hosted a group event to build a “personal advisory board” that included mentorship representation.
  • This was a group activity that discussed professional goals and plans for action, identified key people to approach with requests for mentorship, and encouraged participants to regularly update each other on the progress of identified objectives. Having a peer group that openly discusses goals, strengths, weaknesses, and professional development experiences can help hold each other accountable to the mentorship experience.

As we pivot from organization-specific to industry-centric, three high level categories come to mind: closed, semi-open, and open communities. Each one has its own merits and the utility for mentorship purposes is largely subjective. However, each offers a venue to connect with peers, stay current on industry events, and help drive a collective mission – usually helping protect organizations.

  • Since some of these concepts may be new as of reading this, we take a moment to note that a closed group requires applying and being accepted or invited by one or more members of the group. These “trust groups” are often established for a reason, so trust and security are two of their primary pillars.
  • Semi-open groups have more laxed standards, but still often include “rules of engagement” as part of their charter.  They often are manually vetted, requiring an application and then accepted based on a particular criteria. Industry-specific information sharing forums like the ISACs would fall into this category where the criteria is showing you work for an organization in that field.
  • The discourse that takes place in either the closed trust groups or semi-open ones provides an opportunity to identify individuals of interest to help meet your own growth needs, identify their handles to follow on social media for the same, and to crowdsource personal growth questions.

Community events, initiatives, and open groups aim to bring like-minded professionals together either virtually or in-person to achieve a certain outcome, ranging from staying current on field research to garnering an understanding on what the latest best practices are. Either way, convening individuals together who are like-minded based on their work naturally allows individuals to develop a network of connections, some of which might act as good mentors.

  • For in-person events there is often a networking social function after the conference or lunch and snack breaks to provide opportunities to get to know each other. For virtual events, there’s usually a Slack or Discord channel or series of sub-channels dedicated to allowing participants the ability to connect. The Diana Initiative and Women in Cybersecurity (WiCyS) are two other examples designed to empower underrepresented individuals and female advancement in the field, respectively.
  • The SANS summits series offers similar networking opportunities to meet industry peers and thought leaders. The annual CTI summit is one worth considering for those interested in this specific niche while the New2Cyber Summit is designed to assist those looking for starting points in cyber security. At the 2023 New2Cyber summit, The KC7 project provided an overview on their non-profit organization, the free gamified capture-the-flag experience they offer for honing intrusion data pivoting skills, and the work the group is doing to help bridge the security skills gap.
  • Local conferences like BSides DC and other local BSides chapters offer an intimate setting to network with attendees ranging from a few dozen to upwards of a few hundred akin to what you would experience at a CTI-centric conference like CYBERWARCON, Forum of Incident Response and Security Teams (FIRST) CTI Symposium, Virus Bulletin, SLEUTHCON, ATT&CKCon, LABScon, and others. Larger conferences like DefCon and Black Hat can be somewhat overwhelming with thousands who attend per year.

Conclusion

While we can all benefit from professional mentorship, mentoring needs will vary from person to person based largely on where they are in their career. In this blog series we introduced mentorship concepts, the role and responsibilities of mentors and mentees, and provided resources on areas to engage to find prospective mentors, both formally through organizational program and through industry specific events or initiatives. We will conclude this posting with a few additional resources that are tangential, but related to professional development: 

  • Share the Mic in Cyber
  • Google’s Jenny Wood’s Own Your Career Newsletter
  • The Cyber Threat Intelligence Jobs Linkedin Group
  • ”Breaking Into the CTI Field: Demystifying the Interview Process and Practice Interview Questions“
  • John’s SANS CTI Summit 2023 Presentation "Developing the Analyst: Creating Career Roadmaps for Intelligently Progressing in CTI”
  • Mandiant's CTI Core Competencies Framework
  • Katie Nickel’s CTI Self-Study Plan
  • National Initiative for Cybersecurity Education

Share:
TwitterLinkedInFacebook
Copy url Url was copied to clipboard
Subscribe to SANS Newsletters
Receive curated news, vulnerabilities, & security awareness tips
United States
Canada
United Kingdom
Spain
Belgium
Denmark
Norway
Netherlands
Australia
India
Japan
Singapore
Afghanistan
Aland Islands
Albania
Algeria
American Samoa
Andorra
Angola
Anguilla
Antarctica
Antigua and Barbuda
Argentina
Armenia
Aruba
Austria
Azerbaijan
Bahamas
Bahrain
Bangladesh
Barbados
Belarus
Belize
Benin
Bermuda
Bhutan
Bolivia
Bonaire, Sint Eustatius, and Saba
Bosnia And Herzegovina
Botswana
Bouvet Island
Brazil
British Indian Ocean Territory
Brunei Darussalam
Bulgaria
Burkina Faso
Burundi
Cambodia
Cameroon
Cape Verde
Cayman Islands
Central African Republic
Chad
Chile
China
Christmas Island
Cocos (Keeling) Islands
Colombia
Comoros
Cook Islands
Costa Rica
Croatia (Local Name: Hrvatska)
Curacao
Cyprus
Czech Republic
Democratic Republic of the Congo
Djibouti
Dominica
Dominican Republic
East Timor
Ecuador
Egypt
El Salvador
Equatorial Guinea
Eritrea
Estonia
Ethiopia
Falkland Islands (Malvinas)
Faroe Islands
Fiji
Finland
France
French Guiana
French Polynesia
French Southern Territories
Gabon
Gambia
Georgia
Germany
Ghana
Gibraltar
Greece
Greenland
Grenada
Guadeloupe
Guam
Guatemala
Guernsey
Guinea
Guinea-Bissau
Guyana
Haiti
Heard And McDonald Islands
Honduras
Hong Kong
Hungary
Iceland
Indonesia
Iraq
Ireland
Isle of Man
Israel
Italy
Jamaica
Jersey
Jordan
Kazakhstan
Kenya
Kiribati
Korea, Republic Of
Kosovo
Kuwait
Kyrgyzstan
Lao People's Democratic Republic
Latvia
Lebanon
Lesotho
Liberia
Liechtenstein
Lithuania
Luxembourg
Macau
Macedonia
Madagascar
Malawi
Malaysia
Maldives
Mali
Malta
Marshall Islands
Martinique
Mauritania
Mauritius
Mayotte
Mexico
Micronesia, Federated States Of
Moldova, Republic Of
Monaco
Mongolia
Montenegro
Montserrat
Morocco
Mozambique
Myanmar
Namibia
Nauru
Nepal
Netherlands Antilles
New Caledonia
New Zealand
Nicaragua
Niger
Nigeria
Niue
Norfolk Island
Northern Mariana Islands
Oman
Pakistan
Palau
Palestine
Panama
Papua New Guinea
Paraguay
Peru
Philippines
Pitcairn
Poland
Portugal
Puerto Rico
Qatar
Reunion
Romania
Russian Federation
Rwanda
Saint Bartholemy
Saint Kitts And Nevis
Saint Lucia
Saint Martin
Saint Vincent And The Grenadines
Samoa
San Marino
Sao Tome And Principe
Saudi Arabia
Senegal
Serbia
Seychelles
Sierra Leone
Sint Maarten
Slovakia
Slovenia
Solomon Islands
South Africa
South Georgia and the South Sandwich Islands
South Sudan
Sri Lanka
St. Helena
St. Pierre And Miquelon
Suriname
Svalbard And Jan Mayen Islands
Swaziland
Sweden
Switzerland
Taiwan
Tajikistan
Tanzania
Thailand
Togo
Tokelau
Tonga
Trinidad And Tobago
Tunisia
Turkey
Turkmenistan
Turks And Caicos Islands
Tuvalu
Uganda
Ukraine
United Arab Emirates
United States Minor Outlying Islands
Uruguay
Uzbekistan
Vanuatu
Vatican City
Venezuela
Vietnam
Virgin Islands (British)
Virgin Islands (U.S.)
Wallis And Futuna Islands
Western Sahara
Yemen
Yugoslavia
Zambia
Zimbabwe

By providing this information, you agree to the processing of your personal data by SANS as described in our Privacy Policy.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Recommended Training

  • FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response
  • SEC501: Advanced Security Essentials - Enterprise Defender
  • FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics

Tags:
  • Digital Forensics, Incident Response & Threat Hunting

Related Content

Blog
Malware_Blogs.png
Digital Forensics, Incident Response & Threat Hunting
September 21, 2023
Latest Must-Read Malware Analysis Blogs
In this post, we present a selection of recent malware analysis write-ups to highlight individuals' passion for malware analysis
Anuj_Soni_370x370.png
Anuj Soni
read more
Blog
FOR508_Update.png
Digital Forensics, Incident Response & Threat Hunting
September 3, 2023
Next Generation FOR508
The latest FOR508 update represents a major upgrade to the courseware with a complete replacement of every hands-on exercise in the course.
370x370_Chad-Tilbury.jpg
Chad Tilbury
read more
Blog
Blog_teaser_images_(19).png
Digital Forensics, Incident Response & Threat Hunting, Open-Source Intelligence (OSINT)
August 31, 2023
FOR589: Cybercrime Intelligence - NEW SANS DFIR Course coming in 2024
Learn to traverse the cyber underground, social engineer cybercriminals and investigate illicit cryptocurrency activity.
Sean_O_Connor_370x370.png
Sean O'Connor
read more
  • Register to Learn
  • Courses
  • Certifications
  • Degree Programs
  • Cyber Ranges
  • Job Tools
  • Security Policy Project
  • Posters & Cheat Sheets
  • White Papers
  • Focus Areas
  • Cyber Defense
  • Cloud Security
  • Cybersecurity Leadership
  • Digital Forensics
  • Industrial Control Systems
  • Offensive Operations
Subscribe to SANS Newsletters
Receive curated news, vulnerabilities, & security awareness tips
United States
Canada
United Kingdom
Spain
Belgium
Denmark
Norway
Netherlands
Australia
India
Japan
Singapore
Afghanistan
Aland Islands
Albania
Algeria
American Samoa
Andorra
Angola
Anguilla
Antarctica
Antigua and Barbuda
Argentina
Armenia
Aruba
Austria
Azerbaijan
Bahamas
Bahrain
Bangladesh
Barbados
Belarus
Belize
Benin
Bermuda
Bhutan
Bolivia
Bonaire, Sint Eustatius, and Saba
Bosnia And Herzegovina
Botswana
Bouvet Island
Brazil
British Indian Ocean Territory
Brunei Darussalam
Bulgaria
Burkina Faso
Burundi
Cambodia
Cameroon
Cape Verde
Cayman Islands
Central African Republic
Chad
Chile
China
Christmas Island
Cocos (Keeling) Islands
Colombia
Comoros
Cook Islands
Costa Rica
Croatia (Local Name: Hrvatska)
Curacao
Cyprus
Czech Republic
Democratic Republic of the Congo
Djibouti
Dominica
Dominican Republic
East Timor
Ecuador
Egypt
El Salvador
Equatorial Guinea
Eritrea
Estonia
Ethiopia
Falkland Islands (Malvinas)
Faroe Islands
Fiji
Finland
France
French Guiana
French Polynesia
French Southern Territories
Gabon
Gambia
Georgia
Germany
Ghana
Gibraltar
Greece
Greenland
Grenada
Guadeloupe
Guam
Guatemala
Guernsey
Guinea
Guinea-Bissau
Guyana
Haiti
Heard And McDonald Islands
Honduras
Hong Kong
Hungary
Iceland
Indonesia
Iraq
Ireland
Isle of Man
Israel
Italy
Jamaica
Jersey
Jordan
Kazakhstan
Kenya
Kiribati
Korea, Republic Of
Kosovo
Kuwait
Kyrgyzstan
Lao People's Democratic Republic
Latvia
Lebanon
Lesotho
Liberia
Liechtenstein
Lithuania
Luxembourg
Macau
Macedonia
Madagascar
Malawi
Malaysia
Maldives
Mali
Malta
Marshall Islands
Martinique
Mauritania
Mauritius
Mayotte
Mexico
Micronesia, Federated States Of
Moldova, Republic Of
Monaco
Mongolia
Montenegro
Montserrat
Morocco
Mozambique
Myanmar
Namibia
Nauru
Nepal
Netherlands Antilles
New Caledonia
New Zealand
Nicaragua
Niger
Nigeria
Niue
Norfolk Island
Northern Mariana Islands
Oman
Pakistan
Palau
Palestine
Panama
Papua New Guinea
Paraguay
Peru
Philippines
Pitcairn
Poland
Portugal
Puerto Rico
Qatar
Reunion
Romania
Russian Federation
Rwanda
Saint Bartholemy
Saint Kitts And Nevis
Saint Lucia
Saint Martin
Saint Vincent And The Grenadines
Samoa
San Marino
Sao Tome And Principe
Saudi Arabia
Senegal
Serbia
Seychelles
Sierra Leone
Sint Maarten
Slovakia
Slovenia
Solomon Islands
South Africa
South Georgia and the South Sandwich Islands
South Sudan
Sri Lanka
St. Helena
St. Pierre And Miquelon
Suriname
Svalbard And Jan Mayen Islands
Swaziland
Sweden
Switzerland
Taiwan
Tajikistan
Tanzania
Thailand
Togo
Tokelau
Tonga
Trinidad And Tobago
Tunisia
Turkey
Turkmenistan
Turks And Caicos Islands
Tuvalu
Uganda
Ukraine
United Arab Emirates
United States Minor Outlying Islands
Uruguay
Uzbekistan
Vanuatu
Vatican City
Venezuela
Vietnam
Virgin Islands (British)
Virgin Islands (U.S.)
Wallis And Futuna Islands
Western Sahara
Yemen
Yugoslavia
Zambia
Zimbabwe

By providing this information, you agree to the processing of your personal data by SANS as described in our Privacy Policy.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
  • © 2023 SANS™ Institute
  • Privacy Policy
  • Terms and Conditions
  • Do Not Sell/Share My Personal Information
  • Contact
  • Careers
  • Twitter
  • Facebook
  • Youtube
  • LinkedIn