Skip to content ↓ | Skip to navigation ↓

In the first installment of this series on mentors we looked at the influencers, those mentors who are recognized as being the catalysts responsible for landing our respondents where they are today.

In this second part, we look at the mentors who are current or former employers, managers, or were similarly in a superior or supervisory role and had a deep impact on our respondent’s knowledge base and subsequent career choices:

Jack Whitsitt (@sintixerr), Principle Analyst at Energy Sector Security Consortium

My more recent mentor is Kelley Bray (@CIKRMom) who was at the time in charge of the TSA Cyber Security Awareness & Outreach Team (CSAO) team in which I was the other, junior federal employee, and she was the co-chair of the Transportation Systems Security Cyber Working Group (TSSCWG).

Bray has been responsible in many ways for TSA’s success in their Transportation Systems Sector Sector Specific Agency Cyber Security role. They are – and have been for some time now – the model of how the federal government should successfully support and engage industry. The relationships she developed, with the support of my security background, are almost uniquely positive in the critical infrastructure cyber security space.

And this is the key to why she was such an important mentor to me – and why she should be a mentor to the rest of the security community: Kelley had a marketing and communications background, but was leading a security program with national scope, and from her I learned that no matter what I knew or how many correct answers I had, I could make no improvements in the world around me without first acknowledging and then constantly considering human nature.

Ultimately, what I learned from Kelley Bray is that small considerations in personal relationships open doors that will otherwise remain locked, and will pave the way for real, tangibly productive dialogues about cyber security. Addressing the human elements first creates a space for the more pedantic and boring, but technically relevant perspectives, some of us are more comfortable with.

I will never be “that” person – as I said in the beginning, I really am an awkward geek – but the more I can incorporate what I learned form Kelley (or surround myself with those who can) into what I learned from those small hacker communities I grew up in, the better I’ll be able to provide my own value to the world around me.

Javvad Malik (@J4vv4D), Security Analyst at The 451 Group

My current boss Wendy Nather (@451Wendy), Research Director 451 Research, is the epitome of cool – extremely knowledgeable and wrapped up in a layer of awesomeness. She’s one of the most intelligent, hard-working and fun people to be around in the industry today.

Before joining 451, I knew of Wendy and had a lot of respect for her – but working for her has taught me so much. She has this calming effect and can defuse the most volatile of situations with her charm and intelligence. Whenever I am stuck or am unsure of the direction I need to take, I can always turn to her for some rock-solid advice.

Rafal Los (@Wh1t3Rabbit), Principal, Strategic Security Services at HP

Of all the people I’ve worked for that I believe I have learned from, Dan Conroy (currently Head of Strategy, Planning and Governance at Citi) is someone I truly consider a mentor. He taught me about the business-security interface that I rely on to help me have intelligent business discussions, and a lot about management skills and the need to be relentless. I feel like everything I learned about the interface between business and the world of security I learned through his example, and his attitude.

Dan is one of the most important leaders we have. He asks tough questions and doesn’t let security people believe they are more important than anyone else – but he also doesn’t let security get marginalized. He understands balance, and that is what’s critically needed.

When he was first hired, the entire team thought we were in big trouble. The attitude we thought we needed of “push security forward” wasn’t there, and we felt like we were going to be pushed around by the business and marginalized. As it turns out, the exact opposite happened, and by aligning tightly to the business, we not only became respected but learned a lot about how our own organization functioned – and how we could serve the business better. Even though many of us have parted ways, we would all work for Dan again in a heartbeat.

Rob Lewis (@Infosec_Tourist), Business Developer at Trustifier Inc.

I’m not unlike many who fell into infosec accidentally or unexpectedly, but I never really had any real exposure to, or interest in tech, computers, or hacking in any way other than from broad, generalist perspective. When people try and perform a “geek” transplant on me, my body still rejects it. It’s unlikely I would have arrived in security via any traditional route for this reason.

After an introduction to the Founder of Trustifier Inc., my future mentor Ahmed Masud, I met up with him to see a demo of an early version of what is now his innovative implementation of trusted computing. He explained that this was needed because everyone’s data was sitting on boxes that would prove to be quite defenseless. I was both shocked and intrigued to learn that, and I started to read about trusted computing and comparing it to the status quo.

I was gob-smacked to find out how borked infosec actually is. Marcus Ranum’s Six Dumbest Mistakes and Noam Eppel’s Security Absurdity papers were timely. I read many educational posts by thought leaders, a form of indirect mentorship I guess, including one Guy Kawasaki post that still sticks with me today. What I couldn’t figure out is why people weren’t interested in a new model if the old one seemed so broken. In the post Kawasaki said, “those on the first curve are unable to comprehend, let alone embrace the second curve.” Change is hard, right?

Through all of this, I would pepper Ahmed with questions, mainly over coffees or while driving to meetings, and I would learn more by listening to him talk to others, or give briefings. Lately it’s about mathematical models and applied LangSec research, which is fascinating, but it’s all the computer science I never wanted to learn until I met Ahmed. It’s been an interesting journey.

Jayson Street (@JaysonStreet), Senior Partner at Krypton Security

My mentor is Tim Smith, formerly the Sr. VP of Information Security at the bank where I was working on the help desk at the time. He saw something in me, and believed in me enough to ask if I wanted to work with him in information security. At the time I never knew you could do security and still work on computers – I had spent years working physical security so I jumped at the chance.

Tim was important in my professional development because he saw something in me I didn’t – he saw potential and the ability to learn this whole new field I was just introduced to, and I would not be in it if not for him. Like the hundreds of thousands like Tim, he is doing his part in the information security industry not for fame or glory, but because he believes in it and is good at it. He let me know that I shouldn’t let my doubts get the best of me and to always strive to be better. Another thing he showed me was that anybody could have a job, but only a few get to be paid for their passion.

I recall we had a closed network for testing in my secured office, and after work Tim and I would stay late playing Unreal Tournament. Having fun is a part of living, and if your lucky it can be part of your job as well.

In the next installment, we will look at the mentors who are peers in the security field that had a deep impact on our participant’s careers…

Related Articles:


P.S. Have you met John Powers, supernatural CISO?


Title image courtesy of ShutterStock