Monday, November 22, 2010

Guest Post: Michelle Klinger "Interview with a Mentee...Mentee Y"

As previously mentioned, this is the continuation in a series of interviews with both mentees and mentors on their experience with InfoSec Mentors to date. Individuals have had to have been paired up for at least two months and I also chose to keep the participants anonymous as I thought I’d receive more honest answers, both praise and critique of the program. And with that I introduce an interview with a mentee.....Mentee Y:

Q: What was your reasoning for engaging an infosec mentor that you were not able to do on your own?

A: I'd been working to transition into the pen-testing field but without direct experience it was difficult to get past initial interviews. I sought a mentor to help me identify the areas I was lacking and suggest how I could fill the gaps in my experience.

Q: Have you’ve ever had a mentor before? Was it organically developed or had you been a part of other mentor programs?

A: I've had mentors off and on throughout my life. In every case they were organically developed and made a huge contribution to my success at the time.

Q: Prior to being matched, had you known of your mentor either personally or through social media forums? Where you hoping for someone “well known” in the social infosec social circle? Why or why not?

A: Yes, I'd seen my mentor present at Shmoo earlier this year so I knew of them already. The fact that he is well known only helped me to more quickly understand how he could contribute and help me towards my goals. The "well known" factor wasn't a requirement for me though. As long as the mentor had the experience to understand what I was looking for and help me down that path, that's all that mattered to me.

Q: Was gender a concern when envisioning who you’d be paired with? Why or why not?

A: No, gender was of no concern to me. I've met plenty of highly experienced people in this field and their gender had little or nothing to do with that success. As long as we could communicate and work together that's all I cared about.

Q: Has your mentor suggested or encouraged you to engage in social media (i.e. Facebook, Twitter, and LinkedIn)? Have you? Why or why not? If you have, has aided in your original goals?

A: I was already engaged in most of the social media options when I was matched so no, he didn't suggest any of those. Of all the social media I use, Twitter has been the most valuable for keeping pace with what's happening as it's communicated by the infosec industry.

Q: Was your pairing public via social media (i.e. Facebook, Twitter, LinkedIn) either by you or your mentor? What was the reasoning behind the decision?

A: Yes, I know I tweeted about it immediately although I waited to say who my mentor was until after we'd exchanged an email or two.

Q: Did the initial meeting/conversation meet expectations? What did that initial communication entail?

A: It wasn't what I expected but that wasn't a bad thing either. I learned that my mentor and I shared many similar experiences which helped me to understand that my goals were reasonable. Basically, "If he could do it, then I had a shot too".

Q: Have you made any major changes or decisions based on advice or direction from your mentor?

A: Absolutely. His experience gave me an alternative path to consider for my job search. Ultimately this is what led me to my current new job that I've had for about a month now. It's not a pen-testing role like I'd been targeting but it turns out I'm probably 10x better at being an analyst than I would have been a pen tester. Plus, the company I'm with now has lots of opportunities internally when I'm ready to move into other areas, including pen testing.

Q: Were you given any “homework” or assignments to complete and did you actually do them? What are a few examples of assignments given? Did you see value in the tasks assigned?

A: He definitely gave me recommendations for web app lab configurations. It wasn't homework though and unfortunately I've never taken the time to set up the suggested lab systems. I do see value in this and when I do reach this point I know my mentor will still be there to help with any questions that may come up.

Q: Do you feel the mentor you were paired up with was an accurate match? Why or why not?

A: Yes, my mentor was an accurate match based on the information I provided in my questionnaire. The end result was a path I hadn't considered taking and was different from what I thought I was looking for but a win is a win.

In the end, the InfoSec Mentor experience was less what I was looking for, and more of what I needed. If you're open minded enough to see this and respect it for what it is, then it's a priceless lesson and an invaluable experience.

If you’d like to be interviewed, please contact me at securityindepth at gmail dot com