Why CISOs Need a Mentor (and What They Can Learn From One)

After more than a decade of researching and writing about security leadership, naturally I have a lot of security executives in my network. One theme I note that is popping up more frequently lately in my news feeds is the need for security professionals to have a mentor.

Results vary on average CISO tenure depending on which research you believe, but most put the average length of stay in a CISO role as 18 to 24 months. That’s a pretty short amount of time. One factor that could help extend that time frame is mentoring. Identifying and learning from a mentor, or serving as one for another security leader, can lengthen a CISOs’ tenure and retain more of them by helping security leaders feel more confident and supported in what traditionally has been considered a stressful, difficult and overwhelming role.

Building Business Acumen

CISOs increasingly are expected to understand the mission of the business and align security investments and priorities with those goals. A recent report from IANS finds the need for security managers to demonstrate ROI is now paramount to getting budget and leadership buy-in for security.

“Despite promising numbers, however, executive decision-makers now want InfoSec costs inexorably linked to business value and return on investment. While some CISOs consistently command the budget and resources they need, others continue to struggle,” the report summary notes.

This kind of understanding of business value is exactly where a CISO mentor can be most valuable, according to those who have benefitted from the mentor-mentee relationship.

“To be an effective chief information security officer, an executive needs the domain expertise, but also leadership experience within a business,” said Jason Clark, chief strategy officer with Netskope in a recent Forbes post on the topic. “I often meet people who aspire to C-level roles but lack the experience necessary to succeed. The flexibility to move into a more traditional management role is why I encourage security practitioners to seek business mentors early and often.”

Where to Find a Mentor

As Clark noted in his post, experienced and knowledgeable security professionals often are at conferences, workshops, meetups and other industry and networking events. There are also consultancies that offer mentoring and mentor partnering as a service, and non-profit alliances that aim to pair mentors and mentees.  The Multi-State Information Sharing and Analysis Center (MS-ISAC) Mentoring Program, for example, offers security leaders in management positions to network and learn from the experience of current security leaders.

In a post on the topic of mentors, Kevin Beaver, an independent security consultant, said his relationships have been invaluable to his career development, and many simply came to be through happenstance.

“I approached these people as I would a parent, sibling or close friend and simply asked them what I need to do to accomplish certain goals in my work,” said Beaver in the post. “They told me exactly what I needed to do—no fluff, no hype and, thankfully, no sales motivations on their part. It was just raw advice being handed down from a wiser professional to me.”

What New Security Pros Can Learn From a Mentor

What should a green security pro hope to get out of the relationship? Clark advised to use it as an opportunity to stretch and grow, and to find someone who matches your goals, not your existing skills.

In an interview Dan Lohrmann conducts with Mike Aliperti, leader of MS-ISAC, Aliperti pointed out some of the benefits for both mentors and mentees include sharing successes, as well as feeling free to discuss areas where things were not so successful and where there were lessons learned.

Having a trusted adviser with experience in security, and who has likely faced many of the challenges new CISOs face, can make the difference between feeling defeated early on and feeling like difficult days are simply hurdles to overcome in a new role.

Many of those who were mentored often go on to serve a mentor themselves because the process is so helpful and rewarding.

Joan Goodchild

Avatar photo

Joan Goodchild

Joan is a veteran journalist, editor and writer who has been covering security for more than a decade. She has written for several publications and previously served as editor-in-chief for CSO Online.

joan-goodchild has 37 posts and counting.See all posts by joan-goodchild