Making Friends in Cybersecurity

I want to share a few thoughts on one of the biggest factors that has enabled my success in cybersecurity: Making friends.

I won’t call it networking because that is too often reduced to a buzzword for job seekers and honestly if your waiting until you need a job to start networking it’s a little late.

I’m talking about making friends intentionally and as you go.

Making Friends Intentionally

Finding peers, mentors, & experts in your Rolodex. There isn’t a magic formula.

Step 1: Show up

Show up to the conference (especially small ones), be active on some form of social media, show up to happy hours, networking events etc.

Seriously. You must put yourself in a place for serendipity to happen. If you aren’t “there” it doesn’t matter.

I have connections going back to my days at a small regional con (Phreaknic in Nashville), local tweetups, & meeting a competitor at a vendor event. You never know when someone is going to drop your name or open a door. But don’t focus on that. See step 2.

Also, put yourself in unexpected rooms. I sit in talks that I don’t have any current use for other than being curious but they often turn out to be useful later. Sit in marketing or strategy sessions. Get out of your comfort zone.

Step 2: Be Curious and Kind

I remember sitting at Caesar’s bar at my first Blackhat. I was a complete noob and was nervous to be around so many experts. Then I noticed something, if you pretended to be an expert you were quickly dismissed BUT if you were ok being a noob and asking questions those experts were an open book. Most folks love teaching and everyone loves talking about themselves.

So here in lies the lesson: Ask questions and don’t try to fake expertise.

I know some folks are not extroverts and this may seem daunting. That’s ok, this industry is full of diverse personalities & neurodivergent people. That expert likely thinks they are awkward too.

Questions to get going

  • What do you do?
  • Wow that sounds really (hard / interesting).
  • How did you get into cyber? [I love this question because so many of us took non-traditional paths into this work.]
  • What do you love about your job?
  • What do you wish was different?

4 questions and you are off to the races.

Then find a way to stay in touch. Ask if they are on Mastodon, Linkedin, or get their email.

Later on you might can ask for their opinion on something or ask for 15m if their time. Always be respectful of boundaries and know sometimes it clicks and sometimes it doesn’t.

A quick aside about mentors.

Mentors have been key for me. I have and have had excellent professionals that were part of my advisory team.

My approach is try to use their time well and sparingly. I typically make a point to talk to my mentor every 2 months. Usually over lunch or virtual coffee. Then if there is a quick question I have email or slack. You may need a different approach. I’m just sharing mine. Remember, Don’t be a nuisance and hold up your end of the bargain as a mentee.

Also read Lesley’s post on Lesson’s Learned from Mentoring

Step 3: Pay it forward. Be helpful.

Make connections for other people. Share your experience with students or people just getting started.

If you are someone that is known as being curious, respectful and helpful you will go far in this business.

Make Friends as you Go:

Lastly, making friends with people in other areas of your company. I’ve made real progress dealing with folks in Sales, HR, & IT by just trying to understand and be helpful. They already have a hard job and sitting in an ivory tower and issuing edicts isn’t going to make your team or organization better. Be a bridge builder and someone they know they can come to for help.

Same with trusted vendors.

That’s it.

Be curious. Be Kind. Be Helpful.

PS: I’m still a noob. The rabbit hole just keeps going.

Leave a Reply