If you are a veteran (or working toward that status) in your career and want to be the professional who fosters welcoming, educational, supportive, and generally friendly environments, this one is for you.
Don’t worry, newbies; read on to learn how to spot high-achieving and nurturing communities when you are breaking into any industry.
My start in infosec is a story I’ve told before. Mustering up all the courage I had inside my body, I hopped on the Schmoo Bus with a bunch of people I followed on Twitter and set course to my first-ever SchmooCon.
This adventure introduced me to many obstacles newcomers face in the industry. On the other side of that now, aligning more closely with a Schmoo bus driver than a hitchhiker, I decided to revisit a concept from an earlier newsletter from a new perspective.
In that newsletter, I shared the 5 obstacles newcomers face when breaking into information security. Today, I want to share what I do to facilitate environments that set newcomers up for success.
First, I will tell you why I find this particularly important. Fostering a culture of inclusivity and support within the infosec community elevates the entire industry and everyone in it.
The success and growth of the industry depend on the active engagement and development of newcomers. Building a community where questions are welcomed and where experienced professionals willingly share their knowledge and insights is something we should be striving to achieve.
By valuing and encouraging the participation of beginners, we ensure the sustainability and vitality of the infosec field.
Four Things To Do as a Security Veteran to Foster Newcomer Success
1. Welcome Mat. Welcome, Matt.
My daughter goes to rock climbing class once a week. She was anxious at her third of nine classes this week, just like the weeks before. She was fear-ridden and ready to sit out the whole time while gripping her mom’s leg (like in both classes prior). Then something magical happened. A little girl said, “Do you want to be my friend?”
At 4, nearly 5 now, my daughter is strong and kind. Not afraid to say no. She sets clear boundaries, often and confidently. She can hold her own body weight up with her little pinky, but entering a room with no one she knows gives her hives.
After that little girl asked to be friends, my daughter’s face lit up like a Christmas tree. And just like that, she was springing around the room, ready to climb some walls. The other girl quickly got distracted and ran off, but she had broken the ice. This new friend had welcomed her into the community.
Although I am usually off trying to connect with all my friends, old colleagues, and people I only get to see once or twice a year, when I am at a conference or community event and spot a newb - you bet I’m making an introduction.
It can be scary to introduce yourself to new people. After all these years, I’ve gotten much better at it, and when I can, I make the first gesture to get to know someone while remembering how anxious I was those first few years.
Empathy is a powerful tool.
2. ELI5 (Explain Like I’m 5)
This principle made much more sense before I had a nearly 5-year-old who seems to understand the world better than I do sometimes! 😅 You know what it was like diving in head first to the cybersecurity acronym soup. This issue is very relatable across industry lines.
These acronyms and specialized terms are part of our daily lexicon now, but it wasn’t always like that. As veterans, we are equipped with the unique ability to bridge the gap between complexity and comprehension.
S-p-e-l-l I-t O-u-t.
This one is hard for me, and I won’t pretend it’s not. Not only do I use these phrases and acronyms in my daily interactions with people at work and in the larger infosec community, but I also see acronyms written constantly.
Far more than I ever see them written out entirely. My brain almost registers the acronym as the concept itself, and I sometimes forget what it stands for. The most accessible place to start spelling it out for people is content creation—conference talks, training, webinars, social posts, newsletters, and blogs.
Anyone partaking in this kind of content wants to learn. So, my hot take? Let them.
It costs nothing to write out a few acronyms now and again.
Assume no knowledge, but not in an asshole kind of way.
An example of this is the talk I’m giving next week. Do I think the room, in general, will know the pros/cons of using a cloud environment over an on-prem data center? You bet. Will I still have this slide (or one like it):
Absolutely. Assuming a reader/viewer/listener does not know doesn’t mean speaking to them like they are an idiot. It just encourages using clear, concise, and basic communication.
Maybe phrases like, “Am I making sense?” or “How much do you know about [blank]?” Try this even, “Before I continue, what gaps can I fill?” That said, don’t mansplain. People hate that.
Another thing to avoid here: If there is any doubt someone in the room might not be super familiar with a concept, don’t pull the old: “Who here doesn’t know what [thing] is?” - You’ll wind up making the newer folks embarrassingly raise their hands and then make them feel like you’re wasting your time explaining this to them. If you think someone might need extra explanation - do it.
3. Encouraging Curiosity: Paying it Forward
In my memory lies the image of me as a newcomer, standing on the threshold of industry discussions, harboring questions that might seem too basic or disruptive to consider saying aloud. That newcomer was so anxious. Someone eased my nerves and set me on a path that shaped my career.
James Arlen sat with me at that first ShmooCon in DC, and I asked him a million questions.
I was too new even to understand his answers, so I’d ask for clarification as many times as I could muster the courage to before just kind of nodding and moving on. My curiosity swirled around as I eagerly tried to find all the answers to fill all the gaps, not knowing how long his attention would last. I had the ear of someone I deeply admired and respected. This moment was a game changer.
That feeling was remarkable. He didn’t look at me like I was crazy for being in that room with all those smart people. It was almost like he admired me, too. For being in the room with all those smart people, just barely out of college, with a desire to absorb all the information I could.
He could have been off trying to connect with friends, colleagues, and other people he only sees once or twice a year. So, when I have the opportunity, I think about what that afternoon meant to me as a 22-year-old with big dreams, and I pay it forward.
It’s our privilege to extend that torch of curiosity to those just starting their journey. Every engagement becomes an opportunity to nurture passion and curiosity.
4. Become a Mentor
Only some people have the time or experience to share knowledge with people breaking into the industry or trying to level up their careers. However, I’ve nurtured some relationships like this, and not only does it feel terrific to give back in this way, but I have learned a lot in the process.
Breaking down concepts and returning to the basics helps me better understand the industry. It inspires my curiosity and makes me think about things in ways I may not have, simply because of how the question was framed.
Regularly accessing empathy keeps me feeling human, too. In an industry (society, really) that moves quickly, changes frequently, and measures successes with productivity and achievement, it can be nice to have wholesome conversations where passion and excitement reign supreme.
I wanted to flip my previous post on its head. Instead of putting the onus on the newcomers to navigate this field, I tried to look to us vets on how we could foster a more welcoming environment.
If I succeeded, let me know, and consider subscribing to get this content in your inbox every week below. I appreciate you all.