Those who have been around the world of cybersecurity for a while have long realized the importance of the chief information security officer\u2019s (CISO) role in leading teams charged with maintaining the security of corporate data and much, much more. But both freshly minted and veteran CISOs can sometimes feel they\u2019re stranded on a desert island for several reasons.\n\nThey may be new to the role and acclimating to the responsibility and, of course, the accountability they are now shouldering. Others may find themselves having to rapidly garner knowledge and perspective when a situation about which they lack familiarity lands on their plate. This is where mentors and mentorship can be invaluable. So, I set out to determine what that looks like today and how accessible CISOs are to one another.\n\nThere\u2019s been a sea change for CISOs\n\nThe thought process was driven by the conviction of Joe Sullivan in late 2022, which caused a sea change for CISOs as personal liability moved front and center. In a recent interview with CSO Online, Sullivan commented: \u201cOur goal as a community should be for security leaders to become more empowered, more resourced, and more championed under the leadership of their companies.\u201d Deb Radcliff, the author of the CSO Online feature, shared that \u201cSullivan wants to use his case to rally security leaders to work together and with lawmakers to clarify reporting rules and liability and to finally draft a national data breach and reporting law.\u201d That would mean advocating for more support and nurturing CISOs at the board level while promoting transparency between security and leadership.\n\nMy search for insight began at RSA 2023 and continued onward over the following months. At RSA, I encountered Armis CISO Curtis Simpson, who noted that CISOs must use every engagement with a peer as an opportunity to learn and build confidence. He continued that community events provide excellent means to share and acquire knowledge.\n\nEngagement and education can help support leadership\n\nDuring a follow-up discussion in June, Simpson shared a vignette that spoke to the efficacy of those with a depth of experience being willing to share the information via conferences and such. \u201cThree years prior in the height of the COVID pandemic, I presented at a virtual event. Recently an individual who had attended called upon me to assist them with a substantive question,\u201d Simpson said. \u201cThis drove home the point that there are ways of impacting the community which are not immediately measurable.\u201d\n\nCalls like this are the reward for sharing. Simpson encouraged anyone who is stuck or needs a new perspective to reach out and engage with those with more experience and, above all, don\u2019t be afraid to ask questions.\n\nWhat goes around, comes around: answer the call\n\nThe next stop was with one of my own mentors, Raj Samani, chief scientist at Rapid7, who has provided me with insight for more than 17 years. His advice: \u201cSeek trusted advisors \u2026 ultimately the CISO must think strategically and not become mired in the tactical day-to-day decisions. Develop a risk ownership model for your enterprise and find people with integrity and who you can trust.\u201d\n\n\u201cWe so often question the motives of others \u2014I\u2019ve been in this position,\u201d Samani says. He also observed that \u201cnot every call has to be a sales call \u2014 engage, learn, and share. I have reached out to my mentors to help me discuss situations and strategy. When your colleague calls, answer the phone, and give advice. In the end, we are all trying to prevent the same set of risks from becoming reality.\u201d\n\nSecurity can be an especially high-stakes and quickly evolving field, which makes a good community of mentorship incredibly valuable,\u201d says Gary Barlet, field CTO at Illumio. \u201cThere\u2019s no question that having mentors (and being a mentor yourself) is essential. To find mentors or mentees, CISOs and CIOs can turn to networking groups for security professionals, leadership within their organization, and friends of friends. I found that I needed different mentors at different points in my career, and sometimes, the best mentors come about organically.\u201d\n\nMentorship is an invaluable tool in cybersecurity\n\nBarlet said he would like to see more mentorship between business and organizational leaders in the same peer group. \u201cThat's how security leaders will be able to achieve the goals and build the resilience they\u2019re striving for. For security teams to be successful, the whole organization, and particularly leadership, needs to be brought in \u2014 and this starts with mutual respect and a solid understanding of the function.\u201d\n\n\u201cMentorship in the cybersecurity field is an invaluable tool in both an individual\u2019s and an organization\u2019s maturity. CISOs who have been through the wringer have considerable wisdom to share about everything from ransomware remediation to dealing with recalcitrant CFOs,\u201d shared Craig Burland, CISO of Inversion6.\n\nHe cautioned, however, that challenges exist in organizing mentorship, \u201cThe first is very human. Finding a good mentor is a very organic and personal process. Personalities have to click and career trajectories have to be complementary. The second issue is about secrecy. Many of the circumstances where a CISO needs guidance are highly confidential, fast-moving, and intense.\u201d\n\nPeer-to-peer engagement is good for cybersecurity\n\nI finished my mentorship survey of the industry with another individual to whom I have turned for advice in the past, Candid Wuest, vice president of cyber protection and research at Acronis. He pointed out the need for the CISO to embrace the increased management responsibility with CEO alignment, which in turn will \u201cbring less resistance when driving security and aligning business needs\u201d\n\nEngagement and peer-to-peer mentoring at the seniormost levels increases \u201cthe visibility and awareness of the security status for the C-level and drives home the point that cybersecurity is no longer an IT topic, it lives in every department and every decision,\u201d Wuest says.\n\nThe advice and counsel contained in a recent Harvard Business Review piece on mentorship highlight the need for \u201cbridge mentorship,\u201d when social capital unites a diverse set of individuals \u201cto encourage collaboration, understanding and exchange of resources.\u201d Burland\u2019s observation about trust and confidentiality is but one more voice added to the cacophony that mentorship is a definite plus, yet one must ensure that the individual(s) providing mentorship are trustworthy and persons of integrity.\n\nPut simply, mentorship builds a stronger community of CISOs.