Give, and you will receive. A case study.

“Give, and you will receive” aren’t my words, they were uttered many years ago (See: Bible). People who know me, know that I’m not someone who easily takes advice at face value. If I’m interested enough in the advice, I’ll test it. If I didn’t think the test was conclusive, I’ll test it again. Sometimes I test too much, to my own detriment. Ask my wife, she’ll tell you.

If you think about it, testing sort of fits into the “trust, but verify” mantra that’s common amongst many infosec folks. (DON’T get me started on Zero Trust, not now please)

So, here’s the test. Give and see what I receive in return. Let’s use the FRSecure CISSP Mentor Program as an example.

FRSecure CISSP Mentor Program

The motivation behind the program was (and still is) to serve our community with 100% free, no strings, information security training. On one hand, people in the industry said we didn’t have enough infosec professionals to fill open jobs. On the other hand, people trying to get into the industry (to fill these open jobs), couldn’t get in the door. The focus would be more on the former and a little less on the latter (initially).

The problems to solve:

  • People lack the funds (and sources to funds) to pay for quality training.
  • People have no (or few) industry connections.
  • People have a poor understanding of how this industry works.
  • People are intimidated (yes we can come off as intimidating to non-infosec folks, our ego is not our amigo).
  • People don’t know where to start.

NOTE: In 2023, the CISSP Mentor Program will probably be renamed and will improve focus on mentoring.

We decided that we’d contribute what we could, helping people on both sides of the issue. We put our time (not money, because we didn’t have any) where our mouth was and kicked off the effort in 2010. The first class had six students and all six students found success. They all passed their CISSP exam and all landed jobs. We did it again in 2011, 2012, and every year since. Fast forward to this year, and the CISSP Mentor Program has grown beyond what we thought was possible.

In 2022 alone, we entertained 10,715 registrations! Behind each one of these registrations is a person, a person with goals and dreams.

There’s our part of the test. We gave. Maybe a few thousand hours of time, spread over 13 years. Spreading it over 13 years makes the 1000+ hours a little less impressive I think. We’ve been VERY protective of the students, meaning that we will not tolerate marketing to them, selling to them, or charging them in any way for the training.

There is no motivation for the program beyond serving our community. No strings.

What have we received?

The truth is we didn’t want to receive anything when we started. Now, we’ve learned that receiving comes with the territory, and not always in the way we might expect.

Results of the test.

#1 – We’ve become better at what we do.

If you want to be great (or better) at something, teach it to others and mentor them to be better than you. Every time I teach, I learn. Not book or classroom learning, but learning from different perspectives. When students ask questions or express their opinions, they bring perspectives that wouldn’t be considered in any other way. Seeing the concepts and content through their eyes has made me MUCH better at what I do.

I take my work very seriously and I’m very grateful for the gift of perspective.

#2 – We’ve received countless “Thank You” messages.

I receive “thank you” messages, social media shout outs, and endorsement requests from students all year long. I don’t like these things for the sake of my ego, I like these things because they’re encouraging. A lot of the work I do is thankless (lots of infosec folks can relate), mostly because I find more pleasure in working in the background and seeing others use my work.

The messages, shoutouts, etc. are a great encouragement, reminding me that the work I do matters.

#3 – Living vicariously.

If I want to make the greatest impact I can in the world, it can’t be me. It can’t be about me, my name, being “famous”, or anything like that. The greatest impact comes from others that I’ve influenced, regardless of any credit I get for it. Over the years, I’ve found GREAT satisfaction in watching others succeed, especially knowing deep down that I played a part in their success.

#4 – Reputation.

When I give, people think more highly of me. I’m selfish, messed up, addicted, etc., but giving has made me less so. Giving wipes a lot of the crap away. Giving has earned me a reputation and this reputation has led to more trust and credibility amongst the people who matter most. Learning to live up to the reputation has made me less selfish, less messed up, less addicted, etc.

#5 – Sleep better.

On days when I give, I sleep better. I sleep better because I worked hard doing the right thing. Having a clear conscience and being exhausted turns out to be a good sleep recipe for me.

So, the test results are in. In this single case, the CISSP Mentor Program, “give, and you will receive” is true.

THANK YOU to everyone who has made the CISSP Mentor Program what it is today, and THANK YOU to all the students who have given to me more than they know.

BTW, this also supports another “test” that I wanted to try, the whole “Mission Before Money” thing. The premise is, if you focus on the mission you’ll make money; however, if you focus on the money you won’t make the mission. The “mission” is to fix the broken industry, translated it means to find problems in our industry and solve them. So far, this test is also holding true. FRSecure and SecurityStudio are both proof.

Family Visit from FRSecure

What happens in Mexico, stays in Mexico.

NOT because anything bad or controversial happens here, far from it. It’s because this is a safe place to be “real”, to let your guard down without being attacked for being you. I’ll share things, but never in detail, protecting those who share things in confidence.

ELT in Puerto Vallarta, Q4/2022

Last week, the FRSecure Executive Leadership Team (ELT) was here.

GLOAT: Holy crap, these are AMAZING people! Collectively, they do GREAT things everyday. Individually, each ELT member is uniquely INCREDIBLE in their own right. Spending time with the FRSecure ELT is HUGE blessing for a CEO like me. I’ll never take this time for granted.

Information security is not about information or security as much as it is about people.

Me

The ELT comes to Puerto Vallarta (where I live) twice a year to do whatever they want. This has MUCH less to do about business than it does about doing life together. This is a time to just be people. To rest, hang out, fish, scuba dive, eat great food, swim, play games, take in the sights, etc. The ELT can do whatever they want to do, when they want to do it. No rules beyond what’s legal, responsible, and respectful (never a problem with this group).

This slideshow requires JavaScript.

Sure, we talked about more than our share of information security stuff, discussed lots of cool information security ideas, and made plans to serve our customers better, but this was secondary to us being healthier together.

Fix what’s broken with the information security industry.

FRSecure’s mission.

It was a GREAT week and I’m PROUD of this team! We are all focused on our mission, and we won’t achieve the mission without each other. The trust we have built in each other and the love we have for each other will get us through all of the hard times. On the flip side, it’s pretty damn cool to celebrate success with “real” people who have become family.

We made a TON of AMAZING memories. We played games at my dining room table (I didn’t, but I watched the others play, shedding a few “man tears” as I call them). We drank. We sang. We ate. We laughed. We cried (yeah, I cried, but shut up). We talked. We argued. We got mad. We reconciled. We smiled. We laughed. We fought. We sweated (it’s hot in Mexico for some people). We swam. We took in sights. We fished. We dove. We hugged. We talked (about hard stuff sometimes). We rested. We listened. We shouted. We danced. We were offended (to some degree or other). We forgave.

At the end of the week, we had reinforced what we already knew. We are family.

LOVE my FRSecure family, starting with the amazing FRSecure ELT, and I can’t wait until next time (March, 2023)!