“Give, and you will receive” aren’t my words, they were uttered many years ago (See: Bible). People who know me, know that I’m not someone who easily takes advice at face value. If I’m interested enough in the advice, I’ll test it. If I didn’t think the test was conclusive, I’ll test it again. Sometimes I test too much, to my own detriment. Ask my wife, she’ll tell you.
If you think about it, testing sort of fits into the “trust, but verify” mantra that’s common amongst many infosec folks. (DON’T get me started on Zero Trust, not now please)
So, here’s the test. Give and see what I receive in return. Let’s use the FRSecure CISSP Mentor Program as an example.
FRSecure CISSP Mentor Program
The motivation behind the program was (and still is) to serve our community with 100% free, no strings, information security training. On one hand, people in the industry said we didn’t have enough infosec professionals to fill open jobs. On the other hand, people trying to get into the industry (to fill these open jobs), couldn’t get in the door. The focus would be more on the former and a little less on the latter (initially).
The problems to solve:
- People lack the funds (and sources to funds) to pay for quality training.
- People have no (or few) industry connections.
- People have a poor understanding of how this industry works.
- People are intimidated (yes we can come off as intimidating to non-infosec folks, our ego is not our amigo).
- People don’t know where to start.
NOTE: In 2023, the CISSP Mentor Program will probably be renamed and will improve focus on mentoring.
We decided that we’d contribute what we could, helping people on both sides of the issue. We put our time (not money, because we didn’t have any) where our mouth was and kicked off the effort in 2010. The first class had six students and all six students found success. They all passed their CISSP exam and all landed jobs. We did it again in 2011, 2012, and every year since. Fast forward to this year, and the CISSP Mentor Program has grown beyond what we thought was possible.
In 2022 alone, we entertained 10,715 registrations! Behind each one of these registrations is a person, a person with goals and dreams.
There’s our part of the test. We gave. Maybe a few thousand hours of time, spread over 13 years. Spreading it over 13 years makes the 1000+ hours a little less impressive I think. We’ve been VERY protective of the students, meaning that we will not tolerate marketing to them, selling to them, or charging them in any way for the training.
There is no motivation for the program beyond serving our community. No strings.
What have we received?
The truth is we didn’t want to receive anything when we started. Now, we’ve learned that receiving comes with the territory, and not always in the way we might expect.
Results of the test.
#1 – We’ve become better at what we do.
If you want to be great (or better) at something, teach it to others and mentor them to be better than you. Every time I teach, I learn. Not book or classroom learning, but learning from different perspectives. When students ask questions or express their opinions, they bring perspectives that wouldn’t be considered in any other way. Seeing the concepts and content through their eyes has made me MUCH better at what I do.
I take my work very seriously and I’m very grateful for the gift of perspective.
#2 – We’ve received countless “Thank You” messages.
I receive “thank you” messages, social media shout outs, and endorsement requests from students all year long. I don’t like these things for the sake of my ego, I like these things because they’re encouraging. A lot of the work I do is thankless (lots of infosec folks can relate), mostly because I find more pleasure in working in the background and seeing others use my work.
The messages, shoutouts, etc. are a great encouragement, reminding me that the work I do matters.
#3 – Living vicariously.
If I want to make the greatest impact I can in the world, it can’t be me. It can’t be about me, my name, being “famous”, or anything like that. The greatest impact comes from others that I’ve influenced, regardless of any credit I get for it. Over the years, I’ve found GREAT satisfaction in watching others succeed, especially knowing deep down that I played a part in their success.
#4 – Reputation.
When I give, people think more highly of me. I’m selfish, messed up, addicted, etc., but giving has made me less so. Giving wipes a lot of the crap away. Giving has earned me a reputation and this reputation has led to more trust and credibility amongst the people who matter most. Learning to live up to the reputation has made me less selfish, less messed up, less addicted, etc.
#5 – Sleep better.
On days when I give, I sleep better. I sleep better because I worked hard doing the right thing. Having a clear conscience and being exhausted turns out to be a good sleep recipe for me.
So, the test results are in. In this single case, the CISSP Mentor Program, “give, and you will receive” is true.
THANK YOU to everyone who has made the CISSP Mentor Program what it is today, and THANK YOU to all the students who have given to me more than they know.
BTW, this also supports another “test” that I wanted to try, the whole “Mission Before Money” thing. The premise is, if you focus on the mission you’ll make money; however, if you focus on the money you won’t make the mission. The “mission” is to fix the broken industry, translated it means to find problems in our industry and solve them. So far, this test is also holding true. FRSecure and SecurityStudio are both proof.