Are you teacherless? Do you have someone (or more than just one person) that you can truly saddle up alongside and allow to teach you things that you do not know? Or are you too good to submit yourself to someone else’s experience and leadership?John Saddington

John asked those questions in a blog post yesterday.  I wanted to respond directly on his blog but the comments are turned off.  So, I’m responding via blog post.

Am I teacher-less? Yes.  I’ve been teacher-less for a very long time. It’s something I’ve wanted to rectify for a while but I don’t know where to turn for help.  I know few people in my field who are more accomplished or who know me well.

Do I have someone (or more than just one person) that I can truly saddle up alongside and allow to teach me things that I do not know? No.  My field — information security — is not a charitable one.  Yes, there are many networking functions hosted by local chapters of various organizations but most of the attendees are only there to network to find jobs or other opportunity.  The events are all very well organized and their is a lot of exchanging of business cards but very little else.

I did a Google search on the keyword “information security mentor” and found an Information Security Leaders article from August 2010.  Like most articles on mentoring, there is a lot of information about how to manage a mentoring relationship but no information on how to find a mentor.  I can’t go back in time to when I was in high-school or college and start over to find my mentor in a college professor or one of my father’s friends (my Dad’s field is accounting. I don’t think he knows any engineers).

I found (more like rediscovered) a Network World article from 2010 heralding the founding of an InfoSec Mentors volunteer group. I remember back in 2010 signing up to be a mentee.  I don’t remember every receiving any information beyond my initial signup.  Checking on the web site today I see that nothing has changed.

Alt text

Am I too good to submit my to someone else’s experience and leadership? No.  But first I have to find someone else with experience that equals or surpasses mine that is also a leader in the field.  Or maybe this ship has sailed.

Hello Goodbye

NIKON D5100 (85mm, f/4, 1/2500 sec, ISO800)

NIKON D5100 (85mm, f/4, 1/2500 sec, ISO800)

The second image was purely accidental. I saw these insects fluttering about the purple flowers. I got a few photos of them sitting on the petals with wings closed.

Celebrating with the gingerbread man

Alt text

NIKON D5100 (85mm, f/4, 1/1.3 sec, ISO100)

For the last year — since May of 2013 — I’ve worked with a major New Jersey state client with a single goal in mind. Re-architecting the applications, policies, standards, procedures and systems processing credit card data to meet the security requirements of PCI DSS.

Today my client received a report on compliance (ROC) and attention of compliance (AOC) from the QSA.

It’s been a challenging journey but I could not have done without the help of the network, system and database administrators, application developers, and the information security analyst I got to work with over the last year.

We did it!