Skip to main content
Lora Vaughn
Hero image for How NOT to Find a Cybersecurity Mentor: A Guide for Career Seekers

How NOT to Find a Cybersecurity Mentor: A Guide for Career Seekers


career transition cybersecurity builder mindset

Turning a real-world example into lessons for breaking into cybersecurity the right way

Recently, I received a LinkedIn message that perfectly illustrates everything you should not do when trying to break into cybersecurity. While I won’t share the person’s real name or details, I’ll call them “Jordan” for this post. John’s approach was so problematic that it deserves to be a case study in what not to do, and more importantly, what you should do instead.

The Messages That Made Me Cringe

Message #1: Jordan reached out cold, demanding mentorship from someone they’d never met, with no mutual connections, claiming to be “very desperate” and asking me to “contact them as soon as possible.” Red flags everywhere.

Message #2: After I politely declined and provided detailed alternative resources, Jordan ignored everything I suggested and pushed back with “What would it seriously take for you to do it?” while misspelling basic words in a professional context.

If you’re trying to break into cybersecurity and recognize yourself in Jordan’s approach, don’t panic—but do pay attention to why this strategy backfires.

Why Jordan’s Approach Failed Spectacularly

1. Demanding Instead of Requesting

Jordan’s message read more like a demand than a request. Phrases like “I am very desperate in need of help” and “Contact me as soon as possible” create pressure rather than building rapport.

2. No Relationship Building

Cold outreach asking for significant time commitments from strangers rarely works in any field, but especially not in cybersecurity where trust and relationships are paramount.

3. Ignoring Boundaries

When someone says no and provides alternatives, pushing back with “but what would it take?” shows poor professional judgment—exactly what cybersecurity employers watch for.

4. Poor Attention to Detail

Misspelling words like “waste” as “waist” in professional communications signals carelessness. In cybersecurity, where one typo can mean the difference between secure and compromised systems, this is a career killer.

5. No Professional Presence

No LinkedIn photo, minimal profile information, and unprofessional communication style all signal that Jordan isn’t serious about their professional development.

The Right Way to Find Cybersecurity Mentorship

Start Small and Build Relationships

Instead of: “Will you mentor me?” Try: “I noticed your recent post about incident response. Could I ask you one specific question about your experience transitioning into that field?”

Follow up by:

  • Engaging meaningfully with their content
  • Sharing relevant articles or insights
  • Connecting them with other professionals when appropriate
  • Actually implementing their advice and reporting back

Demonstrate Initiative

Show, don’t tell:

  • “I’ve completed the Google Cybersecurity Certificate and am working through TryHackMe. I’m struggling with [specific concept]. Could you recommend resources?”
  • “I’ve been participating in my local ISACA chapter meetings for three months. Do you have experience with their mentorship program?”
  • “I built a home lab and documented my learning journey. Would you mind taking a quick look at my approach?”

Offer Value in Return

Consider what you can provide:

  • Research assistance for their projects
  • Social media engagement and promotion
  • Fresh perspectives from your previous career
  • Volunteer help with their speaking engagements or events
  • Documentation or content creation skills

Better Alternatives to Cold Mentorship Requests

Structured Programs

  • SANS Mentorship Program: Formal matching process
  • CyberSeek.org: U.S. Government-backed career resources
  • ISC2 Chapter Programs: Local professional groups with mentorship initiatives
  • ISACA Mentoring: Structured professional development
  • MentorCruise: Paid platform connecting mentors and mentees

Community Engagement

  • Local Security Meetups: Build relationships face-to-face
  • Professional Conferences: BSides, DefCon, regional security conferences
  • Online Communities: r/cybersecurity, InfoSec Twitter, Discord servers
  • Capture The Flag (CTF) Teams: Collaborative learning environments

Educational Pathways

  • Community College Programs: Often include industry connections
  • Bootcamps with Job Placement: Built-in mentorship components
  • Professional Associations: Join student or early-career programs
  • Volunteer Opportunities: Help with security initiatives at nonprofits

Professional Communication Standards for Cybersecurity

Since cybersecurity requires clear, precise communication, your outreach should reflect these standards:

Message Structure

  1. Clear subject line that states your purpose
  2. Brief introduction including your background
  3. Specific, reasonable request with defined scope
  4. Demonstration of research about the person and their work
  5. Professional closing that respects their time

Red Flags That Make Mentors Run Away

  • No professional online presence
  • Demanding immediate responses
  • Asking for large time commitments upfront
  • Poor spelling/grammar in professional communications
  • Not researching the person before reaching out
  • Ignoring initial feedback or suggestions
  • Pushing back when someone sets boundaries

For Current Professionals: Setting Healthy Boundaries

If you’re an established professional receiving these types of requests:

  1. Be direct but kind in your initial response
  2. Provide alternative resources when possible
  3. Don’t feel guilty about saying no to unreasonable requests
  4. Block persistent boundary-pushers without hesitation
  5. Consider formal mentorship programs if you want to give back

The Bottom Line

Breaking into cybersecurity requires the same skills that make you successful in the field: attention to detail, respect for boundaries, building trust gradually, and demonstrating competence before asking for access.

Jordan’s approach failed because it ignored all these principles. Don’t be Jordan.

Instead, invest time in building genuine professional relationships, demonstrating your commitment to learning, and following proper professional etiquette. The cybersecurity community is incredibly supportive of people who show they’re serious about joining our field—but you have to earn that support through your actions, not your desperation.

Remember: No one owes you mentorship, but the right approach can open doors you never imagined.

Lora Vaughn - Cybersecurity speaker and executive headshot