How to Build Up Infosec Professionals Through Mentoring: Expert Insights from RSA’s Jeff Silver

In the fast-paced world of information security, finding and keeping top talent is a constant struggle. According to RSA senior security engineer Jeff Silver, one of the most effective ways to build up infosec professionals is through structured mentoring programs. Speaking at the (ISC)2 Congress in Orlando, Florida, Silver shared practical advice for organizations looking to foster a mentoring culture that boosts retention and strengthens team dynamics.

Why Mentoring Matters in Information Security

Retention is a critical issue in cybersecurity. “It’s hard to find good qualified people, and when we lose them it hurts,” Silver noted. He believes that mentoring programs can directly address this challenge. When organizations identify their best security professionals as mentors, those individuals feel valued and are more likely to stay. This, in turn, has a positive ripple effect on overall team culture.

Building on this idea, Silver emphasized that every organization has employees with mentoring potential. The key is to recognize and empower them. By doing so, companies not only retain experienced staff but also create an environment where less seasoned professionals can thrive.

Key Principles for Effective Infosec Mentoring

Separate Mentoring from Technical Training

A common mistake is treating mentoring as just another form of technical training. Silver warned against this. Mentoring focuses on career development, soft skills, and personal growth—not on teaching specific tools or techniques. Understanding this distinction is the first step to building a successful relationship.

Establish Trust and Transparency Early

Trust is the foundation of any mentoring relationship. Silver advised mentors to set the first meeting and lead by example. “If you’re not willing to get personal and be transparent, don’t be a mentor,” he said. Sharing personal experiences, including mistakes and how they were overcome, helps build a safe space for open dialogue.

Furthermore, if the mentor and mentee have opposing worldviews, Silver suggests moving past it. The goal is not to agree on everything but to help the mentee grow as a security professional.

Focus on Career Aspirations and Brand Building

During the second meeting, mentors should explore the mentee’s career goals and current situation. Silver recommends assigning small homework tasks, such as creating a LinkedIn profile, to gauge the mentee’s pace and commitment. Over time, mentors can help mentees build their personal brand by discussing professional organizations, certifications, and industry reading materials.

Another critical area is helping mentees discover their passions beyond core duties. This includes encouraging them to develop knowledge and abilities that benefit both the company and the wider security community. Silver stressed that mentors should never discourage mentees from pursuing additional responsibilities, but they must also explain any associated risks.

Navigating Corporate Relationships and Confidentiality

Mentors can have a significant impact on how mentees interact within the organization. Silver advised discussing the mentee’s relationship with their boss, helping them build a constructive dynamic. Similarly, mentors should explore peer relationships—do mentees understand their role on the team and the importance of team culture?

Confidentiality is another cornerstone of effective mentoring. Silver made it clear that mentors are responsible for keeping conversations private unless the issue involves illegal, immoral, unethical, or dangerous behavior. In such cases, mentors should empathize, offer positive options, and strongly encourage the mentee to speak with their manager. If the mentee refuses, the mentor should facilitate a conversation while supporting the mentee through the process.

Practical Tips for Lasting Mentorship

Silver offered several actionable tips for mentors: understand what technology the mentee is passionate about, remember that you are an authority figure (whether formal or informal), and avoid trying too hard to be liked. The primary objective is to develop a world-class security professional, and genuine relationships will follow naturally.

Mentors should also guide mentees through their next career steps, encourage proactive engagement with the corporate office, and help them set up meetings with people in other departments. These actions broaden the mentee’s network and perspective.

Finally, Silver reminded mentors that they too need support. “Every mentor program needs an administrator,” he concluded. Bouncing ideas off peers—without breaking confidentiality—helps mentors stay effective. For more on building a cybersecurity career path, check out our guide on cybersecurity career development. Additionally, learn how to improve team culture in security teams.