Coach or mentor: What you need depends on where you are as a cyber leader

Renee Guttmann, a Fortune 50 CISO who has served at Time Warner, Coca-Cola, Royal Caribbean Cruises, and other global organizations, gives back by helping others advance along their CISO career paths. Early in her own career, there were no seasoned CISOs to guide her. That motivates her to mentor professionals both within cybersecurity and those looking to enter the field.

“I wish I had mentors early in my career, especially as my teams grew and my interactions with senior executives increased,” she says. “The key message is that it’s okay to ask for help. It’s not a sign of weakness.”

At a September ISSA LA meeting, Guttmann and one of her mentees presented to a full room about mentoring and coaching, sharing personal experiences. “Attendees could have gone to other sessions, but they chose ours. Why? Because the need in our industry is so great,” she explains. “Executive coaching and mentoring are common in other fields — so why not in cybersecurity?”

During the session, she outlined the distinction between mentoring and coaching and why professionals may need both at different stages of their careers. Mentoring, she says, is typically a one-on-one relationship focused on sharing real-world experience. During COVID-19, for example, she helped a mentee address an employee secretly working two jobs.

With another mentee, she recognized the need for improved executive presence and recommended working with a coach. Guttmann faced a similar challenge early in her own career, and her CIO arranged for her to receive executive coaching. Her coach recommended books, facilitated role-playing sessions, and even encouraged her to take a two-day acting class to build confidence in delivering difficult news.

Where to find coaches and mentors

Many potential mentees connect with Guttmann through networking events or professional platforms like LinkedIn. She also participates in formal mentoring programs, including one that involved twenty mentees and ten prominent cybersecurity executives. It has monthly 90-minute training sessions and additional one-on-one meetings. These conversations often focus on career advancement and navigating sensitive workplace situations.

Some mentees find mentors within their own organizations. Others connect through industry-specific IT groups in sectors such as healthcare, energy, or government. Professional organizations including IANS and Deloitte also offer mentoring and coaching programs designed to help CISOs build the business acumen necessary for board-level engagement.

Given the growing demand, Guttmann expects executive recruiters to also begin partnering with experts to develop formal mentoring and coaching services.

As a mentor, she evaluates whether her experience aligns with a mentee’s needs and ensures the relationship is built on trust, respect, and confidentiality. Mentors and mentees typically meet monthly via videoconference, creating a safe environment to discuss peers, employees, HR issues, and leadership challenges.

Once mentees meet their goals, formal meetings conclude — ideally with the mentee eventually “paying it forward.” For example, one of Guttmann’s former mentees is already establishing a mentoring program within their own organization.

A good technical base can last decades

While mentees need the most help with aligning to the business, some argue that a technical baseline is equally as important to the role for managing technical staff and enabling business operations, particularly through innovative technologies like cloud and AI.

One of those is Cynthia Madden, founder of Artemis Enterprise. “The well-rounded CISO needs an equal balance of technical and business acumen,” she explains. “For example, if a new technology brings specific business risks with it, the CISO needs to understand how to meet the business objective within the business’s approved risk tolerance.”

Early in her career, Madden found most of her mentors in the workplace. Her first mentor (a “brilliant” technologist from MIT) helped her understand the basics of neural networks and how to interact with them programmatically. She used her core programming skills in Visual Basic with ODBC to connect to his neural network to predict inventory for a pharmaceutical company.

Under this apprenticeship, she learned how to bridge the needs of the business, inventory expirations, and manage costs — in that case using an early form of artificial intelligence. That mentorship proved to be valuable thirty years later for assessing AI adoption capabilities.

She found more technical mentors when she pivoted to government, where she applied her masters in cybersecurity to conduct cyber exercises and testing against missile defense facilities. There, too, she felt more technically mentored. But she also learned about mission, responsibility, chain of command, ethics, and more business-related knowledge that serves her today.

“Those government mentors were enduring. For me, mentoring people in cyber space is about an extended relationship over time. It’s a trust position to do that, both in the government and private sector. So those become many years-long relationships,” Madden explains.

Of all the things she found mentors for, she needed the most direction around balancing her strong sense of ethics with her employers’ ethics, especially when employers put profits over people. For that, she’s currently in a coaching program learning to balance these nuances in a healthy, informed way by building paths where both people and profit thrive.

And she pays it forward through her classroom mentoring program, “Girls in Cyber,” on Oahu in her home state of Hawaii, where she helps girls in grades four through twelve build technical skillsets that may someday serve as a baseline for their own leadership roles in cyber.

Becoming a business leader

For mentees from technical backgrounds to grow they ultimately need to step away from their hands-on technical roles and learn executive leadership. But letting go of control is often the most difficult step for would-be CISO’s to make, according to George Gerchow, CSO at Bedrock Data. As a long-time faculty member at IANS, he’s seen this often while working one-on-one with CISO’s (as well as through classroom instruction) under the IANS CISO executive coaching program.

“At some point, they’ve got to let go of that technical role in order to step into different business roles and grow,” Gerchow notes. “The reason why so many CISOs don’t get board seats is because they lack understanding of the way a business works, including its strategic positioning and the business longevity plan.”

In his own CISO roles at Sumo Logic and MongoDB, Gerchow had direct access to the board, which gives him valuable experience to share in his trainings. To that end, Gerchow feels more like a mentor than a coach. “I love working with people who are up and coming, looking to brand themselves and get into different positions,” he says.

He also mentored many people in his former workplaces. As he prepared to leave Sumo Logic, he mentored his deputy CISO by putting his “feet in the fire.” He worked with the deputy CISO to create documentation for the board, hold staff meetings, and co-present to the board. “Automating myself out of a job – to me that’s mentoring. Coaching, on the other hand, is more about goal setting and planning a career path. Both are equally needed.”

Mentoring is about the ‘what’ while coaching is about the ‘how’

Like others, Upen Sachdev, principal partner at Deloitte, rose from the technical ranks to direct security, compliance and risk management for a large global brand, after which he was a CISO for seven years at another large global brand.

Sachdev found help with mentors as he ascended in his career. But while working with clients at Deloitte, he saw a gap in business leadership skills among what he calls the “next generation of CISOs.” So he helped create Deloitte’s CISO program with his peers, which Deloitte offers at no cost to selected candidates from the Deloitte client base.

“Mentors will show you the light because they have walked the path before. They will tell you what to do, which mountain to climb,” he says. “Our job as coaches is to help them understand the how. How do you improve your storytelling skills? How can you have a better executive presence? How do you lead your leaders? And how do you enable the business?”

Of the program’s nearly 100 alumni, most of them now rock their executive-level roles. They’re expanding their networks and paying it back, he says. “Our community wants to give back, invest time, connect with, listen to, and support people in advancing in their careers,” Sachdev says. “In some ways, they’ve also coached me back. They’ve made me a better listener, a better teammate, and hopefully a better human being.”