Group Based Mentoring Sessions

• BLUF: Group of people - both mentors and mentees - all on the same call. Chat with Robert (CEO PEN Consultants), others on the PEN Consultants team, or others outside the team.
• Non-traditional mentor-type relationships. Instead of 1-to-1 or even 1-to-N, this is N-to-N.
• Multiple people receive mentorship at the same time.
• Multiple people are able to provide insight at the same time.
• The same person is able to both ask for advice/help and give advice/help on the same call.
• Agenda: None. We lead with prayer, intros, and possibly pick back up on a previous month’s discussion that we did not complete. Other than that, it’s an open floor.
• Topics: Any - from getting started in cybersecurity to helping with advanced technical challenges, business-related, etc.

• How to get into pen testing.
• How do you convince a client they need security in general (as in no budget for it) or penetration testing (as in limited budget)?
• Should I get a 2nd degree in computer science in addition to cybersecurity?
• Ethical considerations and boundaries for firing someone over something that was never communicated or given a chance for remediation?
• How to differentiate between a shopper vs buyer.
• What is the primary key to security?
• How to communicate with someone who is largely unresponsive.
• Dealing with willful ignorance.
• Defining good performance objectives.
• What are the boundaries in regard to artificial intelligence as it relates to both cybersecurity and ministry?
• What are the risks of using Copilot in Windows and how can those risks be reduced; or should it just be disabled?
• What protections can be put in place to ensure AI queries cannot return sensitive data that it should not be sharing?
• Is it possible to trick AI into providing inaccurate information by compromising a source from which it pulls data from?
• Lead generation topics, including presentations at small and medium business luncheons.
• Pros and cons of whether a cybersecurity tester that was involved in some gray hat activity when they were a minor should be considered for potential employment.
• How many cybersecurity certifications are enough. When is it a case of diminishing returns?
• Grant programs to get funding for apprenticeships.
• Lead generation tool that lists what products or services people are searching for, and it can be focused to a specific geographical area.
• Implications of the 23andMe breach.
• What are the risks and considerations of the lack of offensive security testing and experience with SCADA?
• How do you decide when to not serve a client based on a service/product they sell or action they are taking?  Where is the definitive line that should not be crossed? Ex. a pharma company has a cure for cancer but also a drug used exclusively for abortions, a medical facility that offers beneficial services but also abortion services, a company pays for their employees to travel from a state where abortion is not permitted to one that is, or similar scenarios.
• How helpful are CTF’s in preparing for Cybersecurity certs and/or gaining experience?
• What does a typical workday/schedule look like for an OffSec tester?
• Are the Network+ and Security+ certifications worthwhile/recommended for building your OffSec Tester resume?
• Does a pentesting company typically have a dev test network or are the individual testers required to have one in order to test tools or techniques utilized on a client engagement?
• What do future careers look like for technology professionals who have strong moral convictions that conflict with corporate mandates?
• How do you live your faith and stand firm on your moral convictions in the workplace but without intentionally causing conflict or needless confrontation?
• How do I achieve non-attributable and managed attribution in online profiles and technology stack?
• How can I ultimately achieve success at passing OSCP after failing multiple times?