PEN Consultants Logo
Don’t Be a Victim: Find your weaknesses before the criminals do. PEN Consultants can help!

Monthly Mentoring

Group Based Mentoring Sessions

  • BLUF: Group of people - both mentors and mentees - all on the same call. Chat with Robert (CEO PEN Consultants), others on the PEN Consultants team, or others outside the team.
  • Non-traditional mentor-type relationships. Instead of 1-to-1 or even 1-to-N, this is N-to-N.
  • Multiple people receive mentorship at the same time.
  • Multiple people are able to provide insight at the same time.
  • The same person is able to both ask for advice/help and give advice/help on the same call.
  • Agenda: None. We lead with prayer, intros, and possibly pick back up on a previous month’s discussion that we did not complete. Other than that, it’s an open floor.
  • Topics: Any - from getting started in cybersecurity to helping with advanced technical challenges, business-related, etc.

To Join Us

If you would like to attend this free session, please sign up here:


We hope to see you at our next session!

Past Topics Include

  • How to get into pen testing.
  • How do you convince a client they need security in general (as in no budget for it) or penetration testing (as in limited budget)?
  • Should I get a 2nd degree in computer science in addition to cybersecurity?
  • Ethical considerations and boundaries for firing someone over something that was never communicated or given a chance for remediation?
  • How to differentiate between a shopper vs buyer.
  • What is the primary key to security?
  • How to communicate with someone who is largely unresponsive.
  • Dealing with willful ignorance.
  • Defining good performance objectives.
  • What are the boundaries in regard to artificial intelligence as it relates to both cybersecurity and ministry?
  • What are the risks of using Copilot in Windows and how can those risks be reduced; or should it just be disabled?
  • What protections can be put in place to ensure AI queries cannot return sensitive data that it should not be sharing?
  • Is it possible to trick AI into providing inaccurate information by compromising a source from which it pulls data from?
  • Lead generation topics, including presentations at small and medium business luncheons.
  • Pros and cons of whether a cybersecurity tester that was involved in some gray hat activity when they were a minor should be considered for potential employment.
  • How many cybersecurity certifications are enough. When is it a case of diminishing returns?
  • Grant programs to get funding for apprenticeships.
  • Lead generation tool that lists what products or services people are searching for, and it can be focused to a specific geographical area.
  • Implications of the 23andMe breach.
  • What are the risks and considerations of the lack of offensive security testing and experience with SCADA?
  • How do you decide when to not serve a client based on a service/product they sell or action they are taking?  Where is the definitive line that should not be crossed? Ex. a pharma company has a cure for cancer but also a drug used exclusively for abortions, a medical facility that offers beneficial services but also abortion services, a company pays for their employees to travel from a state where abortion is not permitted to one that is, or similar scenarios.
  • How helpful are CTF’s in preparing for Cybersecurity certs and/or gaining experience?
  • What does a typical workday/schedule look like for an OffSec tester?
  • Are the Network+ and Security+ certifications worthwhile/recommended for building your OffSec Tester resume?
  • Does a pentesting company typically have a dev test network or are the individual testers required to have one in order to test tools or techniques utilized on a client engagement?
  • What do future careers look like for technology professionals who have strong moral convictions that conflict with corporate mandates?
  • How do you live your faith and stand firm on your moral convictions in the workplace but without intentionally causing conflict or needless confrontation?
  • How do I achieve non-attributable and managed attribution in online profiles and technology stack?
  • How can I ultimately achieve success at passing OSCP after failing multiple times?