From Solo Researcher to Cybersecurity Mentor: Embracing the Challenge of Teaching

✍️ Valentin Lobstein  | 

Taking on the role of mentor while still pursuing my cybersecurity studies has proven more challenging than any technical test I’ve faced. Between lectures, labs, and exams, I now must carve out time to transform what comes naturally, identifying web vulnerabilities, writing proofs of concept, or automating scans, into simple, step-by-step lessons. Turning deep experience into clear teaching points shows how much I assumed without ever explaining.

Until now, as a student, I had only mentored my friends online as part of the Balgo Security team, where we all progressed together. Recently, for the first time, I received an external request from someone with zero background, pushing me out of my comfort zone to provide genuine in-person mentorship, a whole new level of challenge. I’m currently mentoring just this one person, completely free of charge, driven by the desire to share what I’ve learned.

The first challenge is building a curriculum for people with zero background. My own learning was messy, trial and error, late nights debugging, so I had to select the core ideas: how a web page loads, using browser developer tools, and understanding basic request and response flow. Then I organized these pieces so each lesson builds on the last. Creating short, hands-on tasks helped me see that students need quick wins to stay motivated, not all-day exercises. Organizing such a curriculum proved quite complex, so leveraging established online resources can save significant time without compromising content quality. Although covering these fundamentals can feel β€œboring,” mastering the basics is essential, they form the foundation for the more advanced and exciting challenges to come.

Even the basics can trip people up. For example, I’ve had to explain that everything you see, the HTML structure, styles, and scripts, is rendered by your browser from the raw files the server sends, and that any edits in your dev tools only affect your local view. I used to instinctively verify these details by consulting MDN or RFCs when I was learning, but over time I let those habits slip. Teaching has forced me back to those authoritative sources, summarizing differences between GET, POST, PUT, and DELETE, to ensure clarity for my mentee. In the process, I’ve re-established the importance of reading upstream documentation and sharpened my own learning methodology.

Keeping my mentee engaged means working directly at the PC and exploring resources side by side. We open documentation, run sample code, and step through interactive labs together, pausing whenever they need clarification. This hands-on, collaborative process ensures each concept is immediately put into practice, and it forces me to verify that every step actually works before moving on.

Measuring progress without formal tests is another hurdle. Instead of quizzes, I set small goals. Each success is proof of real understanding and builds confidence for both student and mentor.

Teaching also improves my own research. Explaining a workflow in plain language often uncovers assumptions I never questioned, like how to structure a testing environment or organize notes. Students’ questions lead me back to fundamentals, and I end up with better habits and clearer processes.

Becoming a cybersecurity mentor is a real test of patience and empathy. Every session demands I anticipate questions and be ready to explain things in different ways. Yet that challenge is exactly why teaching is so worth it: by making my knowledge explicit, I strengthen my expertise and help others build theirs.

Why Mentorship Matters

This is just the beginning of my journey as a mentor, and every meeting reminds me how much I have to learn about teaching and hacking. Unlike technical work, where results are code and reports, here the reward is seeing a beginner’s first success: loading their first page, running a script, or simply closing the console with confidence. These moments prove the effort is worthwhile, even though a single misunderstanding can stall progress.

Starting Small and Building Trust

The key is to start very small. Early lessons cover installing a browser, opening developer tools, and typing a basic command. Low stakes, clear successes. As comfort grows, I introduce slightly harder tasks, examining headers, modifying a script, or tracing a simple workflow. Celebrating each milestone creates a safe space where mistakes are part of learning.

I began my own journey on Root Me and VulnHub, which presupposes some development background and quickly became frustrating for total beginners. To better support someone with zero prior knowledge, I plan to integrate structured paths like TryHackMe’s Cybersecurity 101 ( https://tryhackme.com/path/outline/cybersecurity101 ), ensuring that initial exercises are approachable and build essential skills without overwhelming newcomers.

Structuring for Effective Learning

Effective mentorship needs:

  1. Simple Goals: One clear task per session, view a page source, capture a request, run a script.
  2. Immediate Feedback: Review the student’s work right away to correct errors before they become habits.
  3. Iterative Improvement: Update lesson plans based on what the student struggles with, keeping examples relevant.
  4. Shared Effort: I guide the challenge-based exercises, and the student actively practices, making this a true partnership.

A Growth Mindset for Everyone

Teaching forces humility. To explain basics, I revisit concepts I thought I mastered, finding new ways to illustrate them. This back-and-forth boosts my own problem-solving too. Mentorship becomes a two-way street, students learn from me, and I learn from them.

Conclusion: Mentorship as Community Building

Mentorship in cybersecurity is more than instruction, it multiplies our collective strength. By helping a complete beginner gain real skills in a trusted environment, we expand our field, bring in new perspectives, and prepare for future challenges. Though I’m just starting, I see teaching as a vital part of my growth now and a way to strengthen our community step by step.

- Valentin Lobstein (Chocapikk)