Over 2,000 mentors available, including leaders at Amazon, Airbnb, Netflix, and more. Check it out
MentorCruise
Published

Donavan Cheah – Meet the Mentor

I am a cybersecurity consultant that has had experiences both in the public and private sector. I specialise in offensive cybersecurity (penetration testing, red teaming), as well as governance, risk and compliance aspects. Beyond these roles, I have managed to build cybersecurity training pipelines, contributed to journals and have build a cybersecurity card game.
Donavan Cheah

Senior Cybersecurity Consultant

Why did you decide to become a mentor?

I had good mentors who made sure I could gain a footing in the cybersecurity industry despite starting from the outside. I graduated with a Physics degree, and thankfully managed to make it to where I am (so far) today. But not everyone will have such fortune. Some of us do not have the social capital to navigate the cybersecurity industry due to the lack of networking opportunities, despite merit. Privilege and fortune are not universal. In fact, they accentuate inequalities of opportunity and hence outcomes. But that is unfair, and I want to hope to level the playing field for the hardworking and capable, but those that lack that extra step to get into the cybersecurity industry. I hope to be able to do my little part, through mentorship, to hopefully help more deserving candidates make their mark in cybersecurity.

How did you get your career start?

I started my career in the public service in 2016. It was only on hindsight that I learnt later on that the leadership was taking a punt on hiring graduates with hard science and mathematics degrees to stem the serious local cybersecurity talent shortage. In some sense, I was lucky insofar that my hiring managers took a chance on me, and sent me to a team where I could learn under strong mentors despite such a steep learning curve. I would remember my very first vulnerability assessment and penetration test on the fourth day of my work. I was given a copy of Burp Suite, and then, I had a mentor, Celestine, who ran me through the basics of web application vulnerabilities. But I had no background otherwise. He guided me through the thought process which enabled me to think like an attacker, and quickly I fell in love with the job. Finding flaws in software and then explaining how best to improve them was a meaningful role that I was glad to sacrifice numerous weekday evenings and weekends just to master it. That led to a journey on the OSCP, which I eventually managed to pass after a few failures. The rest, as you might guess, is history.

What do mentees usually come to you for?

There are two types of mentees I have seen so far. One, the type that are consciously aware they lack knowledge. Typically, they have a plan, but no idea how to execute it well. These objectives include finding a job, or obtaining a certification. Their motivations can range from wanting to obtain an entry-level job in cybersecurity, or performing a mid-career pivot. I come in to provide the roadmaps, skills and practice for them to achieve their objectives. These can include iterative feedback on their learning journeys, mock interviews and resume interviews. The other main type of mentee is not conscious of the industry. Typically, they begin with the premise that cybersecurity is a cool industry, or that it is profitable, and they ask me how one can get there. With such broad questions, I come in to align their expectations, and provide them guidance to research on the industry, what it entails and to perform exploratory tasks to assess the extent to which they find a cybersecurity career meaningful and in line with their expectations. In some cases, this becomes a self-discovery and self-awareness exercise for the mentee as well.

What's been your favourite mentorship success story so far?

Many years before joining Mentorcruise, I mentored someone unofficially. She used to be a student in an arts discipline in university. At that point, she was trudging along life, one step at a time, until she started to be interested in my cybersecurity journey. I mentioned how I pivoted from a hard science background to a cybersecurity background, and slogged at the junior level for years before making a public mark in cybersecurity such as contributions to the open-source community. She started getting interested in asked me for advice on how she could do what I did. Today she is undergoing a formal cybersecurity training programme with an expectation of an industrial attachment phase, where she will perform cybersecurity roles. To some extent, I am thankful that I have managed to steer her on a sustainable path to begin her own cybersecurity journey and illustrated how even those from a non-technical background, with the right guidance and training, can pivot into the industry.

What are you getting out of being a mentor?

Mentorship, to me, is a two-way street. I personally learnt a lot about the cultural complexities that surround other markets and nationalities, which hone my ability to work with cross-cultural teams and people, which are crucial skills especially in Singapore, where many clients and teams operate on regional and/or global structures. Mentorship also keeps me grounded insofar that my mentees remind me that their presence suggests their is still much work to be done to help many, who may not have had the same privileges and roll of the dice as I did. And if we can help one person at a time, one mentorship at a time, I think it provides meaning in my own life through the impact I leave on them.

Find an expert mentor

Get the career advice you need to succeed. Find a mentor who can help you with your career goals, on the leading mentorship marketplace.

Find a mentor