Inspiring the Next Generation: My Journey from First CISSP to Mentoring Future Cybersecurity Leaders
Every career has pivotal moments that set its trajectory. For me, that moment came in January 2018 when I achieved my CISSP certification not just as a personal milestone, but as the first person and first woman in State Street’s APAC region to earn this globally recognized credential. What I didn’t realize then was that this achievement would open doors not just for me, but for countless others I’d have the privilege to guide into cybersecurity.
Breaking Ground at State Street
When I joined (ISC)² in 2016 and began my CISSP journey, cybersecurity certifications weren’t as mainstream in the APAC region as they are today. The path was challenging balancing a demanding role at State Street with rigorous study, mastering eight complex security domains, and preparing for one of the industry’s most respected examinations.
Earning that certification in early 2018 felt like a personal victory, but being the first in my organization and the first woman to achieve it added unexpected weight. Suddenly, I wasn’t just another certified professional; I was proof that this path was accessible and achievable.
That visibility came with responsibility one I’ve embraced wholeheartedly.
From Achiever to Guide
The most rewarding part of any achievement isn’t the credential itself—it’s what you do with it. Since 2018, I’ve had the privilege of guiding numerous young professionals through their own CISSP journeys and other cybersecurity certifications.
I’ve learned that mentoring isn’t about replicating your own path; it’s about helping others navigate theirs. Some needed study strategies. Others needed confidence that they belonged in cybersecurity despite non-traditional backgrounds. Many needed someone to simply say: “You can do this.”
Watching mentees pass their certifications, advance in their careers, and then mentor others creates a ripple effect I couldn’t have imagined when I first opened that CISSP study guide.
The (ISC)² Platform for Impact
My involvement with (ISC)² extended far beyond personal certification. The organization opened doors to make broader impact—from the DEI Advisory Council work to speaking engagements, from community building to shaping industry standards.
What makes (ISC)² special isn’t just the certifications; it’s the community of professionals committed to elevating the entire profession. Every opportunity to contribute back—whether through mentorship programs, speaking at chapter events, or advising on strategy—reinforces that cybersecurity is ultimately about people protecting people.
Symbiosis College Pune: Planting Seeds Early
One of my most memorable experiences was being invited as a panelist at Symbiosis College in Pune. Standing before students at the beginning of their academic journey, I saw both excitement and uncertainty in their eyes.
These students weren’t yet cybersecurity professionals many were still deciding their career paths. My goal wasn’t to recruit them into a single career track, but to illuminate what cybersecurity really is: a field that needs diverse talents, from technical experts to communicators, from analysts to strategists.
The questions they asked revealed bright, curious minds grappling with real concerns:
- “Do I need to be a coding expert to work in cybersecurity?”
- “Can I enter this field with a non-technical degree?”
- “What does a day in cybersecurity actually look like?”
- “How do I start learning when everything seems so complex?”
Answering these questions honestly sharing both the challenges and incredible opportunities felt like planting seeds that might bloom into the next generation of security professionals.
Bristol University and University of East London: Bridging Theory and Reality
My sessions at Bristol University and the University of East London took a different approach. These students were further along their educational journey, ready for deeper technical content and real-world case studies.
I delivered sessions on pathways into cybersecurity careers, demystifying the various routes professionals take from traditional IT backgrounds to career changers, from certification paths to degree programs, from technical roles to governance and risk management.
But theory alone doesn’t capture cybersecurity’s reality. That’s why I included case studies dissecting major cyber attacks examining incidents like ransomware campaigns, supply chain compromises, and social engineering breaches at a strategic level.
These weren’t just technical post-mortems; they were lessons in:
- How organizational culture enables or prevents breaches
- Why technical solutions alone never suffice
- How attackers exploit human psychology as much as technical vulnerabilities
- Why governance, risk, and compliance frameworks exist and what happens when they fail
Watching students connect theoretical concepts to real-world consequences was deeply satisfying. The “aha moments” when they understood why certain security controls matter, or how seemingly small vulnerabilities cascade into major breaches, reminded me why education matters.
Why the Next Generation Matters
Cybersecurity faces a well-documented talent shortage. Millions of positions remain unfilled globally while threats grow more sophisticated. But the solution isn’t just filling seats it’s cultivating diverse, thoughtful professionals who understand that security is fundamentally about protecting people and society.
Every student I’ve spoken with, every young professional I’ve mentored, represents potential to strengthen our collective security. When we inspire one person to pursue cybersecurity, we’re not just filling a job we’re potentially preventing future breaches, protecting critical infrastructure, or developing solutions we haven’t yet imagined.
The Responsibility of Being First
Being the first woman at State Street APAC to achieve CISSP taught me that visibility comes with responsibility. When you’re first, you become a reference point proof that it’s possible, and hopefully, inspiration that makes the path easier for those who follow.
I’ve tried to honor that responsibility by being accessible, by sharing both successes and struggles, and by actively creating opportunities for others especially women and underrepresented groups in cybersecurity.
The Ripple Effect
One mentee passes their certification and mentors two others. One student inspired by a university session chooses cybersecurity and eventually trains their team. One young professional finds confidence to apply for that senior role and goes on to lead diverse security teams.
This is the ripple effect that makes community engagement so powerful. The impact extends far beyond any single interaction.
Looking Forward
My journey from that first CISSP certification to mentoring across universities and organizations continues to evolve. Each speaking engagement, each mentoring session, each opportunity to inspire the next generation reinforces why this work matters.
Cybersecurity’s future depends on attracting diverse talent, providing clear pathways into the field, and creating communities where professionals support each other’s growth. If my journey from breaking ground at State Street to speaking at universities helps even one person find their path into cybersecurity, the effort is worthwhile.
To every young professional considering cybersecurity: the industry needs you. Your perspective, your talents, and your passion will help protect our digital future. And to every established professional: remember that every expert was once a beginner who needed guidance. Let’s keep lifting each other up.
Are you a student or young professional interested in cybersecurity? Feel free to reach out—I’m always happy to provide guidance and share insights from the journey.
By – Pooja Shimpi | Cybersecurity GRC Leader & AI Governance Advisor
