There's a moment I've seen happen more times than I can count. A young person around 16 or 17, sits down in front of a challenge they've never seen before. They're nervous. They're not sure they belong in the room. And then something clicks. They find the vulnerability, or crack the cipher, or trace the network path that nobody else spotted, and in that moment, you can watch their entire relationship with technology change.

That moment is why I do this.

The Problem We're Not Talking About Enough

The cybersecurity skills gap is well documented. The figures vary depending on who's counting, but the direction of travel is consistent: there are not enough skilled security professionals to meet current demand, and the gap is widening as the threat landscape grows more complex.

What gets less attention is why the pipeline is thin, and what we can actually do about it.

Part of the answer is perception. Cybersecurity still carries an image problem in some quarters. People picture dark rooms, hooded figures, impenetrable jargon. What they don't picture is the intellectually rich, endlessly varied, genuinely impactful career that it actually is. Security professionals get to be investigators, architects, psychologists, communicators, problem solvers and get to break in to banks without going to prison! - sometimes all in the same afternoon.

The other part of the answer is access. Not everyone who would be brilliant at this work grows up knowing it exists, knowing how to get started, or having someone in their corner who believes they can do it.

That's where mentoring comes in.

The Cyber Schools Academy

When I was at JT Global, I created and ran the JT Cyber Schools Cyber Academy which was a series of six week after school courses designed to introduce young people in Jersey to offensive security.

The curriculum wasn't theoretical. We built Capture The Flag challenges directly inside the TryHackMe infrastructure which was gamified, competitive, and deliberately designed to feel more like a game than a class. Young people don't engage with PowerPoint slides about network protocols. They engage when there's a flag to capture, a system to compromise, and a leaderboard showing how they are doing against their peers.

The results were remarkable, not in terms of technical scores, though those were impressive, but in terms of what happened to the students' confidence. Young people who arrived unsure whether they had any right to be in a cybersecurity classroom left with a tangible proof point: they had found vulnerabilities, they had solved problems, they had competed and succeeded. That changes how you see yourself.

TraceLabs and the Real-World Application

My own CTF involvement goes beyond teaching. I'm a regular participant in TraceLabs.org — a Capture The Flag event with a genuine humanitarian purpose. TraceLabs runs OSINT focused CTFs specifically designed to locate missing persons. Participants use OSINT techniques to gather information that gets passed to law enforcement to support real investigations.

It's one of the most powerful demonstrations I know of how security skills translate directly into social good. The techniques used to track threat actors online, to trace criminal networks, or to build profiles of individuals for investigative purposes are the same techniques that can help find a vulnerable missing person. The feel good factor goes through the roof when you find a breadcrumb that could help them reunite with their family.

When I talk to young people about careers in cybersecurity, TraceLabs is one of the first things I mention. Not because it's glamorous, it's painstaking, detail-oriented work which is sometimes at stupid o'clock due to the global nature of it, but because it illustrates something important: this isn't just a career, It's a craft you can use to genuinely help people.

What Good Mentoring Actually Looks Like

I've seen a lot of mentoring done badly. Talking at young people rather than with them. Assuming they need to be convinced that technology is interesting. Treating mentoring as a box-ticking exercise rather than a genuine relationship.

Good mentoring in cybersecurity looks different. It means:

Meeting people where they are. Not everyone comes to security through the same door. Some come through gaming, some through programming, some through a general curiosity about how things work. Good mentors find the door the person is already standing at and open it wider, rather than insisting they come in through the front entrance.

Creating safe environments to fail. The CTF format is brilliant partly because failure is expected and unremarkable. You try an approach, it doesn't work, you try another. That trial and error mindset is fundamental to security work, but it runs against the grain of how most education is structured. Building spaces where failure is just data, not disaster, is one of the most valuable things a mentor can do.

Showing the range. Security is not one career, it's dozens. There are people who never touch a command line and are brilliant at governance, risk and compliance. There are people who write exploit code for a living. There are OSINT investigators, threat hunters, incident responders, security architects, awareness trainers, and everything in between. Young people who think security isn't for them often haven't yet seen the version of security that would suit them perfectly.

Being honest about the journey. I didn't arrive in cybersecurity knowing what I know now. I started in infrastructure and trading platforms at Reuters, spent years building general IT experience, and came to security through a combination of curiosity, opportunity, and deliberate study. I completed my MSc while working full time, sitting exams and writing a dissertation on Surveillance Capitalism alongside a demanding day job. It's not a sprint. But it's worth it. I am now in my "ahem" latter years of my career and am still sitting exams, so the journey never ends...

The Jersey Context

Jersey is a small island with a large financial sector and a growing awareness that digital risk is real and present. The cyber skills pipeline here is more constrained than in larger jurisdictions, there are fewer pathways, fewer specialist employers, and fewer role models in the industry who young people can see themselves in.

That makes local mentoring and outreach more important, not less. When one person decides to pursue a career in cybersecurity in Jersey, the downstream effects on the island's security posture can be significant. These are not abstract numbers, they're your future colleagues, your future clients' security teams, and the people who will be defending Jersey's infrastructure and institutions in ten years' time.

I served on the board of the Jersey Digital Skills Partnership, leading the cybersecurity vertical. I also volunteered cyber advisory services to local charities. These weren't obligations, they were investments in the kind of island I want to live and work on.

What I'd Say to a Young Person Considering This Career

If you're curious about how things work under the surface. If you've ever wondered how a website gets hacked, or how investigators trace criminals online, or how companies protect their data from people who want to steal it, you already have the instinct for this work.

You don't need to know everything before you start. You need curiosity, a willingness to be persistently stuck and keep trying anyway, and the ability to keep learning in a field that never stops changing.

Get on TryHackMe or HacktheBox, enter a TraceLabs event. Find someone who's doing the kind of work you want to do and ask them about it, most people in this industry are genuinely delighted to talk about what they do.

And if you're in Jersey and want to talk, my door is open.

John Bridge is Director of Cybridge Ltd. He is a regular TraceLabs participant, top 1% on TryHackMe.com, and has been mentoring young people into cybersecurity careers since 2015.

Tags: Training & Advisory, Mentoring, Young People, Cybersecurity Careers, CTF, OSINT, Jersey