ISSO Mentorship Program: Mentee Guide

Introduction

This guide is for mentee participants of the ISSO Mentorship Program at the Centers for Medicare & Medicaid Services (CMS). The program seeks to improve the overall readiness and skill of Information System Security Officers (ISSOs) by creating opportunities for knowledge sharing and support among ISSOs of all experience levels. 

Learn more about the CMS ISSO Mentorship Program and how it works.

Welcome for mentees

Congratulations on your decision to join the CMS ISSO Mentorship Program. Being a mentee will provide new opportunities for you to learn from other ISSOs who have worked through a number of issues during their careers at CMS. This guide outlines your responsibilities as a mentee and provides tips and resources to support your success along the ISSO mentorship pathway.

How you will grow

While participating as a mentee in the ISSO Mentorship Program, you will build competencies in key areas to increase your confidence and success as an ISSO at CMS. You’ll deepen your knowledge of:

• Your role and responsibilities as an ISSO at CMS
• CMS documents, tools, and resources that support information security and privacy
• Activities and documentation required at CMS for system authorization and ongoing risk management
• Federal policies and laws that underpin CMS security and privacy

You will also build skills in communicating with stakeholders and using CMS risk management and reporting tools.

Expectations for mentees

As a mentee participant in the ISSO Mentorship Program, you are expected to:

• Use your official government email for all program communication
• Respect your mentor’s working hours and communication style
• Bring up issues or concerns early with your mentor or the ISSO Mentorship Program Lead (ISSO@cms.hhs.gov)
• Set clear goals for what you want to achieve
• Be open to feedback and take initiative in your learning
• Attend scheduled meetings consistently and punctually
• Complete action items or assignments agreed upon with your mentor
• Keep interactions with your mentor professional and confidential

Tips for mentees

You will get the most out of your ISSO mentorship engagement as a mentee if you do the following:

• Do hands-on work. Your mentor can provide tools and advice, but you are ultimately responsible for your own growth and learning. Recommended hands-on activities:
  • Shadow your ISSO mentor in meetings
  • Review past SSPPs
  • Complete RMF artifacts with your mentor’s guidance
  • Research key NIST publications to deepen your understanding
  • Engage in mock security assessments or audits
  • Attend security awareness briefings or policy reviews
• Get involved. Become an active participant in the CMS cybersecurity community so you can learn from others.
• Be proactive. Come to meetings prepared with an agenda and goals to ensure the meeting is productive for everyone. Take notes and reflect on discussions.
• Build relationships beyond your mentor. Your mentor will help you as much as they can, but if you have a need they can’t address because of limited time or lack of experience in a specific realm, they will point you to resources or other people who can help.
• Invest in the relationship. Trust and mutual respect do not happen automatically when the mentorship begins. You can nurture the relationship by showing appreciation, communicating thoughtfully, and demonstrating a growth mindset.
• Ask questions. There are no bad questions, and your mentor is there to support you. Be honest about what you know and don’t know, so your mentor can provide the right support.

Support and resources

For anyone participating in the ISSO Mentorship Program, it’s important to have quick access to ISSO resources provided by CMS and other organizations. 

The CMS Information Systems Security Officer (ISSO) Handbook is the authoritative guide for everything a CMS ISSO needs. It provides useful information like:

• Tips for getting started - Everything a new ISSO needs for onboarding at CMS, including self-assessment, initial meetings, and goals for the first year.
• Role and responsibilities - Learn what’s expected of an ISSO at CMS, and how to perform all required duties.
• ISSO documents, tools, and resources - Policies and other resources from CMS and federal security organizations that are integral to the ISSO’s work.
• ISSO community and events - Opportunities for engagement, collaboration, and learning with other CMS security professionals.
• Training opportunities - Browse free training offerings from CMS to help ISSOs of all skill levels advance their knowledge and grow in their careers.

Need help?

Ask questions or get help anytime from the ISSO Support Team: ISSO@cms.hhs.gov. You can also ask questions in #cms-isso in CMS Slack.