The Mozilla Security team is strongly committed to helping to develop a community of security contributors through our Champions program, but some individuals may be interested in a more structured approach to contribution, or may want to participate in a goal oriented program that will allow them to develop skills while helping further our mission. The Security Mentorship program at Mozilla provides that opportunity.
Important Links to get involved:
Important links for mentorships:
The Mozilla Security mentorship program is a volunteer based program that provides the opportunity for individuals who have the desire to learn about Information Security and gain practical experience by working on a specific set of tasks and goals. While the mentorship program is organized to support volunteers, the responsibilities and expectations of both mentors and mentees are considered serious responsibilities. The Mentor and Mentee will work together on a publicly tracked project that will provide the mentee work experience that demonstrates a clear understanding of the practical application of Information Security knowledge. The Mentor and the Mozilla Community will gain the benefit of having helped to train an individual who may grow into a strong contributor to Mozilla projects and initiatives, and will have worked with the Mentee to achieve some specific goals to move critical projects and work forward.
The Role of a Mentee
A Security Mentee should be prepared to make at least a 200 hour commitment over the duration of the mentorship. While the mentorships are offered on a volunteer basis, the projects mentees will work on are expected to have a direct impact on active Mozilla projects, and should be treated with the level of effort and commitment one would have to a university course or internship. In some cases, Mentorships may be offered in tandem with an academic institution and the Mentee will receive academic credit for the work completed. Mentees should also expect to meet with their mentors at least twice a week at a regularly scheduled time, and should provide regular status updates on the work they are doing.
If you want to apply for mentorship on a project, please submit an application
The Role of a Mentor
A Security Mentor is expected to provide a significant amount of guidance and direction to the Mentee they work with. Some of the tasks and responsibilities a mentor will fulfill in the course of a mentorship include:
- Preparing a project plan with clear milestones and outcomes for the mentorship
- Interviewing and selecting a candidates from a pool of applicants
- Providing ongoing mentorship, including meeting (online or in person) with the mentee to provide guidance and support during the duration of the project.
- Evaluate the candidates performance through the course of the project
- Provide supporting documentation at the end of the mentorship (where appropriate, for example, tandem academic mentorships)
If you want to apply to be a mentor, please submit an If you want to apply here, please submit an application.
The Role of a Liaison
The mentorship program was created in response to engagement efforts with academic groups who wanted students to participate in exchange for credit in post-secondary programs. To facilitate these types of mentorships, a Liaison who manages the relationship between the Mentorship program, the Mentors, and the Mentees. This Liaison helps onboard a group of mentees (students) into the program and helps to define the success criteria and tracking requirements for the mentees who participate through that program. This role is highly specialized based on the institution, organization, or group that wishes to engage with the Mentorship program, and is negotiated and defined on a case by case basis.
If you are interested in becoming the Liason for your organization, please contact us using the instructions found here: Liaison Engagement
The Role of a Coordinator
The mentorship program is alot of work! It requires time, patience, and effort by all of the participants, and some times we need a person who can provide guidance on how to get engaged, solve thorny problems, and work as a match maker between the various participants.
Coordinators work within their team or domain to ensure that incoming applicants are properly routed into projects that interest them, follow up with mentors to ensure that the candidates are being interviewed, and that mentorship projects are on track by ensuring that mid project and final project milestones and artefacts are properly captured.
There is currently one Coordinator working for the Mentorship program. If you are interested in learning more about becoming a coordinator, please contact yvan on irc.mozilla.org!
The Mozilla Security team offers mentorships in several areas:
- Application Security Assurance
- Operations Security
- Network Security Monitoring
- Client Security Engineering
- Web Security Engineering
In addition to these areas, the Security Mentorship program solicits recommendations and suggestions from the community about projects that we might want to pursue. If you are interested in proposing a mentorship, please follow the instructions here.
Application Security Assurance
Mentorships under this program are focused primarily on security testing and review. Under this program, mentors can expect to build practical experience performing manual and automated security reviews of real world applications and components.
This program offers the opportunity to work on challenging operation security issues related to ensuring the security and availability of operational infrastructure through host based and network based security controls for both clients and servers.
Network Security Monitoring
NSM mentorships provide the opportunity for mentees to help design and implement technologies for real world deployment. Some examples include configuring and testing web application firewalls, investigating new NSM technologies, and providing technical support and helping to manage NSM related activities such as reviewing logs, assessing the monitoring requirements of applications, etc.
Client and Web Security Engineering
These are two separate, but similar programs that offer individuals with software development expertise to work on challenging problems related to security in web technologies, browsers, and mobile platforms. The projects will typically result in changes to our platforms and technologies and can be highly visible projects, but will usually run longer than 200 hours.
Information about how mentorships, mentees, and mentors are managed can be found on the processes page.