When discussing the ongoing talent short in cybersecurity, it’s almost cliché to mention the Cybersecurity Ventures forecast that there will be shortfall of 3.5 million cybersecurity professionals by 2021. However, that’s only because the prediction very succinctly summarizes the one of the biggest challenges facing the industry… which affects every other industry in the corporate, government and nonprofit sectors.
Rather than rehashing the problem, I’d like to recommend veterans as an excellent source of talent to grow our cybersecurity ranks. I can almost hear people going, “Yes, I know. We like hiring veterans already.” However, I want to make clear that I’m not sure talking about looking to veterans, who were already in highly technical fields like network management, signals intelligence, or cyber warfare. Those individuals didn’t need much help getting tech sector jobs in the first place. Focusing on them alone won’t increase the military-to-cybersecurity pipeline in any meaningful way.
By expanding the recruiting focus to veterans from less hands-on-keyboard military occupational specialties we can help close the gap in our cybersecurity talent pool and thank our veterans in a meaningful way.
Defensive Mindset
It’s probably not shocking to hear that military veterans have a defensive mindset that is difficult—if not impossible—to replicate with your fresh out of school computer science graduate. Veterans come from a community, where the defense was their raison d’etre. They come from deployments, where suspicion of events or artifacts that just didn’t look right saved people’s lives. That is to say that veterans take defense very seriously in a way that technology professionals (outside of cybersecurity) frequently don’t.
There’s an expression that I learned during my early training as a Army intelligence officer that stuck with me over the years: Just because you’re paranoid doesn’t mean that someone’s not out to get you. It’s that sort of defense-oriented mindset that I like to have on my team.
The defensive mindset of veterans may be most valuable in protecting industries, which the US government considers critical infrastructure (such as, the communications, financial services, and energy sectors). Those roles are quite literally protecting the country’s strategic safety.
Trainability
Many cybersecurity job listings today look like they were written by a recruiter, who is unaware that there is a talent shortage. If every position is written for someone with a bachelors in computer science with 5+ years of cybersecurity experience, we’re not going to make a dent in our current talent shortfall. However, more employers are opting to increase the amount of time and effort they put into training smart, driven people. The military produces some very trainable individuals.
Just because you’re paranoid doesn’t mean that someone’s not out to get you.
Most military service members are doing something they studied in school. Even amongst the officer corps, most of us weren’t in a career field, which we majored in college. We gained our skill sets through training. That includes courses, which may have taken anywhere between a week and a few months, as well as the infamous on-the-job training.
Veterans take that trainability with them. They’re very good at picking up new skill sets. Not only are veterans primed to learn the new skills required for a career in cybersecurity, but they are primed to continue to learn and train themselves throughout their career. It’s just part of they way they grew up in the military. There was always a new training course to attend… and they generally weren’t optional.
Ambiguity
There’s a lot of ambiguity in cybersecurity. It’s rather different from other technology jobs in that regard. Who understands ambiguity better, than the veterans, who served during the last 17 years of war? There’s no beginning or end to cybersecurity. There’s no “launch date” after which we get to say, “Good job everyone. We’re done with cybersecurity now. On to the next project.”
Veterans come from a community, where the defense was their raison d’etre.
The ongoing, ambiguous task of securing our networks and endpoints isn’t going away. That is a task that veterans are well suited for. They are accustomed to making critical, time sensitive decisions with incomplete information. They are prepared to make the best decisions that can with the incomplete information — and know that indecisiveness is a trait that can bring dire consequences.
Advice for Veterans
The transition to cybersecurity can challenging, but it’s a growing career field with a lot of opportunity. Here’s a bit of advice to ease the transition:
- Understanding of cyber roles. Know what you would like to do in cybersecurity. The field has matured and there are diverse roles available. Would you like to be a SOC analyst, a penetration tester, a cyber intel analyst, a cyber exercise planner or some other role? If you don’t know, that’s okay. You now have a homework assignment. Research what sort of role interests you the most, so you have a set goal in mind.
- Self training. While I’m always a proponent of hiring veterans, simply being a veteran isn’t going to get you a job. If your background is a bit removed from cyber, that’s okay. (Personally, I work with a former Army cavalry scout, who is great with cyber threat intelligence.) It just means you have some need to do some self training. Fortunately, there’s a lot of resources out there whether it be a community college course or an online course from someplace like Cybrary.it. Also, check out the NICCS Veterans Cybersecurity Training and Education Guide.
- Certifications. You may read elsewhere that certifications don’t matter, but I think they’re a great way to get your foot in the door. A certification represents evidence that you’ve learned a subject to an industry recognized standard. An entry-level certification, like the CompTIA Security+, is an achievable goal for motivated veterans making their entry into cybersecurity.
- Networking. Companies like to hire people on referral, but how do you get those referrals, if you don’t know anyone in the industry? First, spread the word within your personal network that you’re trying to break into cybersecurity. There’s a chance that a friend of a friend is in the industry. Second, use LinkedIn like pro. I’ve found the veteran community to be better, than any fraternity. Message veterans whose cybersecurity experience lines up with your interest. Ask to talk to them. To learn from them. A surprising number of veterans will be able to make time for you.
Advice for Hiring Managers
While veterans make a great source for entry-level cybersecurity talent, you will want to be intentional about your hiring in order to attract them.
- Technology recruiter. It seems that many corporate cybersecurity recruiters are actually technology recruiters with the additional duty of recruiting for cybersecurity. That means your recruiter may not be sending your a number of veteran candidates with good potential, because they’re waiting on the ideal candidate that checks all the right boxes. Make sure your recruiter is aware of your desire to screen more veteran candidates.
- Job listing. Veterans may be less likely than civilians to apply for jobs in which they don’t match all of the “requirements”. You can help balance this out by posting on veteran-friendly career sites like recruitmilitary.com. Posting jobs a “veteran preferred” can go a long way.
- Resume review. Veterans’ resumes can be confusing at first. Their experience and language likely won’t line up apples-to-apples with your other candidates. Find a veteran or two within your organization to help review the resumes of your veteran candidates. They’ll be able to help you sort out the impressive military experiences (especially veterans from the same branch of service).
Increasing the pipeline of quality individuals into cybersecurity will benefit the entire industry. Veterans represent a great way to jumpstart that pipeline growth.