Americas

  • United States

Asia

Oceania

Mary K. Pratt
Contributing writer

Veterans bring high-value, real-life experience as potential cybersecurity employees

Feature
Jan 25, 20239 mins
HiringMilitarySecurity

Veterans come with a range of hard and soft skills acquired during their military service that often dovetail perfectly into a career in cybersecurity.

Johanna Wood was an armored crewman with Lord Strathcona’s Horse, a Canadian Army regiment. At first glance, Wood’s military role may seem incompatible with civilian work; there’s not a lot of call for tank operators in private companies. But Wood believes her experience working in tanks gives her a significant edge as she enters the cybersecurity profession.

“I was trained in reconnaissance, so I’m already trained to look for threats, I’m already trained to look for something that’s unusual and that shouldn’t be there. And it’s that reconnaissance mindset, looking for things that don’t belong, that I find myself drawing on [in cybersecurity work],” she says.

Wood, who served from 2007 to 2012, worked in public relations for several years after leaving the military. A full-time parent since 2017, she is now preparing for a cybersecurity career through training offered by the nonprofit Coding for Veterans. Wood initially thought about studying web development but changed course when her aptitude tests and a mentor suggested her skills and experience made her a good fit for the security profession.

Other veterans now working in cybersecurity have similar perspectives.

“I know what I learned during my time in the Army was incredibly valuable to me,” says Austin Berglas. Berglas served in the US Army for six years, rising to the rank of captain. He then worked in cybersecurity with the FBI and is now global head of professional services at BlueVoyant, where he leads incident response and forensic teams as well as consulting services.

Veterans understand discipline and teamwork

Berglas cites developing discipline, working on a specialized team, and “knowing how to be a leader when you need to be a leader and a follower when you need to be a follower” as particularly valuable takeaways from the military experience.

Lesley Carhart served 15 years in the US Air Force Reserve and is now director of incident response at Dragos. She says she, too, has felt the positive impact her military experience brings to her civilian cybersecurity work, explaining that as a veteran she developed a heightened recognition of the dangers posed by cyberattacks.

“I have an awareness of the physical and real-life consequences [of a security incident]. I’m conscious of what can go wrong in the real world, especially against critical infrastructure. That’s a big part of my thinking,” she says.

Berglas and Carhart both have other veterans on their teams, and they advocate for other security chiefs to consider veterans as an important resource for talent. They and others say that military training and military experience provide veterans with perspectives valuable in cybersecurity and not as readily found in civilian professionals. Moreover, they say that doing more to train and recruit veterans into the profession could help ease the persistent talent shortage that plagues the cybersecurity field.

“We should expand who we consider for cyber positions and realize that diversity creates better results, and one way to do that is to have a veteran workforce. And if you want to tap into that workforce, you’re going to have to put a plan or program in place to recruit in the veteran space,” says US Army veteran Curt Aubley, managing director and the US detect and respond leader with Deloitte’s Cyber & Strategic Risk practice.

Veterans have unique experience and skills

Security leaders say they see veterans approach cybersecurity work in subtle ways that set them apart from non-veterans. Berglas, for example, says veterans more readily grasp how cybersecurity is a national security interest. “I’m not saying that civilians don’t feel that sense of protection of national interests, but when you have a vet, there’s a deeper sense of understanding about what having [sensitive] information fall into malicious hands could do,” he explains.

Security chiefs, hiring managers and veterans share a list of reasons why vets are a good fit for cybersecurity roles.

  • Vets are mission-focused with an ingrained sense of duty.
  • Many have had training in leadership and team building, so they’re used to both taking charge and working collaboratively,
  • They’ve been schooled to think on their feet, so they can take charge and work on their own.
  • They’ve had practice skilling up on the fly. “They know how to deal with operational constraints, so they know how to think of solutions under a given set of circumstances,” says Alex Spivakovsky, vice president of research at security software maker Pentera.
  • They have grit, either naturally or learned, as they need it to get through military training.
  • They’ve been trained to work under extreme pressure, an incredibly helpful experience when responding to cyber threats or escalating security incidents.

“Those are all tangible skills you can put on your resume that other new professionals may not get in college,” Carhart says.

Some service members just leaving the military may also already have security clearance, a time- and cost-saving bonus for firms that need workers with such clearance. Another bonus: they tend to have a strong network of other vets with similar skills whom they can recruit and recommend for jobs.

Ex-military candidates have broad experience

These are, of course, generalizations. Security executives and hiring managers stress that each candidate—including a military veteran—comes with his or her own unique mix of strengths and skills. They note, too, that they evaluate candidates as individuals; they won’t hire someone simply because she or he is a veteran.

However, enterprise security leaders say military experience can put one candidate ahead of another with all else being equal for all the reasons shared above. “We don’t hire veterans with no cybersecurity experience, but we will put [resumes from veterans] higher in the stack. It’s something we consider; it’s a plus,” says Marc Vael, platform CISO for Packaging & Color Management at the global conglomerate Danaher and past board director for governance association ISACA.

Vael and others also acknowledge that non-veterans can also offer many of these traits and come with similar experiences and skills. However, they say they’re more confident that a veteran has cultivated these elements through his or her military experience.

As Spivakovsky says: “I’m not saying that civilians don’t have these, but we know veterans do.”

On the other hand, veterans often need additional training that civilians do not, according to multiple sources. For example, the military is very structured and hierarchical, and many of its roles are very specific and siloed; as a result, veterans often learn to work in ways that fit well with the flat, cross-functional organization structure that dominates the business landscape today.

Veterans also have to speak the language of business, letting go of the acronyms and lingo unique to the military. (That’s on top of learning to drop the tech and security jargon that businesspeople generally don’t understand.)

They may also have to learn to work within the workflows and methodologies that are common in civilian organizations but not prevalent in the military. And they need to have the business knowledge, technical acumen and actual cybersecurity skills needed to do the work they’ll be hired to do.

Retraining vets to enter the cybersecurity field

Not surprisingly, many veterans have worked in technology or cybersecurity during their military service. Vael worked in IT procurement during his service with the Belgian Royal Air Force in the early 1990s. Carhart worked in technology, too, ending her Air Force service as a section chief with cyber transport. Spivakovsky served with the Israel Defense Forces units responsible for protecting critical state infrastructure

Cybersecurity roles are far from the typical positions within the military, but a number of government and nonprofit organizations as well as corporate programs have sprung up in recent years to help veterans transition into security work.

The nonprofit Coding for Veterans in Canada is one such organization. Founded in 2019, it serves military veterans and family members as well as reservists and current serving members of the Canadian Armed Forces. In partnership with the University of Ottawa’s Professional Development Institute, Coding for Veterans offers an eight-month online course of study in either software development or cybersecurity.

Executive director Jeff Musson says the organization considered what industries would be a good fit for veterans and landed on technology and security. “We draw mostly from artillery and infantry, and there isn’t a civilian occupation related to those, but [veterans] are familiar with and have been around technology and they understand calculations,” he says. Musson says the organization has a 90%-plus placement rate for program graduates, with pay averaging around $85,000 annually.

The UK-based nonprofit TechVets operates similarly. Launched in 2018, it serves as a bridge between military service and civilian employment by providing community, employment support and training.

Luke Spencer, who served in the British army from 2009 to 2019, leaving as a tank commander with the Royal Tank Regiment, decided during his last year of service to pursue a career in cybersecurity, saying another soldier had encouraged him to think about the profession. He found cybersecurity courses offered for free to veterans and then connected with TechVets to sharpen his skills and to network.

Spencer now works as a penetration tester with Cybaverse, a consulting and managed security service provider. He says TechVets and other such services are essential for helping him and other veterans enter the cybersecurity field.

Hiring managers also benefit, as organizations such as TechVets and Coding for Vets, bring needed workers into the profession. “There’s not enough of the right people to fill all the roles for cybersecurity, and everyone is dipping into the same talent pool. But veterans have a core skill set that we see as very valuable,” adds TechVets CEO James Murphy.

Elaine Hum, director of cybersecurity partnerships at Scotiabank in Canada, can attest to that. Like other employers, she says her company has been contending with a shortage of cybersecurity professionals for a while at the same time cyberattacks have become more complex. “We have to build a pipeline of talent with diverse mindsets; we need all kinds of individuals,” she says.

To do that, Hum’s company has partnered with various institutions, including Coding for Vets, to diversify the candidates it recruits. “Veteran candidates really provide a new perspective and new ways to address cyber issues,” she adds. “They have unique skills, and they also help create this diverse talent pipeline we’re seeking.”