Cybersecurity is a career that is increasingly broadening in scope as cybercriminals test the skills and resilience of security professionals by constantly changing and improving their attack tactics. In 2017, for example, there was a doubling of cybersecurity incidents; just when we think it can’t get any worse, it does (1).
This broadening of the scope of the cybersecurity industry is creating a skills gap. A 2017 study by (ISC)2 has identified a 1.8 million shortfall of cybersecurity workers by 2022 (2) This is driving a need to look outside the perhaps more traditional view of what a security professional looks like and the pathway they must take to enter the industry.
Why Does This Shortage of Security Professionals Exist?
The (ISC)2 report tries to answer this question. After all, cybersecurity is a lucrative profession, with an average salary of $100,157 for male security analysts (although their female counterparts do earn less). (3) The report found a number of general reasons for the shortfall:
- Lack of qualified personnel
- Leadership not understanding the need for security workers
- The wrong business conditions
- Difficulty in keeping security workers in an organization
- No clear security pathway
The last item on the list above is particularly interesting when you consider another finding in the report: globally, 87% of security professionals did not start in cybersecurity, but came in via another career. (I myself came into this industry from a previous career as an analytical chemist.)
Further issues in the industry compound the above operational problems in recruiting enough cybersecurity professionals. Historically, there has been a view of the industry as being highly technical; you can only work in this industry if you are a programmer. This is becoming increasingly not the case, as cybersecurity takes on a more ‘human-centric’ emphasis, as demonstrated in a recent focus in that research area by the likes of The Hague Security Delta. (4)
Certainly, pathways into cybersecurity from other careers need to be encouraged both to plug the skills shortfall and to add breadth and depth of thought and approach to the industry itself.
Why Should Military Veterans Consider a Career in Cybersecurity?
Military veterans are a great fit for the cybersecurity industry. But why is this so? A career in the military has many benefits. Apart from the camaraderie, world travel, and various housing and health benefits, it also offers excellent training opportunities. Recruits can specialize in a number of areas, including combat training, nursing, business administration and operations, accountancy, intelligence specialist, and many more. Military veterans will have a wealth of experience of this chosen specialism, but also bring with them a number of other skills, including strategic thinking, team working and thinking, etc. And they know, more than most, how to work under pressure.
In an IBM report which talks about a “new collar” approach to cybersecurity recruitment (5) they encourage recruiters to move away from a fixation on having specific degrees and focus more on skills developed. By doing so, they state, the industry will open up more channels to individuals, from, for example, a military background to enter the profession.
Why Should Employers Consider Hiring Military Veterans for Cybersecurity Positions?
A military background is in many ways, ideal as a transitional pathway into cybersecurity; military personnel are trained to act in a different way to civilians because of the nature of the job. The type of skills built up over a time in the military, offer a perfect crossover with those needed to build a cybersecurity career. For example:
- Being a problem solver: A key part of working within the military is learning how to problem solve. Military veterans will have specific training to make sure they follow a challenge through to the final conclusion.
- Having a high level of responsibility for actions: This is a key requisite of working within a team where an action could result in a life/death situation. In cybersecurity, taking ownership of a task or team helps to complete that task effectively.
- Making fast and accurate decisions: Military personnel are trained to think on their feet.
- Team working: the phrase “band of brothers’ demonstrates the importance of team working in the military. In cybersecurity, the concept of teamwork is becoming increasingly important is evidenced by concepts like “teaming” and collaboration in vulnerability assessment, etc. (7)
- Being adaptable. Have a flexible mind and being adaptable in different environments is part of being in the military. The same is true of the modern cybersecurity professional. The threat landscape never stays the same. Having a flexible attitude means you are a great fit for the challenges the security arena is presenting.
How Can We Encourage Military Veterans to Enter the Field?
Encouragement into the security workplace starts at the recruitment end of the equation according to (ISC)2. The report talks about “adapting recruitment strategies” such as acknowledging the part that people from a non-traditional entry pathway, such as the military, have played in the cybersecurity workforce. This can be achieved by highlighting positive role models and telling the stories of military veterans who have transitioned into the security field.
Another action that can help to bring military personnel into the cybersecurity arena is to actively recruit as people leave the military and within existing military veteran communities.
Resources for Military Veterans
- Techvets: An organization that encourages and helps military veterans into a career in cybersecurity – http://techvets.co/
- US Techvets: Online job portal connecting employers with veterans, includes cybersecurity jobs on offer: https://www.ustechvets.org/
- Accenture: Military Veteran technology training program: https://www.accenture.com/us-en/Careers/accenture-veteran-technology-training-program
- Cisco: Veterans program: https://www.cisco.com/c/en/us/about/csr/stories/veterans-program.html
- VetsinTech Meetups: https://www.meetup.com/VetsInTech/
- VetsinTech conference: Cybersecurity focus included – https://vetsintech.co/invasion2018/
Cybersecurity Scholarship Opportunities From InfoSec Institute
InfoSec Institute just launched a new cybersecurity scholarship program to help close the growing cybersecurity skills gap and encourage new talent to join the industry. It awards over $50,000 in training courses to four recipients each year. Valued at $12,600 each, the scholarships guide aspiring security professionals through a progressive career path.
Scholarships target underrepresented groups in cybersecurity (including women and minorities), and include certification exam vouchers to give recipients the skills, credentials and experience needed to secure a professional-level cybersecurity position. Selection criteria varies by scholarship, but exclusively focuses on those seeking a career in cybersecurity. Available scholarships include:
- Women in Cybersecurity Scholarship
- Diversity in Cybersecurity Scholarship
- Military Cybersecurity Scholarship
- Undergraduate Cybersecurity Scholarship
- Online Trust Alliance: https://otalliance.org/news-events/press-releases/online-trust-alliance-reports-doubling-cyber-incidents-2017-0
- (ISC)2 , 2017 Global Information Security Workforce Report: https://iamcybersafe.org/wp-content/uploads/2017/06/Europe-GISWS-Report.pdf
- Infosec Institute, Closing the Gender Gap: Women in Cybersecurity: https://resources.infosecinstitute.com/closing-the-gender-gap-women-in-cybersecurity/
- The Hague Security Delta: https://www.thehaguesecuritydelta.com/
- IBM, It’s not where you start–it’s how you finish: https://www-935.ibm.com/services/us/gbs/thoughtleadership/newcollarjobs/
- Infosec Institute, Purple Teaming: A Security-Testing Collaborative: https://resources.infosecinstitute.com/purple-teaming-a-collaborative-security-testing/