Michael Smith is an Army veteran who served as a Russian Linguist on active duty and infantryman in the National Guard. He’s a senior information security manager and technologist with over 25 years of experience in the IT security and intelligence fields. He has served in a variety of roles including management, engineering, software development, auditing, incident response, and threat intelligence.
How did you become interested in the military?
I grew up on the Idaho-Montana border in a tiny town that isn’t officially a town anymore; it got too small and they took away the post office when my grandmother retired. The whole county is only 7000 people. There wasn’t much there for young people unless you want to be a logger. I figured that walking through the woods with a rifle was pretty much what I had been doing since I was 12. Two months before I turned 18, I reported to basic training.
Did your role in the military have any direct relationship to your current or previous roles?
Nothing that translated directly. In fact, many people in security look at my past and say “Wow, your background is so cool, but we have no idea what to do with you.” I was job-hunting earlier this year and heard this several times.
At the recruiting station, they were amazed at how well I did on the Armed Services Vocational Aptitude Battery (ASVAB). I took another test called the Defense Language Aptitude Battery (DLAB), a test to see if you can learn languages. They still agreed that I was smart and modified my contract to send me to the Defense Language Institute (DLI) in Monterey, California to study Russian. I worked as a translator in the intelligence branch for almost eight years.
After leaving active duty, I spent another eight years in the National Guard. They didn’t have any intelligence roles around where I was living, so I converted to infantry and went to Afghanistan in 2004/2005 as a squad leader.
What experiences did you have while in uniform that started you on the path to where you are now?
It was all tangentially related. Some things like working with communications security, exposure to some Solaris workstations, and some of the crazy radio stuff that I was doing.
The thing that really helped me was that I taught myself Linux while I was in Germany in 1996 when it was all new. I was inspired by the Solaris gear that I used at work and some friends in the barracks that were experimenting with Linux. When I landed in Oregon, I volunteered most Thursday nights at the local Linux Users Group and helped people build and troubleshoot all sorts of software and hardware problems. I eventually turned that into a LAMP programming job for an e-commerce startup.
However, in 2002 after the Dotcom crash and our ecommerce company imploded, I was unemployed for nine months in Oregon and realized that with my skills (Linux, web programming, some networking), I should go to California or somewhere around Washington, DC. I posted my resume on a job board along with some of my military experience and was hired for a Federal Information Security Management Act (FISMA) analyst position in DC at a very low pay rate on a bad project. With my previous IT admin experience and after working on that project for a couple of years, I got Certified Information Systems Security Professional (CISSP) certified.
What did you do in the latter part of your service/while you were leaving the military that set you up for success?
There was a huge gap in transitioning jobs when I got off active duty. It was 1998 and you didn’t find jobs through Internet job boards like you can now. Even then, there wasn’t much of a path for transitioning from the intelligence field to anything in the civilian world. I transitioned from Germany to Oregon and had a rough go of it for 3 years following. I worked at a glue factory for a couple of weeks. I worked at a job testing and fixing electronic equipment for a year. I went to school on the GI Bill for a year. Nothing there is anything close to success, but at least I learned in the army how to keep going despite adversity.
Looking back—did you do anything that set you back?
I went to college in Oregon for a year and it really drove me crazy. I had over two years of credits thanks to DLI and some other night classes that I took on active duty, but they were almost all upper-level. I ended up taking freshman-level classes to fit my experience into the university program. I was 27, an eight-year veteran, spoke several languages, and had lived in Germany for three and a half years. I really didn’t have anything in common with the other students and I wasn’t learning anything, so I eventually just lost interest. I wanted to study computer science but the program was very structured with prescriptive math and programming classes–I would have had to basically start over in order to get a computer science degree.
What I should have been advised to do was what I eventually ended up doing. While I was on active duty, I took a handful of classes on base. When I was activated with the National Guard I took a handful of College-Level Examination Program (CLEP) and DANTES Subject Standardized Test (DSST) tests for credit because they were free. After separation, I took even more DSST and CLEP tests and was reimbursed for them via the GI Bill. I eventually took my credits and consolidated them at Excelsior College into a degree, ending up with a BS in Liberal Studies with a concentration in Russian. The funny catalyst to finishing my degree was when I was in DC and my manager came to me and told me that I should get a degree, any degree, even if it was in basket-weaving, to increase my billable rate on the government project that I was staffed on.
What are 3 challenges/experiences you’ve faced/had in your current role where you leaned on/used your military experience to help overcome?
There are a lot of soft skills that come in handy. I’ve spent the past five years on 75% travel. I had to handle all of my logistics and deal with sleep deprivation, foreign cultures, jet lag, languages, etc. My former boss once told me that I do the jobs that nobody wants to do and I seem not only able to do them but I actually seem happy to do it. That has to account for something.
I always contend that I’m not that smart and not that educated, but I do catch on to new concepts quickly and I have the skills of a translator. I can talk tech and I can talk business and if I need to, I can rephrase things several ways to be understood. It’s hard to find people that can pivot inside of a conversation.
What sort of education and experience would a veteran need to either land your role or be part of your team?
This is a very strange career field. We require hard skills but not a degree, although human resources and recruiters don’t really understand that. I taught myself Linux, Apache, PHP, Python, MySQL, networking, vulnerability scanning, Internet infrastructure, etc, but I have no formal training in any of this. So early on, I focused on certifications in order to qualify for job descriptions.
I think–in this field more than others–it’s all about job networking. That’s where transitioning military face a major challenge. In my case, I changed jobs and continents and was just dropped into the labor pool. Communities like VetSec help in these cases, with active duty people, veterans established out in the work force, and people in between those two. We had a mini conference back in March where I gave a presentation on how to create a LinkedIn profile. I turned that into a written guide for the community. As an official old guy, I’m more than happy to let veterans in VetSec use me for contacts and networking.
I also think that volunteering to help out with a conference as a speaker handler or track facilitator will do more for your career than just about anything else you could think up, but you have to work it a bit and introduce yourself to people.
I spent a good 10 years as a sort of journeyman in the “InfoSec Salt Mines”. I worked for cheap on projects to get experience and exposure to new ideas. I lived in apartments that should have been condemned and had my car fall apart several times. I would go home at night and study up to get the next set of skills. After 10 years, all that effort starts to come back to you. I still study in off-hours, although I’m far from living in a slum. I think there has to be a way to shorten that time because 10 years is just too much. Good training sessions help here, even if you skip the certification aspects.
Cyber.Media has also created a series highlighting members of the military community who are working in cybersecurity. To read more about moving from the military community to the civilian job market, visit:
The Pipeline: Anonymous Veteran (Air Force Intel/IT vet and Information Security Operator)
Veteran Security (VetSec) – An organization and online community for training, networking, and advice
The Pipeline: Dan Costantino (CISO/CIO and United States Marine Corps Veteran)
The Pipeline: Mark Ferrari (Entrepreneur, CISO, and United States Air Force Veteran)