As a former Air Force pilot and serving reservist, I bring a wide range of skills and experiences to BluVector, a cybersecurity company where many of my veteran colleagues are applying their skills, discipline, and experience to the mission of securing government and commercial networks. I’m also keenly aware that despite a cybersecurity workforce gap, moving from military service to the civilian job market is not straightforward. So in June, I started interviewing vets working in cybersecurity to provide some career path clarity. To date, we’ve spoken with 11 members of the military community about moving into civilian cybersecurity roles. Here is some of the most common and actionable advice that I’ve heard:
Cybersecurity experience in uniform is not a requirement
Several vets we spoke with had a military specialty directly related to cybersecurity. Brad Rhodes is a Cyber Warfare Officer in the National Guard, Dan Constantino was a Cyber Network Operator, and Garrett Guinivan served as an intelligence officer in a cyber unit. However, others got exposure to communications or weapons systems and pursued additional training and networking to break into the field. Dan Constantino offered the following advice on the importance of perseverance:
The cybersecurity industry currently suffers from a lack of trained professionals to fill a growing list of open roles; however, many companies overcomplicate the path to breaking into a field so desperate for talent. It’s a confusing reality and likely leads to thousands of highly capable candidates selecting a different career path each year.
Training for Cyber doesn’t have to mean going back to college for another degree
While veterans are thriving in college thanks to the Post-9/11 GI Bill, a four year program is not for everyone.. A common piece of advice was to make sure that education you pursue has practical applications and really interests you.
For anyone seeking entry into the field of cybersecurity, step one is to get a basic (or an advanced if possible) industry certification. Great entry-level certs to pursue are CompTIA’s Security+ certification and/or ISC(2)’s SSCP (Systems Security Certified Practitioner). I would place these higher on the list before getting a degree in cybersecurity, particularly for a veteran who may already have an undergrad degree (in anything) plus the leadership and operational experience gained in the military, regardless of the MOS. – Mark Ferrari, Principal and Co-Founder, Latitude Information Security
It also helps to have an online presence, for example if you want to write software for a company you should host your code on Github or a similar platform. For more specific cyber roles, I would look at certifications such as Certified Information Systems Security Professional (CISSP) or ones offered through CompTIA. Don’t just simply read books or watch courses; make sure you are producing things that you can show to employers and that carry weight. – Conor Burke, Marine Corps vet and Georgia Tech student
Leverage Language Skills, if you have them
Garrett Guinivan and Michael Smith both found themselves in linguist roles in the military. Knowledge of a critical language can greatly augment your technical skills in the area of Threat Intelligence from APTs:
Linguists make great cyber threat intelligence analysts because it is no secret the ‘Big Four’ cyber actors are Russia, China, North Korea, and Iran. If you are a linguist and know Russian, Mandarin, Korean, [or] Farsi you could be a natural fit. I also see other companies wanting languages like Turkish and Arabic along with partners’ languages (French, German, Spanish, etc). – Garrett Guinivan, Cyber Threat Analyst, Proofpoint
Go to conferences – there are people who are eager to mentor you
Go to conferences (e.g. Black Hat, DEFCON, BSides, and local ones). Veterans want to feel they [are] part of something larger than themselves and attending a “con” does that. – Brad Rhodes
I think that volunteering to help out with a conference as a speaker handler or track facilitator will do more for your career than just about anything else you could think up, but you have to work it a bit and introduce yourself to people. – Michael Smith, Army Veteran
Many of the skills you developed in the military are valued in the private sector
Decisiveness and the ability to handle stressful situations are obvious skills veterans bring, but many of the vets we interviewed saw parallels between the military chain of command and corporate politics. OPSEC is also highly relevant to cybersecurity.
When I was a junior officer standing Officer of the Deck on a submarine, I had to process tons of information and make very quick decisions. That experience has been invaluable to me as I can sift through reams of data and quickly make key business decisions rather than be trapped in the “one more fact before we act” mode. – Michael Leidinger
Veterans bring a different mindset to the workplace; if they are there, they are there to work. They are the ones you can count on at 2AM to answer their phone, get out of bed, and start solving problems because that’s what the military ingrained in us. All you need to do is give them the mission and send them on their way–no need to micromanage or check in on them to make sure they are being productive. – Charles Johnston, Advanced Threat Detection Analyst, IBM
Leverage Resources for Veterans
Finally, there are lots of great non-profits and programs that you can utilize to assist you with your transition to the private sector.
- Find internships via DOD Skillbridge
- Talk to an experienced mentor through VetSec or American Corporate Partners
- Utilize corporate veterans initiatives like Hilton’s Operation Opportunity
Thanks to all of the veterans who have shared their knowledge with the Pipeline so far. I look forward to continue sharing stories and advice from members of the military community in cybersecurity in 2021.