Every veteran’s journey into cybersecurity is unique. In the case of Garrett Guinivan, his path involved studying turfgrass, working at golf courses, and learning several languages before getting involved in cybersecurity.
How did you become interested in the military?
My father had a 9:30am meeting scheduled on 9/11 at the Pentagon. He was driving to the meeting when it got cancelled. He lost a few colleagues that day. I was in middle school at the time, full of piss and vinegar (somewhat overweight though—I had to work on that) and wanted to join up the day I graduated from high school. My parents convinced me otherwise and I went to college at Penn State. However, I still had the nagging thought in the back of my mind that I needed to serve.
I graduated from Penn State in 2010 with a degree in Turfgrass Science, worked the Masters in 2011 and worked full time at a golf course until 2012. In 2011, I started looking into Army Reserve Officer Training Corps (ROTC) options and graduate degree programs. I decided to attend Indiana University for a graduate degree in Near Eastern Languages and Cultures. I also joined the Army ROTC program and was awarded a Critical Language Scholarship. After attending Indiana from 2012 to 2014 I was commissioned a Second Lieutenant in the Army in December 2014.
Did your role in the military have any direct relationship to your current or previous roles?
Yes, I am lucky as my Army intelligence officer role and experience directly translates into my civilian job as a cyber threat intelligence (CTI) analyst. I am currently a Cyber Threat Analyst at Proofpoint and previously a CTI analyst with several government and contractor roles.
What experiences did you have while in uniform that started you on the path to where you are now?
Being an intelligence officer in the military prepared me well for a career in the CTI space. Coming from a purely intelligence background, I had, and still have, a lot to learn about cyber and information security. One motivating experience I had happened during my officer training at Fort Huachuca, AZ.
I vividly recall asking one of the trainer/instructors, “how can I get into this new cyber branch?” He responded, “You can’t, you aren’t smart enough and its only for whiz coders and nerds like that.” That lit a fire under me, not only for the primary reason, that I hated this dude’s guts to begin with, but I am hardheaded and when someone tells me I can’t do something I try to prove them wrong.
In a similar fashion, in college, my cross-country club told me “Garrett you’re not exactly the cross-country type.” I’m 6’3’’ and 220 pounds and don’t look like a typical marathoner. Naturally, I stayed on the cross-country team throughout college (mostly coming in dead last–not mostly, almost always) and completed the Philly Marathon in 2011. I also completed the Marine Corps Marathon in 2018 to raise funds for an ROTC classmate’s scholarship fund.
What did you do in the latter part of your service/while you were leaving the military that set you up for success?
“Its okay to be the dumbest person in the room, for a while at least”
Moving to a cyber unit from a more traditional line unit in the military was the best decision I made. It opened a ton of cyber training up for me and made me grow as a person and an officer.
I was surrounded by some incredibly seasoned and smart “cyber warriors.” I truly felt like the dumbest person in the room much of the time, but it forced me to grow. I had valuable language skills and was competent in my core skillsets, but I needed to up my Infosec/IT skills. Luckily, I had a senior officer basically tell me “Take time and get up to speed on cyber stuff, take as much training as you possibly can.” This helped me learn these skills and work to not be the dumbest person in the room anymore (or at least feel that way).
Looking back—did you do anything that set you back
Looking at my past, some would say majoring in Turfgrass Management at Penn State was a mistake in my path to being a cyber threat intelligence analyst.
I can see why, but my time at Penn State made me who I am now. I also benefited from other life experiences that were not related to cyber. Working outdoors on golf courses 12-14 hours straight in the dead of summer taught me what hard work means. Working a long day behind a computer in an air-conditioned office, I think about those long days watering fairways for hours on end gives me perspective.
Also, the managers I worked for instilled the importance of mentorship and guidance. I try to hold up those values in everything I do related to my current CTI job, the language mentorship website I run, and mentoring cadets in the cyber, intel and language fields.
What are a few experiences you’ve had in your current role where you used your military experience to succeed?
It sounds simple, but the ability to brief and talk, project management and people skills are vital.
Public speaking and the ability to give concise presentations and briefings are key skills and I believe many individuals getting into the cyber world do not realize this. Going through officer training forced me to speak in front of crowds, get comfortable briefing on a variety of topics, etc. I must brief nearly every day to a wide range of people (keyboard guys and gals, mid management, government leadership and sometimes even Board or Congressional level-leaders).
Project management skills are also important. The Army makes you get comfortable with or hate, depending on circumstances, group projects. In my current role I must manage projects, papers, and briefings with multiple agencies and groups. I often rely on the leadership and management skills that I learned and developed in the Army.
Leadership and people skills are important. As a cadet at IU and a junior officer in the Army Reserve, I learned one of the coolest things about the Army is that you meet people from all parts of the United States. I have worked with people from all across the country of every background. Not only have I learned how to interact with a wide range of people, I’ve been able to recognize my own bias and appreciate my privilege and circumstances.
What sort of education and experience would a veteran need to be part of your team?
This is a tough question. My recommendation for everyone is think of to CTI as “CTI-as-a-service.” Veterans across the country served their country for years and being a CTI analyst is very similar to the approach to service in the military. As a CTI analyst you serve the IT teams, the SOC teams, managers, board members and everyone in between. You serve these teams so your company group or organization can continue to function, others can keep their jobs, and ultimately you can keep your job too.
I have seen guys and gals with a lot of cyber certs and no college degree, some with a technical degree and some experience, weirdos like me who worked golf courses, learned Farsi and Arabic, and have a master’s degree. I think building on the skills above are crucial. These recommendations helped me get to where I am at in the CTI field (and I still have a long way to go but at least its a start.)
I think finding a mentor via the VETSEC or OperationCode channels is one of the best ways to learn. Having the opportunity to ask questions and get guidance from a variety of currently serving and Veteran military members is second-to-none. I have received unvarnished feedback on certifications, training programs, pathways, great awareness for media reporting, and professional development opportunities in these Slack Channels.
It is important to determine which side of ‘Cyber’ you want to be a part of. In my case, having critical language skills and already being in the intelligence field, cyber threat intelligence is the natural fit and the career path I chose. (I highly recommend this piece by a CTI superstar and SANS instructor Katie Nickels about getting into Threat Intelligence.) For someone in the signals branch, becoming a system engineer, IT admin or something similar, is probably a better option for a direct crossover from the military to a civilian job.
I was not able to do it, but earning and completing an internship using the DoD Skillbridge is a great way for transitioning servicemembers to get a taste of a civilian job and find out if they truly want to be in the job they think they want. This is also an extremely important point for employers across the country. The Skillbridge program is a great opportunity for companies to grow their veteran employment and find great military talent across the country.
Finally, and this is often-overlooked, linguists make great cyber threat intelligence analysts because it is no secret the ‘Big Four’ cyber actors are Russia, China, North Korea, and Iran. If you are a linguist and know Russian, Mandarin, Korean, Farsi you could be a natural fit. I also see other companies wanting languages like Turkish and Arabic along with partners languages (French, German, Spanish, etc). Linguists play an important role in country specific threat intelligence, government CTI positions, and strategic cyber positions which require understanding of the geo-political picture in addition to the “keyboard” operations of cyber actors. If you have the language skills, you can “catch up” on technical knowledge. Truly learning a critical language can take from 2-3 years (best case scenario if it is all you do for those years).